diff --git a/COPYRIGHT b/COPYRIGHT new file mode 100644 index 0000000000000000000000000000000000000000..75b65cf1385e0cf9bb91afed0fc6703ab89c0270 --- /dev/null +++ b/COPYRIGHT @@ -0,0 +1,64 @@ +Copyright (C) 1997 Eric Young (eay@cryptsoft.com) +All rights reserved. + +This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). +The implementation was written so as to conform with Netscapes SSL. + +This library is free for commercial and non-commercial use as long as +the following conditions are aheared to. The following conditions +apply to all code found in this distribution, be it the RC4, RSA, +lhash, DES, etc., code; not just the SSL code. The SSL documentation +included with this distribution is covered by the same copyright terms +except that the holder is Tim Hudson (tjh@cryptsoft.com). + +Please note that MD2, MD5 and IDEA are publically available standards +that contain sample implementations, I have re-coded them in my own +way but there is nothing special about those implementations. The DES +library is another mater :-). + +Copyright remains Eric Young's, and as such any Copyright notices in +the code are not to be removed. +If this package is used in a product, Eric Young should be given attribution +as the author of the parts of the library used. +This can be in the form of a textual message at program startup or +in documentation (online or textual) provided with the package. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). +4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +The licence and distribution terms for any publically available version or +derivative of this code cannot be changed. i.e. this code cannot simply be +copied and put under another distribution licence +[including the GNU Public Licence.] + +The reason behind this being stated in this direct manner is past +experience in code simply being copied and the attribution removed +from it and then being distributed as part of other packages. This +implementation was a non-trivial and unpaid effort. diff --git a/Configure b/Configure new file mode 100755 index 0000000000000000000000000000000000000000..ab20385473983970e6e9c44e170ca9c20c93b23b --- /dev/null +++ b/Configure @@ -0,0 +1,505 @@ +#!/usr/local/bin/perl +# +# see PROBLEMS for instructions on what sort of things to do when +# tracking a bug --tjh +# +# extra options +# -DRSAref build to use RSAref +# -DNO_IDEA build with no IDEA algorithm +# -DNO_RC4 build with no RC4 algorithm +# -DNO_RC2 build with no RC2 algorithm +# -DNO_BF build with no Blowfish algorithm +# -DNO_DES build with no DES/3DES algorithm +# -DNO_MD2 build with no MD2 algorithm +# +# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h +# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register +# dependancies but needs to more registers, good for RISC CPU's +# DES_RISC2 A different RISC variant. +# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders. +# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h +# This is used on the DEC Alpha where long is 8 bytes +# and int is 4 +# BN_LLONG use the type 'long long' in crypto/bn/bn.h +# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md/md2.h +# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md/md2.h +# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_enc.c. This turns on +# array lookups instead of pointer use. +# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). +# BF_PTR2 use a pentium/intel specific version. + +$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; + +# MD2_CHAR slags pentium pros +$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2"; + +# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT +# Don't worry about these normally + +$tcc="cc"; +$tflags="-fast -Xa"; +$tbn_mul=""; +$tlib="-lnsl -lsocket"; +#$bits1="SIXTEEN_BIT "; +#$bits2="THIRTY_TWO_BIT "; +$bits1="THIRTY_TWO_BIT "; +$bits2="SIXTY_FOUR_BIT "; + +# -DB_ENDIAN slows things down on a sparc + +#config-string CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \ +# des_asm:bf_asm +%table=( +#"b", "$tcc:$tflags:$tlib:$bits1:$tbn_mul::", +#"bl-4c-2c", "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::", +#"bl-4c-ri", "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::", +#"b2-is-ri-dp", "$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::", + +# A few of my development configs +"purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::", +"debug", "gcc:-DREF_CHECK -DCRYPTO_MDEBUG -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::", +"dist", "cc:-O -DNOPROTO::::", + +# Basic configs that should work on any box +"gcc", "gcc:-O3::BN_LLONG:::", +"cc", "cc:-O -DNOPROTO -DNOCONST:::::", + +# My solaris setups +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:\ + -lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-sol.o:asm/dx86-sol.o asm/cx86-sol.o:asm/bx86-sol.o", +"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall:\ + -lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::", +# DO NOT use /xO[34] on sparc with SC3.0. +# It is broken, and will not pass the tests +"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\ + -lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::", +# SC4.0 is ok, better than gcc, except for the bignum stuff. +# -fast slows things like DES down quite a lot +"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\ + BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::", +"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\ + -lsocket -lnsl:\ + BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::", + +# Sunos configs, assuming sparc for the gcc one. +"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::", +"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::", + +# SGI configurations. If the box is rather old (r3000 cpu), you will +# probably have to remove the '-mips2' flag. I've only been using +# IRIX 5.[23]. +#"irix-gcc","gcc:-O2 -mips2::BN_LLONG RC4_INDEX RC4_CHAR:::", +"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::", +"irix-cc", "cc:-O2 -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/r3000.o::", +"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::", + +# HPUX config. I've been building on HPUX 9, so the options may be +# different on version 10. The pa-risc2.o assember file is 2 times +# faster than the old asm/pa-risc.o version but it may not run on old +# PA-RISC CPUs. If you have problems, swap back to the old one. +# Both were generated by gcc, so use the C version with the PA-RISC specific +# options turned on if you are using gcc. +"hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::", +"hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::", +"hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +# Dec Alpha, OSF/1 - the alpha400-cc is the flags for a 21164A with +# the new compiler +"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::", +"alpha-cc", "cc:-O2::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::", +"alpha400-cc", "cc:-arch host -tune host -fast -std -O4 -inline speed::SIXTY_FOUR_BIT_LONG:asm/alpha.o::", + +# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the +# x86-lnx.o file file since it is hand tweaked assembler. +"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o", +"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o", +"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", +"NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o", +"FreeBSD", "gcc:-DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o", +#"bsdi-gcc", "shlicc2:-O3 -ffast-math-m486::RSA_LLONG $x86_gcc_des $x86_gcc_opts:::", +#"bsdi-gcc", "gcc:-O3 -ffast-math -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:asm/x86-bsdi.o:asm/dx86bsdi.o asm/cx86bsdi.o:asm/bx86bsdi.o", +"bsdi-gcc", "gcc:-O3 -ffast-math -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:::", +"nextstep", "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::", + +# UnixWare 2.0 +"unixware-2.0","cc:-O:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::", +"unixware-2.0-pentium","cc:-O -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::", + +# IBM's AIX. +"aix-cc", "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::", + +# DGUX, 88100. +"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::", +"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::", +"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o", + +# SCO 5 +"sco5-cc", "cc:-O:-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options? + +# Sinix RM400 +"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::", + +# Windows NT, Microsoft Visual C++ 4.0 + +# hmm... bug in perl under NT, I need to concatinate :-( +"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::", +"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::", +"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", +"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", +"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", +"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", + +# Borland C++ 4.5 +"BC-32","bcc32:::DES_PTR RC4_INDEX:::", +"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", +); + +$postfix="org"; +$Makefile="Makefile.ssl"; +$des_locl="crypto/des/des_locl.h"; +$des ="crypto/des/des.h"; +$bn ="crypto/bn/bn.h"; +$md2 ="crypto/md/md2.h"; +$rc4 ="crypto/rc4/rc4.h"; +$rc4_enc="crypto/rc4/rc4_enc.c"; +$idea ="crypto/idea/idea.h"; +$rc2 ="crypto/rc2/rc2.h"; +$bf ="crypto/bf/bf_locl.h"; +$bn_mulw="bn_mulw.o"; +$des_enc="des_enc.o fcrypt_b.o"; +$bf_enc ="bf_enc.o"; + +if ($#ARGV < 0) + { + &bad_target; + exit(1); + } + +$flags=""; +foreach (@ARGV) + { + if ($_ =~ /^-/) + { + if ($_ =~ /^-[lL](.*)$/) + { + $libs.=$_." "; + } + elsif ($_ =~ /^-D(.*)$/) + { + $flags.=$_." "; + } + else + { + die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n"; + } + } + else + { + die "target already defined - $target\n" if ($target ne ""); + $target=$_; + if (!defined($table{$target})) + { + &bad_target; + exit(1); + } + } + } + +if (!defined($table{$target})) + { + &bad_target; + exit(1); + } + +($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj)= + split(/\s*:\s*/,$table{$target}); +$cflags="$flags$cflags" if ($flags ne ""); +$lflags="$libs$lflags"if ($libs ne ""); + +$bn_obj=$bn_mulw unless ($bn_obj =~ /\.o$/); +$des_obj=$des_enc unless ($des_obj =~ /\.o$/); +$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); + +$n=&file_new($Makefile); +open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n"; +open(OUT,">".$n) || die "unable to read $n:$!\n"; +while () + { + chop; + s/^CC=.*$/CC= $cc/; + s/^CFLAG=.*$/CFLAG= $cflags/; + s/^EX_LIBS=.*$/EX_LIBS= $lflags/; + s/^BN_MULW=.*$/BN_MULW= $bn_obj/; + s/^DES_ENC=.*$/DES_ENC= $des_obj/; + s/^BF_ENC=.*$/BF_ENC= $bf_obj/; + print OUT $_."\n"; + } +close(IN); +close(OUT); +&Rename($Makefile,&file_old($Makefile)); +&Rename($n,$Makefile); +print "CC =$cc\n"; +print "CFLAG =$cflags\n"; +print "EX_LIBS=$lflags\n"; +print "BN_MULW=$bn_obj\n"; +print "DES_ENC=$des_obj\n"; +print "BF_ENC =$bf_obj\n"; + +$des_ptr=0; +$des_risc1=0; +$des_risc2=0; +$des_unroll=0; +$bn_ll=0; +$def_int=2; +$rc4_int=$def_int; +$md2_int=$def_int; +$idea_int=$def_int; +$rc2_int=$def_int; +$rc4_idx=0; +$bf_ptr=0; +@type=("char","short","int","long"); +($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); + +foreach (sort split(/\s+/,$bn_ops)) + { + $des_ptr=1 if /DES_PTR/; + $des_risc1=1 if /DES_RISC1/; + $des_risc2=1 if /DES_RISC2/; + $des_unroll=1 if /DES_UNROLL/; + $des_int=1 if /DES_INT/; + $bn_ll=1 if /BN_LLONG/; + $rc4_int=0 if /RC4_CHAR/; + $rc4_int=3 if /RC4_LONG/; + $rc4_idx=1 if /RC4_INDEX/; + $md2_int=0 if /MD2_CHAR/; + $md2_int=3 if /MD2_LONG/; + $idea_int=1 if /IDEA_SHORT/; + $idea_int=3 if /IDEA_LONG/; + $rc2_int=1 if /RC2_SHORT/; + $rc2_int=3 if /RC2_LONG/; + $bf_ptr=1 if $_ eq "BF_PTR"; + $bf_ptr=2 if $_ eq "BF_PTR2"; + ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/; + ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; + } + +(($in=$bn) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($bn); +open(IN,"<".$in) || die "unable to read $bn:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) + { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) + { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/) + { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/) + { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+EIGHT_BIT/) + { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) + { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($bn,&file_old($bn)); +&Rename($n,$bn); + +(($in=$des) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($des); +open(IN,"<".$in) || die "unable to read $des:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^\#define\s+DES_LONG\s+.*/) + { printf OUT "#define DES_LONG unsigned %s\n", + ($des_int)?'int':'long'; } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($des,&file_old($des)); +&Rename($n,$des); + +(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($des_locl); +open(IN,"<".$in) || die "unable to read $des_locl:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^\#(define|undef)\s+DES_PTR/) + { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC1/) + { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC2/) + { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_UNROLL/) + { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($des_locl,&file_old($des_locl)); +&Rename($n,$des_locl); + +(($in=$rc4) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($rc4); +open(IN,"<".$in) || die "unable to read $rc4:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#define\s+RC4_INT\s/) + { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($rc4,&file_old($rc4)); +&Rename($n,$rc4); + +(($in=$rc4_enc) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($rc4_enc); +open(IN,"<".$in) || die "unable to read $rc4_enc:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#((define)|(undef))\s+RC4_INDEX/) + { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($rc4_enc,&file_old($rc4_enc)); +&Rename($n,$rc4_enc); + +(($in=$md2) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($md2); +open(IN,"<".$in) || die "unable to read $bn:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#define\s+MD2_INT\s/) + { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($md2,&file_old($md2)); +&Rename($n,$md2); + +(($in=$idea) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($idea); +open(IN,"<".$in) || die "unable to read $idea:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#define\s+IDEA_INT\s/) + {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($idea,&file_old($idea)); +&Rename($n,$idea); + +(($in=$rc2) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($rc2); +open(IN,"<".$in) || die "unable to read $rc2:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#define\s+RC2_INT\s/) + {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($rc2,&file_old($rc2)); +&Rename($n,$rc2); + +(($in=$bf) =~ s/\.([^.]+)/.$postfix/); +$n=&file_new($bf); +open(IN,"<".$in) || die "unable to read $bf:$!\n"; +open(OUT,">$n") || die "unable to read $n:$!\n"; +while () + { + if (/^#(define|undef)\s+BF_PTR/) + { + printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; + printf OUT "#define BF_PTR\n" if $bf_ptr == 1; + printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; + } + else + { print OUT $_; } + } +close(IN); +close(OUT); +&Rename($bf,&file_old($bf)); +&Rename($n,$bf); + +print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; +print "SIXTY_FOUR_BIT mode\n" if $b64; +print "THIRTY_TWO_BIT mode\n" if $b32; +print "SIXTEEN_BIT mode\n" if $b16; +print "EIGHT_BIT mode\n" if $b8; +print "DES_PTR used\n" if $des_ptr; +print "DES_RISC1 used\n" if $des_risc1; +print "DES_RISC2 used\n" if $des_risc2; +print "DES_UNROLL used\n" if $des_unroll; +print "DES_INT used\n" if $des_int; +print "BN_LLONG mode\n" if $bn_ll; +print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int; +print "RC4_INDEX mode\n" if $rc4_idx; +print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; +print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; +print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; +print "BF_PTR used\n" if $bf_ptr == 1; +print "BF_PTR2 used\n" if $bf_ptr == 2; +exit(0); + +sub bad_target + { + print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n"; + print STDERR "pick os/compiler from:"; + $j=0; + foreach $i (sort keys %table) + { + next if /^b-/; + print STDERR "\n" if ($j++ % 4) == 0; + printf(STDERR "%-18s ",$i); + } + print STDERR "\n"; + } + +sub Rename + { + local($from,$to)=@_; + + unlink($to); + rename($from,$to) || die "unable to rename $from to $to:$!\n"; + } + +sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; } +sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; } diff --git a/HISTORY b/HISTORY new file mode 100644 index 0000000000000000000000000000000000000000..7844faa55d901386cae589b3d7250ae701e37805 --- /dev/null +++ b/HISTORY @@ -0,0 +1,126 @@ +SSLeay 0.8.1 released. + +19-Jul-97 + - Server side initated dynamic renegotiation is broken. I will fix + it when I get back from holidays. + +15-Jul-97 + - Quite a few small changes. + - INVALID_SOCKET usage cleanups from Alex Kiernan + +09-Jul-97 + - Added 2 new values to the SSL info callback. + SSL_CB_START which is passed when the SSL protocol is started + and SSL_CB_DONE when it has finished sucsessfully. + +08-Jul-97 + - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c + that related to DSA public/private keys. + - Added all the relevent PEM and normal IO functions to support + reading and writing RSAPublic keys. + - Changed makefiles to use ${AR} instead of 'ar r' + +07-Jul-97 + - Error in ERR_remove_state() that would leave a dangling reference + to a free()ed location - thanks to Alex Kiernan + - s_client now prints the X509_NAMEs passed from the server + when requesting a client cert. + - Added a ssl->type, which is one of SSL_ST_CONNECT or + SSL_ST_ACCEPT. I had to add it so I could tell if I was + a connect or an accept after the handshake had finished. + - SSL_get_client_CA_list(SSL *s) now returns the CA names + passed by the server if called by a client side SSL. + +05-Jul-97 + - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index + 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). + +04-Jul-97 + - Fixed some things in X509_NAME_add_entry(), thanks to + Matthew Donald . + - I had a look at the cipher section and though that it was a + bit confused, so I've changed it. + - I was not setting up the RC4-64-MD5 cipher correctly. It is + a MS special that appears in exported MS Money. + - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 + spec. I was missing the two byte length header for the + ClientDiffieHellmanPublic value. This is a packet sent from + the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG + option will enable SSLeay server side SSLv3 accept either + the correct or my 080 packet format. + - Fixed a few typos in crypto/pem.org. + +02-Jul-97 + - Alias mapping for EVP_get_(digest|cipher)byname is now + performed before a lookup for actual cipher. This means + that an alias can be used to 're-direct' a cipher or a + digest. + - ASN1_read_bio() had a bug that only showed up when using a + memory BIO. When EOF is reached in the memory BIO, it is + reported as a -1 with BIO_should_retry() set to true. + +01-Jul-97 + - Fixed an error in X509_verify_cert() caused by my + miss-understanding how 'do { contine } while(0);' works. + Thanks to Emil Sit for educating me :-) + +30-Jun-97 + - Base64 decoding error. If the last data line did not end with + a '=', sometimes extra data would be returned. + - Another 'cut and paste' bug in x509.c related to setting up the + STDout BIO. + +27-Jun-97 + - apps/ciphers.c was not printing due to an editing error. + - Alex Kiernan send in a nice fix for + a library build error in util/mk1mf.pl + +26-Jun-97 + - Still did not have the auto 'experimental' code removal + script correct. + - A few header tweaks for Watcom 11.0 under Win32 from + Rolf Lindemann + - 0 length OCTET_STRING bug in asn1_parse + - A minor fix with an non-existent function in the MS .def files. + - A few changes to the PKCS7 stuff. + +25-Jun-97 + SSLeay 0.8.0 finally it gets released. + +24-Jun-97 + Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to + use a temporary RSA key. This is experimental and needs some more work. + Fixed a few Win16 build problems. + +23-Jun-97 + SSLv3 bug. I was not doing the 'lookup' of the CERT structure + correctly. I was taking the SSL->ctx->default_cert when I should + have been using SSL->cert. The bug was in ssl/s3_srvr.c + +20-Jun-97 + X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the + rest of the library. Even though I had the code required to do + it correctly, apps/req.c was doing the wrong thing. I have fixed + and tested everything. + + Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. + +19-Jun-97 + Fixed a bug in the SSLv2 server side first packet handling. When + using the non-blocking test BIO, the ssl->s2->first_packet flag + was being reset when a would-block failure occurred when reading + the first 5 bytes of the first packet. This caused the checking + logic to run at the wrong time and cause an error. + + Fixed a problem with specifying cipher. If RC4-MD5 were used, + only the SSLv3 version would be picked up. Now this will pick + up both SSLv2 and SSLv3 versions. This required changing the + SSL_CIPHER->mask values so that they only mask the ciphers, + digests, authentication, export type and key-exchange algorithms. + + I found that when a SSLv23 session is established, a reused + session, of type SSLv3 was attempting to write the SSLv2 + ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char + method has been modified so it will only write out cipher which + that method knows about. + diff --git a/HISTORY.066 b/HISTORY.066 new file mode 100644 index 0000000000000000000000000000000000000000..f85224977a254905275afffc867aaea64a9afa8e --- /dev/null +++ b/HISTORY.066 @@ -0,0 +1,443 @@ +SSLeay 0.6.5 + +After quite some time (3 months), the new release. I have been very busy +for the last few months and so this is mostly bug fixes and improvments. + +The main additions are + +- assember for x86 DES. For all those gcc based systems, this is a big + improvement. From 117,000 DES operation a second on a pentium 100, + I now get 191,000. I have also reworked the C version so it + now gives 148,000 DESs per second. +- As mentioned above, the inner DES macros now have some more variant that + sometimes help, sometimes hinder performance. There are now 3 options + DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) + and DES_RISC (a more register intensive version of the inner macro). + The crypto/des/des_opts.c program, when compiled and run, will give + an indication of the correct options to use. +- The BIO stuff has been improved. Read doc/bio.doc. There are now + modules for encryption and base64 encoding and a BIO_printf() function. +- The CA program will accept simple one line X509v3 extensions in the + ssleay.cnf file. Have a look at the example. Currently this just + puts the text into the certificate as an OCTET_STRING so currently + the more advanced X509v3 data types are not handled but this is enough + for the netscape extensions. +- There is the start of a nicer higher level interface to the X509 + strucutre. +- Quite a lot of bug fixes. +- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used + to define the malloc(), free() and realloc() routines to use + (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when + using DLLs and mixing CRT libraries. + +In general, read the 'VERSION' file for changes and be aware that some of +the new stuff may not have been tested quite enough yet, so don't just plonk +in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. + +SSLeay 0.6.4 30/08/96 eay + +I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, +Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). + +The main changes in this release + +- Thread safe. have a read of doc/threads.doc and play in the mt directory. + For anyone using 0.6.3 with threads, I found 2 major errors so consider + moving to 0.6.4. I have a test program that builds under NT and + solaris. +- The get session-id callback has changed. Have a read of doc/callback.doc. +- The X509_cert_verify callback (the SSL_verify callback) now + has another argument. Have a read of doc/callback.doc +- 'ca -preserve', sign without re-ordering the DN. Not tested much. +- VMS support. +- Compile time memory leak detection can now be built into SSLeay. + Read doc/memory.doc +- CONF routines now understand '\', '\n', '\r' etc. What this means is that + the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. +- 'ssleay ciphers' added, lists the default cipher list for SSLeay. +- RC2 key setup is now compatable with Netscape. +- Modifed server side of SSL implementation, big performance difference when + using session-id reuse. + +0.6.3 + +Bug fixes and the addition of some nice stuff to the 'ca' program. +Have a read of doc/ns-ca.doc for how hit has been modified so +it can be driven from a CGI script. The CGI script is not provided, +but that is just being left as an excersize for the reader :-). + +0.6.2 + +This is most bug fixes and functionality improvements. + +Additions are +- More thread debugging patches, the thread stuff is still being + tested, but for those keep to play with stuff, have a look in + crypto/cryptlib.c. The application needs to define 1 (or optionaly + a second) callback that is used to implement locking. Compiling + with LOCK_DEBUG spits out lots of locking crud :-). + This is what I'm currently working on. +- SSL_CTX_set_default_passwd_cb() can be used to define the callback + function used in the SSL*_file() functions used to load keys. I was + always of the opinion that people should call + PEM_read_RSAPrivateKey() and pass the callback they want to use, but + it appears they just want to use the SSL_*_file() function() :-(. +- 'enc' now has a -kfile so a key can be read from a file. This is + mostly used so that the passwd does not appear when using 'ps', + which appears imposible to stop under solaris. +- X509v3 certificates now work correctly. I even have more examples + in my tests :-). There is now a X509_EXTENSION type that is used in + X509v3 certificates and CRLv2. +- Fixed that signature type error :-( +- Fixed quite a few potential memory leaks and problems when reusing + X509, CRL and REQ structures. +- EVP_set_pw_prompt() now sets the library wide default password + prompt. +- The 'pkcs7' command will now, given the -print_certs flag, output in + pem format, all certificates and CRL contained within. This is more + of a pre-emtive thing for the new verisign distribution method. I + should also note, that this also gives and example in code, of how + to do this :-), or for that matter, what is involved in going the + other way (list of certs and crl -> pkcs7). +- Added RSA's DESX to the DES library. It is also available via the + EVP_desx_cbc() method and via 'enc desx'. + +SSLeay 0.6.1 + +The main functional changes since 0.6.0 are as follows +- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is + that from now on, I'll keep the .def numbers the same so they will be. +- RSA private key operations are about 2 times faster that 0.6.0 +- The SSL_CTX now has more fields so default values can be put against + it. When an SSL structure is created, these default values are used + but can be overwritten. There are defaults for cipher, certificate, + private key, verify mode and callback. This means SSL session + creation can now be + ssl=SSL_new() + SSL_set_fd(ssl,sock); + SSL_accept(ssl) + .... + All the other uglyness with having to keep a global copy of the + private key and certificate/verify mode in the server is now gone. +- ssl/ssltest.c - one process talking SSL to its self for testing. +- Storage of Session-id's can be controled via a session_cache_mode + flag. There is also now an automatic default flushing of + old session-id's. +- The X509_cert_verify() function now has another parameter, this + should not effect most people but it now means that the reason for + the failure to verify is now available via SSL_get_verify_result(ssl). + You don't have to use a global variable. +- SSL_get_app_data() and SSL_set_app_data() can be used to keep some + application data against the SSL structure. It is upto the application + to free the data. I don't use it, but it is available. +- SSL_CTX_set_cert_verify_callback() can be used to specify a + verify callback function that completly replaces my certificate + verification code. Xcert should be able to use this :-). + The callback is of the form int app_verify_callback(arg,ssl,cert). + This needs to be documented more. +- I have started playing with shared library builds, have a look in + the shlib directory. It is very simple. If you need a numbered + list of functions, have a look at misc/crypto.num and misc/ssl.num. +- There is some stuff to do locking to make the library thread safe. + I have only started this stuff and have not finished. If anyone is + keen to do so, please send me the patches when finished. + +So I have finally made most of the additions to the SSL interface that +I thought were needed. + +There will probably be a pause before I make any non-bug/documentation +related changes to SSLeay since I'm feeling like a bit of a break. + +eric - 12 Jul 1996 +I saw recently a comment by some-one that we now seem to be entering +the age of perpetual Beta software. +Pioneered by packages like linux but refined to an art form by +netscape. + +I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). + +There are quite a large number of sections that are 'works in +progress' in this package. I will also list the major changes and +what files you should read. + +BIO - this is the new IO structure being used everywhere in SSLeay. I +started out developing this because of microsoft, I wanted a mechanism +to callback to the application for all IO, so Windows 3.1 DLL +perversion could be hidden from me and the 15 different ways to write +to a file under NT would also not be dictated by me at library build +time. What the 'package' is is an API for a data structure containing +functions. IO interfaces can be written to conform to the +specification. This in not intended to hide the underlying data type +from the application, but to hide it from SSLeay :-). +I have only really finished testing the FILE * and socket/fd modules. +There are also 'filter' BIO's. Currently I have only implemented +message digests, and it is in use in the dgst application. This +functionality will allow base64/encrypto/buffering modules to be +'push' into a BIO without it affecting the semantics. I'm also +working on an SSL BIO which will hide the SSL_accept()/SLL_connet() +from an event loop which uses the interface. +It is also possible to 'attach' callbacks to a BIO so they get called +before and after each operation, alowing extensive debug output +to be generated (try running dgst with -d). + +Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few +functions that used to take FILE *, now take BIO *. +The wrappers are easy to write + +function_fp(fp,x) +FILE *fp; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) error..... + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=function_bio(b,x); + BIO_free(b); + return(ret); + } +Remember, there are no functions that take FILE * in SSLeay when +compiled for Windows 3.1 DLL's. + +-- +I have added a general EVP_PKEY type that can hold a public/private +key. This is now what is used by the EVP_ functions and is passed +around internally. I still have not done the PKCS#8 stuff, but +X509_PKEY is defined and waiting :-) + +-- +For a full function name listings, have a look at ms/crypt32.def and +ms/ssl32.def. These are auto-generated but are complete. +Things like ASN1_INTEGER_get() have been added and are in here if you +look. I have renamed a few things, again, have a look through the +function list and you will probably find what you are after. I intend +to at least put a one line descrition for each one..... + +-- +Microsoft - thats what this release is about, read the MICROSOFT file. + +-- +Multi-threading support. I have started hunting through the code and +flaging where things need to be done. In a state of work but high on +the list. + +-- +For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) +be be you random data device, otherwise 'RFILE' in e_os.h +will be used, in your home directory. It will be updated +periodically. The environment variable RANDFILE will override this +choice and read/write to that file instead. DEVRANDOM is used in +conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random +number generator, pick on one of these files. + +-- + +The list of things to read and do + +dgst -d +s_client -state (this uses a callback placed in the SSL state loop and + will be used else-where to help debug/monitor what + is happening.) + +doc/why.doc +doc/bio.doc <- hmmm, needs lots of work. +doc/bss_file.doc <- one that is working :-) +doc/session.doc <- it has changed +doc/speed.doc + also play with ssleay version -a. I have now added a SSLeay() + function that returns a version number, eg 0600 for this release + which is primarily to be used to check DLL version against the + application. +util/* Quite a few will not interest people, but some may, like + mk1mf.pl, mkdef.pl, +util/do_ms.sh + +try +cc -Iinclude -Icrypto -c crypto/crypto.c +cc -Iinclude -Issl -c ssl/ssl.c +You have just built the SSLeay libraries as 2 object files :-) + +Have a general rummage around in the bin stall directory and look at +what is in there, like CA.sh and c_rehash + +There are lots more things but it is 12:30am on a Friday night and I'm +heading home :-). + +eric 22-Jun-1996 +This version has quite a few major bug fixes and improvements. It DOES NOT +do SSLv3 yet. + +The main things changed +- A Few days ago I added the s_mult application to ssleay which is + a demo of an SSL server running in an event loop type thing. + It supports non-blocking IO, I have finally gotten it right, SSL_accept() + can operate in non-blocking IO mode, look at the code to see how :-). + Have a read of doc/s_mult as well. This program leaks memory and + file descriptors everywhere but I have not cleaned it up yet. + This is a demo of how to do non-blocking IO. +- The SSL session management has been 'worked over' and there is now + quite an expansive set of functions to manipulate them. Have a read of + doc/session.doc for some-things I quickly whipped up about how it now works. + This assume you know the SSLv2 protocol :-) +- I can now read/write the netscape certificate format, use the + -inform/-outform 'net' options to the x509 command. I have not put support + for this type in the other demo programs, but it would be easy to add. +- asn1parse and 'enc' have been modified so that when reading base64 + encoded files (pem format), they do not require '-----BEGIN' header lines. + The 'enc' program had a buffering bug fixed, it can be used as a general + base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' + respecivly. Leaving out the '-a' flag in this case makes the 'enc' command + into a form of 'cat'. +- The 'x509' and 'req' programs have been fixed and modified a little so + that they generate self-signed certificates correctly. The test + script actually generates a 'CA' certificate and then 'signs' a + 'user' certificate. Have a look at this shell script (test/sstest) + to see how things work, it tests most possible combinations of what can + be done. +- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name + of SSL_set_cipher_list() is now the correct API (stops confusion :-). + If this function is used in the client, only the specified ciphers can + be used, with preference given to the order the ciphers were listed. + For the server, if this is used, only the specified ciphers will be used + to accept connections. If this 'option' is not used, a default set of + ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this + list for all ciphers started against the SSL_CTX. So the order is + SSL cipher_list, if not present, SSL_CTX cipher list, if not + present, then the library default. + What this means is that normally ciphers like + NULL-MD5 will never be used. The only way this cipher can be used + for both ends to specify to use it. + To enable or disable ciphers in the library at build time, modify the + first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. + This file also contains the 'pref_cipher' list which is the default + cipher preference order. +- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' + options work. They should, and they enable loading and writing the + netscape rsa private key format. I will be re-working this section of + SSLeay for the next version. What is currently in place is a quick and + dirty hack. +- I've re-written parts of the bignum library. This gives speedups + for all platforms. I now provide assembler for use under Windows NT. + I have not tested the Windows 3.1 assembler but it is quite simple code. + This gives RSAprivate_key operation encryption times of 0.047s (512bit key) + and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. + Basically the times available under linux/solaris x86 can be achieve under + Windows NT. I still don't know how these times compare to RSA's BSAFE + library but I have been emailing with people and with their help, I should + be able to get my library's quite a bit faster still (more algorithm changes). + The object file crypto/bn/asm/x86-32.obj should be used when linking + under NT. +- 'make makefile.one' in the top directory will generate a single makefile + called 'makefile.one' This makefile contains no perl references and + will build the SSLeay library into the 'tmp' and 'out' directories. + util/mk1mf.pl >makefile.one is how this makefile is + generated. The mk1mf.pl command take several option to generate the + makefile for use with cc, gcc, Visual C++ and Borland C++. This is + still under development. I have only build .lib's for NT and MSDOS + I will be working on this more. I still need to play with the + correct compiler setups for these compilers and add some more stuff but + basically if you just want to compile the library + on a 'non-unix' platform, this is a very very good file to start with :-). + Have a look in the 'microsoft' directory for my current makefiles. + I have not yet modified things to link with sockets under Windows NT. + You guys should be able to do this since this is actually outside of the + SSLeay scope :-). I will be doing it for myself soon. + util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock + to build without RC2/RC4, to require RSAref for linking, and to + build with no socket code. + +- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher + that was posted to sci.crypt has been added to the library and SSL. + I take the view that if RC2 is going to be included in a standard, + I'll include the cipher to make my package complete. + There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers + at compile time. I have not tested this recently but it should all work + and if you are in the USA and don't want RSA threatening to sue you, + you could probably remove the RC4/RC2 code inside these sections. + I may in the future include a perl script that does this code + removal automatically for those in the USA :-). +- I have removed all references to sed in the makefiles. So basically, + the development environment requires perl and sh. The build environment + does not (use the makefile.one makefile). + The Configure script still requires perl, this will probably stay that way + since I have perl for Windows NT :-). + +eric (03-May-1996) + +PS Have a look in the VERSION file for more details on the changes and + bug fixes. +I have fixed a few bugs, added alpha and x86 assembler and generally cleaned +things up. This version will be quite stable, mostly because I'm on +holidays until 10-March-1996. For any problems in the interum, send email +to Tim Hudson . + +SSLeay 0.5.0 + +12-12-95 +This is going out before it should really be released. + +I leave for 11 weeks holidays on the 22-12-95 and so I either sit on +this for 11 weeks or get things out. It is still going to change a +lot in the next week so if you do grab this version, please test and +give me feed back ASAP, inculuding questions on how to do things with +the library. This will prompt me to write documentation so I don't +have to answer the same question again :-). + +This 'pre' release version is for people who are interested in the +library. The applications will have to be changed to use +the new version of the SSL interface. I intend to finish more +documentation before I leave but until then, look at the programs in +the apps directory. As far as code goes, it is much much nicer than +the old version. + +The current library works, has no memory leaks (as far as I can tell) +and is far more bug free that 0.4.5d. There are no global variable of +consequence (I believe) and I will produce some documentation that +tell where to look for those people that do want to do multi-threaded +stuff. + +There should be more documentation. Have a look in the +doc directory. I'll be adding more before I leave, it is a start +by mostly documents the crypto library. Tim Hudson will update +the web page ASAP. The spelling and grammar are crap but +it is better than nothing :-) + +Reasons to start playing with version 0.5.0 +- All the programs in the apps directory build into one ssleay binary. +- There is a new version of the 'req' program that generates certificate + requests, there is even documentation for this one :-) +- There is a demo certification authorithy program. Currently it will + look at the simple database and update it. It will generate CRL from + the data base. You need to edit the database by hand to revoke a + certificate, it is my aim to use perl5/Tk but I don't have time to do + this right now. It will generate the certificates but the management + scripts still need to be written. This is not a hard task. +- Things have been cleaned up alot. +- Have a look at the enc and dgst programs in the apps directory. +- It supports v3 of x509 certiticates. + + +Major things missing. +- I have been working on (and thinging about) the distributed x509 + hierachy problem. I have not had time to put my solution in place. + It will have to wait until I come back. +- I have not put in CRL checking in the certificate verification but + it would not be hard to do. I was waiting until I could generate my + own CRL (which has only been in the last week) and I don't have time + to put it in correctly. +- Montgomery multiplication need to be implemented. I know the + algorithm, just ran out of time. +- PKCS#7. I can load and write the DER version. I need to re-work + things to support BER (if that means nothing, read the ASN1 spec :-). +- Testing of the higher level digital envelope routines. I have not + played with the *_seal() and *_open() type functions. They are + written but need testing. The *_sign() and *_verify() functions are + rock solid. +- PEM. Doing this and PKCS#7 have been dependant on the distributed + x509 heirachy problem. I started implementing my ideas, got + distracted writing a CA program and then ran out of time. I provide + the functionality of RSAref at least. +- Re work the asm. code for the x86. I've changed by low level bignum + interface again, so I really need to tweak the x86 stuff. gcc is + good enough for the other boxes. + diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000000000000000000000000000000000000..9cbdfd7d33c423803f57179013c3a937ae4947ce --- /dev/null +++ b/INSTALL @@ -0,0 +1,128 @@ +# Installation of SSLeay. +# It depends on perl for a few bits but those steps can be skipped and +# the top level makefile edited by hand + +# When bringing the SSLeay distribution back from the evil intel world +# of Windows NT, do the following to make it nice again under unix :-) +# You don't normally need to run this. +sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996 + +# If you have perl, and it is not in /usr/local/bin, you can run +perl util/perlpath.pl /new/path +# and this will fix the paths in all the scripts. DO NOT put +# /new/path/perl, just /new/path. The build +# environment always run scripts as 'perl perlscript.pl' but some of the +# 'applications' are easier to usr with the path fixed. + +# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl +# to set the install locations if you don't like +# the default location of /usr/local/ssl +# Do this by running +perl util/ssldir.pl /new/ssl/home +# if you have perl, or by hand if not. + +# If things have been stuffed up with the sym links, run +make -f Makefile.ssl links +# This will re-populate lib/include with symlinks and for each +# directory, link Makefile to Makefile.ssl + +# Setup the machine dependent stuff for the top level makefile +# and some select .h files +# If you don't have perl, this will bomb, in which case just edit the +# top level Makefile.ssl +./Configure 'system type' + +# The 'Configure' command contains default configuration parameters +# for lots of machines. Configure edits 5 lines in the top level Makefile +# It modifies the following values in the following files +Makefile.ssl CC CFLAG EX_LIBS BN_MULW +crypto/des/des.h DES_LONG +crypto/des/des_locl.h DES_PTR +crypto/md/md2.h MD2_INT +crypto/rc4/rc4.h RC4_INT +crypto/rc4/rc4_enc.c RC4_INDEX +crypto/rc2/rc2.h RC2_INT +crypto/bf/bf_locl.h BF_INT +crypto/idea/idea.h IDEA_INT +crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT, + SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT, + SIXTEEN_BIT or EIGHT_BIT) +Please remember that all these files are actually copies of the file with +a .org extention. So if you change crypto/des/des.h, the next time +you run Configure, it will be runover by a 'configured' version of +crypto/des/des.org. So to make the changer the default, change the .org +files. The reason these files have to be edited is because most of +these modifications change the size of fundamental data types. +While in theory this stuff is optional, it often makes a big +difference in performance and when using assember, it is importaint +for the 'Bignum bits' match those required by the assember code. +A warning for people using gcc with sparc cpu's. Gcc needs the -mv8 +flag to use the hardware multiply instruction which was not present in +earlier versions of the sparc CPU. I define it by default. If you +have an old sparc, and it crashes, try rebuilding with this flag +removed. I am leaving this flag on by default because it makes +things run 4 times faster :-) + +# clean out all the old stuff +make clean + +# Do a make depend only if you have the makedepend command installed +# This is not needed but it does make things nice when developing. +make depend + +# make should build everything +make + +# fix up the demo certificate hash directory if it has been stuffed up. +make rehash + +# test everything +make test + +# install the lot +make install + +# It is worth noting that all the applications are built into the one +# program, ssleay, which is then has links from the other programs +# names to it. +# The applicatons can be built by themselves, just don't define the +# 'MONOLITH' flag. So to build the 'enc' program stand alone, +gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a + +# Other useful make options are +make makefile.one +# which generate a 'makefile.one' file which will build the complete +# SSLeay distribution with temp. files in './tmp' and 'installable' files +# in './out' + +# Have a look at running +perl util/mk1mf.pl help +# this can be used to generate a single makefile and is about the only +# way to generate makefiles for windows. + +# There is actually a final way of building SSLeay. +gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c +gcc -O2 -c -Issl -Iinclude ssl/ssl.c +# and you now have the 2 libraries as single object files :-). +# If you want to use the assember code for your particular platform +# (DEC alpha/x86 are the main ones, the other assember is just the +# output from gcc) you will need to link the assember with the above generated +# object file and also do the above compile as +gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c + +This last option is probably the best way to go when porting to another +platform or building shared libraries. It is not good for development so +I don't normally use it. + +To build shared libararies under unix, have a look in shlib, basically +you are on your own, but it is quite easy and all you have to do +is compile 2 (or 3) files. + +For mult-threading, have a read of doc/threads.doc. Again it is quite +easy and normally only requires some extra callbacks to be defined +by the application. +The examples for solaris and windows NT/95 are in the mt directory. + +have fun + +eric 25-Jun-1997 diff --git a/MICROSOFT b/MICROSOFT new file mode 100644 index 0000000000000000000000000000000000000000..54176f0472d80832e5b7b951e6e5af6c7ccf48b8 --- /dev/null +++ b/MICROSOFT @@ -0,0 +1,146 @@ +The Microsoft World. + +The good news, to build SSLeay for the Microsft World + +Windows 3.1 DLL's +perl Configure VC-WIN16 +nmake -f ms\w31dll.mak + +Windows NT/95 DLL's +perl Configure VC-WIN32 +nmake -f ms\ntdll.mak + +Now the bad news +All builds were done using Microsofts Visual C++ 1.52c and [45].x. +If you are a borland person, you are probably going to have to help me +finish the stuff in util/pl/BC*pl + +All builds were made under Windows NT - this means long filenames, so +you may have problems under Windows 3.1 but probably not under 95. + +Because file pointers don't work in DLL's under Windows 3.1 (well at +least stdin/stdout don't and I don't like having to differentiate +between these and other file pointers), I now use the BIO file-pointer +module, which needs to be linked into your application. You can either +use the memory buffer BIO for IO, or compile bss_file.c into your +application, it is in the apps directory and is just a copy of +crypto/buffer/bss_file.c with #define APPS_WIN16 added. +I have not yet automated the makefile to automatically copy it into 'out' +for a win 3.1 build.... + +All callbacks passed into SSLeay for Windows 3.1 need to be of type +_far _loadds. + +I don't support building with the pascal calling convention. + +The DLL and static builds are large memory model. + +To build static libraries for NT/95 or win 3.1 + +perl util/mk1mf.pl VC-WIN32 > mf-stat.nt +perl util/mk1mf.pl VC-WIN16 > mf-stat.w31 +for DLL's +perl util/mk1mf.pl dll VC-WIN32 > mf-dll.nt +perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31 + +Again you will notice that if you dont have perl, you cannot do this. + +Now the next importaint issue. Running Configure! +I have small assember code files for critical big number library operation +in crypto/bn/asm. There is, asm code, object files and uuencode +object files. They are +x86nt32.asm - 32bit flat memory model assember - suitable Win32 +x86w16.asm - 16bit assember - used in the msdos build. +x86w32.asm - 32bit assember, win 3.1 segments, used for win16 build. + +If you feel compelled to build the 16bit maths routines in the windows 3.1 +build, +perl Configure VC-W31-16 +perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31 + +If you hate assember and don't want anything to do with it, +perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31 +will work for any of the makefile generations. + +There are more options to mk1mf.pl but these all leave the temporary +files in 'tmp' and the output files in 'out' by default. + +The NT build is done for console mode. + +The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly +but it is better than nothing. If you want ugly, try doing anything +that involves getting a password. I decided to be ugly instead of +echoing characters. For Windows 3.1 I would just sugest using the +msdos version of the ssleay application for command line work. +The QuickWin build is primarily for testing. + +For both NT and Windows 3.1, I have not written the code so that +s_client, s_server can take input from the keyboard. You can happily +start applications up in separate windows, watch them handshake, and then sit +there for-ever. I have not had the time to get this working, and I've +been able to test things from a unix box to the NT box :-). +Try running ssleay s_server on the windows box +(with either -cert ../apps/server.pem -www) +and run ssleay s_time from another window. +This often stuffs up on Windows 3.1, but I'm not worried since this is +probably a problem with my demo applications, not the libraries. + +After a build of one of the version of microsoft SSLeay, +'cd ms' and then run 'test'. This should check everything out and +even does a trial run of generating certificates. +'test.bat' requires that perl be install, you be in the ms directory +(not the test directory, thats for unix so stay out :-) and that the +build output directory be ../out + +On a last note, you will probably get division by zero errors and +stuff after a build. This is due to your own inability to follow +instructions :-). + +The reasons for the problem is probably one of the following. + +1) You did not run Configure. This is critical for windows 3.1 when + using assember. The values in crypto/bn/bn.h must match the + ones requred for the assember code. (remember that if you + edit crypto/bn/bn.h by hand, it will be clobered the next time + you run Configure by the contents of crypto/bn/bn.org). + SSLeay version -o will list the compile options. + For VC-WIN32 you need bn(64,32) or bn(32,32) + For VC-W31-32/VC-WIN16 you need bn(32,32) + For VC-W31-16 you need bn(32,16) or bn(16,16) + For VC-MSDOS you need bn(32,16) or bn(16,16). + + The first number will be 2 times bigger than the second if + BN_LLONG is defined in bn.h and the size of the second number + depends on the 'bits' defined at the start of bn.h. Have a + look, it's all reasonably clear. + If you want to start messing with 8 bit builds and things like + that, build without the assember by re-generating a makefile + via 'perl util/mk1mf.pl no-asm'. +2) You tried to build under MS-DOS or Windows 3.1 using the /G3 + option. Don't. It is buggy (thats why you just got that + error) and unless you want to work out which optimising flag + to turn off, I'm not going to help you :-). I also noticed + that code often ran slower when compiled with /G3. +3) Under NT/95, malloc goes stupid. You are probably linking with + the wrong library, there are problems if you mix the threaded + and non-threaded libraries (due to the DLL being staticly + linked with one and the applicaion using another. + +Well hopefully thats most of the MS issues handled, see you in ssl-users :-). + +eric 30-Aug-1996 + +SSLeay 0.6.5 +For Windows 95/NT, add CRYPTO_malloc_init() to your program before any +calls to the SSLeay libraries. This function will insert callbacks so that +the SSLeay libraries will use the same malloc(), free() and realloc() as +your application so 'problem 3)' mentioned above will go away. + +There is now DES assember for Windows NT/95. The file is +crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build. + +There is also Blowfish assember for Windows NT/95. The file is +crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build. + +eric 25-Jun-1997 + diff --git a/MINFO b/MINFO new file mode 100644 index 0000000000000000000000000000000000000000..024b85dc9e83dc13964377df2de13580743b7c59 --- /dev/null +++ b/MINFO @@ -0,0 +1,831 @@ +RELATIVE_DIRECTORY=. +AR=ar r +BASENAME=SSLeay +BF_ENC=bf_enc.o +BN_MULW=bn_mulw.o +CC=cc +CFLAG=-O -DNOPROTO +DES_ENC=des_enc.o fcrypt_b.o +DIRS=crypto ssl rsaref apps test tools +EDIRS=times doc bugs util include certs ms shlib mt demos +EX_HEADER= +EX_LIBS= +GENERAL=Makefile +HEADER=e_os.h +INSTALLTOP=/usr/local/ssl +LIBS=libcrypto.a libssl.a +MAKE=make -f Makefile.ssl +MAKEFILE=Makefile.ssl +MAN1=1 +MAN3=3 +MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com +NAME=SSLeay-0.8.1 +ONEDIRS=out tmp +PEX_LIBS=-L. -L.. -L../.. -L../../.. +SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7 +SHELL=/bin/sh +TARFILE=SSLeay-0.8.1.tar +TOP=. +VERSION=0.8.1 +WDIRS=windows +WTARFILE=SSLeay-0.8.1-win.tar +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto +ALL=Makefile README cryptlib.c mem.c cversion.c cryptlib.h date.h crypto.h cryptall.h +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" " +DIR=crypto +EXHEADER=crypto.h cryptall.h +EX_LIBS= +GENERAL=Makefile README +HEADER=cryptlib.h date.h crypto.h cryptall.h +INCLUDE=-I. -I../include +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../libcrypto.a +LIBOBJ=cryptlib.o mem.o cversion.o +LIBS= +LIBSRC=cryptlib.c mem.c cversion.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +PEX_LIBS= +RM=/bin/rm -f +SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7 +SRC=cryptlib.c mem.c cversion.c +TOP=.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/md +ALL=Makefile md2_dgst.c md5_dgst.c md2_one.c md5_one.c md5_locl.h md2.h md5.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=md +EXHEADER=md2.h md5.h +GENERAL=Makefile +HEADER=md5_locl.h md2.h md5.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o +LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c +TEST=md2test.c md5test.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/sha +ALL=Makefile sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha_locl.h sha.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=sha +EXHEADER=sha.h +GENERAL=Makefile +HEADER=sha_locl.h sha.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o +LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c +TEST=shatest.c sha1test.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/mdc2 +ALL=Makefile mdc2dgst.c mdc2_one.c mdc2.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=mdc2 +EXHEADER=mdc2.h +GENERAL=Makefile +HEADER=mdc2.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=mdc2dgst.o mdc2_one.o +LIBSRC=mdc2dgst.c mdc2_one.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=mdc2dgst.c mdc2_one.c +TEST=mdc2test.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/des +ALL=Makefile des.org des_locl.org cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +CPP=cc -E +DES_ENC=des_enc.o fcrypt_b.o +DIR=des +EXHEADER=des.h +GENERAL=Makefile des.org des_locl.org +HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o +LIBSRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c +TEST=destest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/rc4 +ALL=Makefile rc4_enc.c rc4.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=rc4 +EXHEADER=rc4.h +GENERAL=Makefile +HEADER=rc4.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=rc4_enc.o +LIBSRC=rc4_enc.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=rc4_enc.c +TEST=rc4test.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/rc2 +ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=rc2 +EXHEADER=rc2.h +GENERAL=Makefile +HEADER=rc2_locl.h rc2.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o +LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c +TEST=rc2test.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/idea +ALL=Makefile i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h idea.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=idea +EXHEADER=idea.h +GENERAL=Makefile +HEADER=idea_lcl.h idea.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o +LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c +TEST=ideatest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/bf +ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h +APPS= +AR=ar r +BF_ENC=bf_enc.o +CC=cc +CFLAG=-g +CFLAGS= -g +CPP=cc -E +DIR=bf +EXHEADER=blowfish.h +GENERAL=Makefile +HEADER=bf_pi.h bf_locl.h blowfish.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cbc.o bf_cfb64.o bf_ofb64.o +LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c +TEST=bftest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/bn +ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_lcl.h bn_prime.h bn.h +APPS= +AR=ar r +BN_MULW=bn_mulw.o +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=bn +ERR=bn +ERRC=bn_err +EXHEADER=bn.h +GENERAL=Makefile +HEADER=bn_lcl.h bn_prime.h bn.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o +LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c +TEST=bntest.c exptest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/rsa +ALL=Makefile rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=rsa +ERR=rsa +ERRC=rsa_err +EXHEADER=rsa.h +GENERAL=Makefile +HEADER=rsa.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o +LIBSRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/dsa +ALL=Makefile dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c dsa.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=dsa +ERR=dsa +ERRC=dsa_err +EXHEADER=dsa.h +GENERAL=Makefile +HEADER=dsa.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o dsa_err.o +LIBSRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c +TEST=dsatest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/dh +ALL=Makefile dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=dh +ERR=dh +ERRC=dh_err +EXHEADER=dh.h +GENERAL=Makefile +HEADER=dh.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o +LIBSRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c +TEST=dhtest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/buffer +ALL=Makefile buffer.c buf_err.c buffer.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=buffer +ERR=buffer +ERRC=buf_err +EXHEADER=buffer.h +GENERAL=Makefile +HEADER=buffer.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=buffer.o buf_err.o +LIBSRC=buffer.c buf_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=buffer.c buf_err.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/bio +ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=bio +ERR=bio +ERRC=bio_err +EXHEADER=bio.h +GENERAL=Makefile +HEADER=bio.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o +LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/stack +ALL=Makefile stack.c stack.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=stack +EXHEADER=stack.h +GENERAL=Makefile +HEADER=stack.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=stack.o +LIBSRC=stack.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=stack.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/lhash +ALL=Makefile lhash.c lh_stats.c lhash.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=lhash +EXHEADER=lhash.h +GENERAL=Makefile +HEADER=lhash.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=lhash.o lh_stats.o +LIBSRC=lhash.c lh_stats.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=lhash.c lh_stats.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/rand +ALL=Makefile md_rand.c randfile.c rand.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=rand +EXHEADER=rand.h +GENERAL=Makefile +HEADER=rand.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=md_rand.o randfile.o +LIBSRC=md_rand.c randfile.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=md_rand.c randfile.c +TEST=randtest.c +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/err +ALL=Makefile err.c err_all.c err_prn.c err.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=error +EXHEADER=err.h +GENERAL=Makefile +HEADER=err.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=err.o err_all.o err_prn.o +LIBSRC=err.c err_all.c err_prn.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=err.c err_all.c err_prn.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/objects +ALL=Makefile README obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=objects +ERR=objects +ERRC=obj_err +EXHEADER=objects.h +GENERAL=Makefile README +HEADER=objects.h obj_dat.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=obj_dat.o obj_lib.o obj_err.o +LIBSRC=obj_dat.c obj_lib.c obj_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=obj_dat.c obj_lib.c obj_err.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/evp +ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=evp +ERR=evp +ERRC=evp_err +EXHEADER=evp.h +GENERAL=Makefile +HEADER=evp.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o +LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/pem +ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +CTX_SIZE=ctx_size +DIR=pem +ERR=pem +ERRC=pem_err +EXHEADER=pem.h +GENERAL=Makefile +HEADER=pem.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o +LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/asn1 +ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c asn1.h asn1_mac.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=asn1 +ERR=asn1 +ERRC=asn1_err +EXHEADER=asn1.h asn1_mac.h +GENERAL=Makefile README +HEADER=asn1.h asn1_mac.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o +LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/x509 +ALL=Makefile README x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c x509.h x509_vfy.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=x509 +ERR=x509 +ERRC=x509_err +EXHEADER=x509.h x509_vfy.h +GENERAL=Makefile README +HEADER=x509.h x509_vfy.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x509_req.o x509_vfy.o x509_set.o x509rset.o x509_err.o x509name.o x509_v3.o x509_ext.o x509pack.o x509type.o x509_lu.o x_all.o x509_txt.o by_file.o by_dir.o v3_net.o v3_x509.o +LIBSRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/conf +ALL=Makefile conf.c conf_err.c conf_lcl.h conf.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=conf +ERR=conf +ERRC=conf_err +EXHEADER=conf.h +GENERAL=Makefile +HEADER=conf_lcl.h conf.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=conf.o conf_err.o +LIBSRC=conf.c conf_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=conf.c conf_err.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/txt_db +ALL=Makefile txt_db.c txt_db.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS= -g +DIR=txt_db +EXHEADER=txt_db.h +GENERAL=Makefile +HEADER=txt_db.h +INCLUDES= +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=txt_db.o +LIBSRC=txt_db.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=txt_db.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=crypto/pkcs7 +ALL=Makefile README pk7_lib.c pkcs7err.c pk7_doit.c pkcs7.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=pkcs7 +ERR=pkcs7 +ERRC=pkcs7err +EXHEADER=pkcs7.h +GENERAL=Makefile README +HEADER=pkcs7.h +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +LIB=../../libcrypto.a +LIBOBJ=pk7_lib.o pkcs7err.o pk7_doit.o +LIBSRC=pk7_lib.c pkcs7err.c pk7_doit.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=pk7_lib.c pkcs7err.c pk7_doit.c +TEST= +TOP=../.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=ssl +ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I../crypto -I../include -g +DIR=ssl +ERR=ssl +ERRC=ssl_err +EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h +GENERAL=Makefile README +HEADER=ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h +INCLUDES=-I../crypto -I../include +INSTALLTOP=/usr/local/ssl +LIB=../libssl.a +LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o +LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c +TEST=ssltest.c +TOP=.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=rsaref +ALL=Makefile rsaref.c rsar_err.c rsaref.h +APPS= +AR=ar r +CC=cc +CFLAG=-g +CFLAGS=-I../crypto -I../include -g +DIR=rsaref +ERR=rsaref +ERRC=rsar_err +EXHEADER= +GENERAL=Makefile +HEADER= rsaref.h +INCLUDES=-I../crypto -I../include +INSTALLTOP=/usr/local/ssl +LIB=../libRSAglue.a +LIBOBJ=rsaref.o rsar_err.o +LIBSRC=rsaref.c rsar_err.c +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +SRC=rsaref.c rsar_err.c +TEST= +TOP=.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=apps +ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h +A_OBJ=apps.o +A_SRC=apps.c +CC=cc +CFLAG=-g -static +CFLAGS=-DMONOLITH -I../include -g -static +DIR=apps +DLIBCRYPTO=../libcrypto.a +DLIBSSL=../libssl.a +EXE=ssleay +EXHEADER= +EX_LIBS= +E_EXE=verify asn1pars req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers +E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o gendsa.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o +E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c +GENERAL=Makefile +HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h +INCLUDES=-I../include +INSTALLTOP=/usr/local/ssl +LIBCRYPTO=-L.. -lcrypto +LIBSSL=-L.. -lssl +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +PEX_LIBS= +PROGS=ssleay.c +RM=/bin/rm -f +SCRIPTS=CA.sh der_chop +SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c +SSLEAY=ssleay +S_OBJ=s_cb.o s_socket.o +S_SRC=s_cb.c s_socket.c +TOP=.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=test +ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c +BFTEST=bftest +BNTEST=bntest +CC=cc +CFLAG=-g +CFLAGS=-I../include -g +DESTEST=destest +DHTEST=dhtest +DIR=test +DLIBCRYPTO=../libcrypto.a +DLIBSSL=../libssl.a +DSATEST=dsatest +EXE=bntest ideatest md2test md5test rc4test destest shatest sha1test mdc2test randtest dhtest rc2test bftest ssltest exptest dsatest +EXHEADER= +EXPTEST=exptest +EX_LIBS=-lnsl -lsocket +GENERAL=Makefile.ssl +HEADER= +IDEATEST=ideatest +INCLUDES=-I../include +INSTALLTOP=/usr/local/ssl +LIBCRYPTO=-L.. -lcrypto +LIBSSL=-L.. -lssl +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -fMakefile.ssl +MAKEFILE=Makefile.ssl +MD2TEST=md2test +MD5TEST=md5test +MDC2TEST=mdc2test +METHTEST=methtest +OBJ=bntest.o ideatest.o md2test.o md5test.o rc4test.o destest.o shatest.o sha1test.o mdc2test.o randtest.o dhtest.o rc2test.o bftest.o ssltest.o dsatest.o exptest.o +PEX_LIBS= +RANDTEST=randtest +RC2TEST=rc2test +RC4TEST=rc4test +SHA1TEST=sha1test +SHATEST=shatest +SRC=bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c +SSLTEST=ssltest +TOP=.. +RELATIVE_DIRECTORY= +RELATIVE_DIRECTORY=tools +APPS=c_hash c_info c_issuer c_name c_rehash +CC=cc +CFLAG=-g +CFLAGS=-I.. -I../../include -g +DIR=tools +GENERAL=Makefile.ssl +INCLUDES=-I.. -I../../include +INSTALLTOP=/usr/local/ssl +MAKE=make -f Makefile.ssl +MAKEDEPEND=makedepend -f Makefile.ssl +MAKEFILE=Makefile.ssl +TEST= +TOP=.. +RELATIVE_DIRECTORY= diff --git a/Makefile.ssl b/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..676ece0aa82123dbdf006f18b5aaee9c2cef485f --- /dev/null +++ b/Makefile.ssl @@ -0,0 +1,276 @@ +# +# Makefile for all the SSL related library routines and utilities +VERSION = 0.8.1a +# +# make install will install: +# libraries into $INSTALLTOP/lib +# headers into $INSTALLTOP/include +# utilities into $INSTALLTOP/bin +# +# By default INSTALLTOP is set to /usr/local/ssl +# If you want things install elsewere, consider running +# perl util/ssldir.pl /new/path +# +# Interesting Mailing Lists: +# ssl-bugs@mincom.oz.au +# ssl-users@mincom.oz.au +# +# To join the Mailing Lists: +# ssl-bugs-request@mincom.oz.au +# ssl-users-request@mincom.oz.au +# +# If you must get hold of people directly (we much prefer the above +# lists to be used if the question is of general interest!): +# Eric Young +# Tim Hudson +# or both +# +# The primary distribution of SSLeay is from +# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL +# +# NOCONST - Define for C compilers that don't like the const key word. +# NOPROTO - Define in if your compiler does not support prototypes. +# RSAref - Define if we are to link with RSAref. +# NO_IDEA - Define to build without the IDEA algorithm +# NO_RC4 - Define to build without the RC4 algorithm +# NO_RC2 - Define to build without the RC2 algorithm +# THREADS - Define when building with threads, you will probably also need any +# system defines as well, i.e. _REENTERANT for Solaris 2.[34] +# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. +# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. +# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). +# DEVRANDOM - Give this the value of the 'random device' if your OS supports +# one. 32 bytes will be read from this when the random +# number generator is initalised. +# SSL_ALLOW_ADH - define if you want the server to be able to use the +# SSLv3 anon-DH ciphers. +# SSL_ALLOW_ENULL - define if you want the server to be able to use the +# NULL encryption ciphers. +# +# LOCK_DEBUG - turns on lots of lock debug output :-) +# REF_CHECK - turn on some xyz_free() assertions. +# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff +# MFUNC - Make all Malloc/Free/Realloc calls call +# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to +# call application defined callbacks via CRYPTO_set_mem_functions() + + +CC= cc +CFLAG= -O -DNOPROTO +#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized +PEX_LIBS= -L. -L.. -L../.. -L../../.. +EX_LIBS= +#EX_LIBS= #-lRSAglue -lrsaref -lnsl -lsocket +AR=ar r + +# Set BN_MULW to bn_mulw.o if you want to use the C version +#BN_MULW= asm/x86-lnx.o +BN_MULW= bn_mulw.o +#BN_MULW= asm/x86-lnx.o # elf +#BN_MULW= asm/x86-sol.o # solaris +#BN_MULW= asm/x86-lnxa.o # a.out, FreeBSD +#BN_MULW= asm/x86-bsdi.o # bsdi +#BN_MULW= asm/alpha.o # DEC Alpha +#BN_MULW= asm/pa-risc2.o # HP-UX PA-RISC +#BN_MULW= asm/r3000.o # SGI MIPS cpu +#BN_MULW= asm/sparc.o # Sun solaris/SunOS +#BN_MULW= asm/x86nt32.o # Windows 95/NT +#BN_MULW= asm/x86w16.o # 16 bit code for Windows 3.1/DOS +#BN_MULW= asm/x86w32.o # 32 bit code for Windows 3.1 + +# Set DES_ENC to des_enc.o if you want to use the C version +#There are 4 x86 assember options. +DES_ENC= des_enc.o fcrypt_b.o +#DES_ENC= des_enc.o fcrypt_b.o # C +#DES_ENC= asm/dx86-elf.o asm/cx86-elf.o # elf +#DES_ENC= asm/dx86-sol.o asm/cx86-sol.o # solaris +#DES_ENC= asm/dx86-out.o asm/cx86-out.o # a.out, FreeBSD +#DES_ENC= asm/dx86bsdi.o asm/cx86bsdi.o # bsdi + +# Set BF_ENC to bf_enc.o if you want to use the C version +#There are 4 x86 assember options. +BF_ENC= bf_enc.o +#BF_ENC= bf_enc.o # C +#BF_ENC= asm/bx86-elf.o # elf +#BF_ENC= asm/bx86-sol.o # solaris +#BF_ENC= asm/bx86-out.o # a.out, FreeBSD +#BF_ENC= asm/bx86bsdi.o # bsdi + +DIRS= crypto ssl rsaref apps test tools +# dirs in crypto to build +SDIRS= \ + md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh \ + buffer bio stack lhash rand err objects \ + evp pem asn1 x509 conf txt_db pkcs7 + +# If you change the INSTALLTOP, make sure to also change the values +# in crypto/location.h +INSTALLTOP=/usr/local/ssl + +MAKEFILE= Makefile.ssl +MAKE= make -f Makefile.ssl + +MAN1=1 +MAN3=3 +SHELL=/bin/sh + +TOP= . +ONEDIRS=out tmp +EDIRS= times doc bugs util include certs ms shlib mt demos +MISC= COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \ + README TODO HISTORY README.066 README.080 \ + VERSION PROBLEMS MINFO makefile.one e_os.h \ + MICROSOFT makevms.com +WDIRS= windows +LIBS= libcrypto.a libssl.a + +GENERAL= Makefile +BASENAME= SSLeay +NAME= $(BASENAME)-$(VERSION) +TARFILE= $(NAME).tar +WTARFILE= $(NAME)-win.tar +EX_HEADER= +HEADER= e_os.h + +all: + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making $$i..."; \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' all ); \ + done; + +sub_all: + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making $$i..."; \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \ + done; + +clean: + /bin/rm -f *.o core a.out fluff *.map + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "cleaning $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' clean ); \ + /bin/rm -f $(LIBS); \ + done; + /bin/rm -f *.a *.o speed.* *.map *.so .pure core + /bin/rm -f $(TARFILE) + @for i in $(ONEDIRS) ;\ + do \ + /bin/rm -f $$i/*; \ + done + +makefile.one: files + perl util/mk1mf.pl >makefile.one; \ + sh util/do_ms.sh + +files: MINFO + perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making 'files' in $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' files ); \ + done; + +links: + /bin/rm -f Makefile; + ./util/point.sh Makefile.ssl Makefile; + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making links in $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' links ); \ + done; + # @(cd apps; sh ./mklinks) + sh tools/c_rehash certs + +dclean: + /bin/rm -f *.bak + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "undoing makedepend in $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' dclean ); \ + done; + +rehash: + @(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs) + +test: tests + +tests: + (cd test; echo "testing $$i..."; \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' tests ); + @apps/ssleay version -a + +depend: + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making dependancies $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' depend ); \ + done; + +lint: + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making lint $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' lint ); \ + done; + +tags: + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making tags $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' tags ); \ + done; + +errors: + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "making errors in $$i..."; \ + $(MAKE) SDIRS='${SDIRS}' errors ); \ + done; + +tar: + @(cd ..;\ + mv $(BASENAME) $(NAME); \ + export STUFF; \ + for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\ + do \ + STUFF="$$STUFF $(NAME)/$$i"; \ + done; \ + tar cf $(NAME)/$(TARFILE) $$STUFF; \ + mv $(NAME) $(BASENAME) ) + gzip -f $(TARFILE) + +dist: + perl Configure dist + @$(MAKE) dist_pem_h + @$(MAKE) SDIRS='${SDIRS}' clean + @$(MAKE) SDIRS='${SDIRS}' dclean + @(cd apps; sh ./rmlinks) + @$(MAKE) makefile.one + @$(MAKE) tar + +dist_pem_h: + (cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) + +install: all + @-mkdir -p $(INSTALLTOP)/bin 2>/dev/null + @-mkdir -p $(INSTALLTOP)/lib 2>/dev/null + @-mkdir -p $(INSTALLTOP)/include 2>/dev/null + @-mkdir -p $(INSTALLTOP)/certs 2>/dev/null + @-mkdir -p $(INSTALLTOP)/private 2>/dev/null + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "installing $$i..."; \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \ + done + @for i in $(LIBS) ;\ + do \ + ( echo installing $$i; \ + cp $$i $(INSTALLTOP)/lib; \ + sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \ + chmod 644 $(INSTALLTOP)/lib/$$i ); \ + done + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/PROBLEMS b/PROBLEMS new file mode 100644 index 0000000000000000000000000000000000000000..d78e2d9a23c43c434c6f6369049662daff25b701 --- /dev/null +++ b/PROBLEMS @@ -0,0 +1,50 @@ +If you have any problems with SSLeay then please take the following +steps: + + Remove the ASM version of the BN routines (edit Configure) + Remove the compiler optimisation flags + Add in the compiler debug flags (-g) + +Note: if using gcc then remove -fomit-frame-pointer before you try + to debug things. + +If you wish to report a bug then please include the following information +in any bug report: + + SSLeay Details + - Version, most of these details can be got from the + 'ssleay version -a' command. + Operating System Details + - OS Name + - OS Version + - Hardware platform + Compiler Details + - Name + - Version + Application Details + - Name + - Version + Problem Description + - include steps that will reproduce the problem (if known) + Stack Traceback (if the application dumps core) + +For example: + + SSLeay-0.5.1a + SunOS 5.3, SPARC, SunC 3.0 + SSLtelnet-0.7 + + Core dumps when using telnet with SSL support in bn_mul() with + the following stack trackback + ... + + +Report the bug to either + ssleay@mincom.oz.au (Eric and Tim) +or + ssl-bugs@mincom.oz.au (mailing list of active developers) + + +Tim Hudson +tjh@mincom.oz.au + diff --git a/README b/README new file mode 100644 index 0000000000000000000000000000000000000000..543a1336f53744837fc00a97fbfdad41ab6e7a4f --- /dev/null +++ b/README @@ -0,0 +1,173 @@ + SSLeay 0.8.1b 29-Jun-1998 + Copyright (c) 1997, Eric Young + All rights reserved. + +This directory contains Eric Young's (eay@cryptsoft.com) implementation +of SSL and supporting libraries. + +The current version of this library is available from + ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz + +There are patches to a number of internet applications which can be found in + ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ + +A Web page containing the SSLeay FAQ written by Tim Hudson +can be found at + http://www.psy.uq.oz.au/~ftp/Crypto + +Additional documentation is being slowly written by Eric Young, and is being +added to http://www.cryptsoft.com/ssleay/doc. It will normally also be +available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay + +This Library and programs are FREE for commercial and non-commercial +usage. The only restriction is that I must be attributed with the +development of this code. See the COPYRIGHT file for more details. +Donations would still be accepted :-). + +THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6 + +The package includes + +libssl.a: + My implementation of SSLv2, SSLv3 and the required code to support + both SSLv2 and SSLv3 in the one server. + +libcrypto.a: + General encryption and X509 stuff needed by SSL but not + actually logically part of it. It includes routines for the following: + + Ciphers + libdes - My libdes DES encryption package which has been floating + around the net for a few years. It includes 15 + 'modes/variations' of DES (1, 2 and 3 key versions of ecb, + cbc, cfb and ofb; pcbc and a more general form of cfb and ofb) + including desx in cbc mode, + a fast crypt(3), and routines to read passwords from the + keyboard. + RC4 encryption, + RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. + Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. + IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. + + Digests + MD5 and MD2 message digest algorithms, fast implementations, + SHA (SHA-0) and SHA-1 message digest algorithms, + MDC2 message digest. A DES based hash that is polular on smart cards. + + Public Key + RSA encryption/decryption/generation. There is no limit + on the number of bits. + DSA encryption/decryption/generation. There is no limit on the + number of bits. + Diffie-Hellman key-exchange/key generation. There is no limit + on the number of bits. + + X509v3 certificates + X509 encoding/decoding into/from binary ASN1 and a PEM + based ascii-binary encoding which supports encryption with + a private key. + Program to generate RSA and DSA certificate requests and to + generate RSA and DSA certificates. + + Systems + The normal digital envelope routines and base64 encoding. + Higher level access to ciphers and digests by name. New ciphers can be + loaded at run time. + The BIO io system which is a simple non-blocking IO abstraction. + Current methods supported are file descriptors, sockets, + socket accept, socket connect, memory buffer, buffering, + SSL client/server, file pointer, encryption, digest, + non-blocking testing and null. + Data structures + A dynamically growing hashing system + A simple stack. + A Configuration loader that uses a format similar to MS .ini files. + +Programs in this package include + enc - a general encryption program that can encrypt/decrypt using + one of 17 different cipher/mode combinations. The + input/output can also be converted to/from base64 + ascii encoding. + dgst - a generate message digesting program that will generate + message digests for any of md2, md5, sha (sha-0 or sha-1) + or mdc2. + asn1parse - parse and display the structure of an asn1 encoded + binary file. + rsa - Manipulate RSA private keys. + dsa - Manipulate DSA private keys. + dh - Manipulate Diffie-Hellman parameter files. + dsaparam- Manipulate and generate DSA parameter files. + crl - Manipulate certificate revocation lists. + crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. + x509 - Manipulate x509 certificates, self-sign certificates. + req - Manipulate PKCS#10 certificate requests and also + generate certificate requests. + genrsa - Generates an arbitrary sized RSA private key. + gendh - Generates a set of Diffie-Hellman parameters, the prime + will be a strong prime. + ca - Create certificates from PKCS#10 certificate requests. + This program also maintains a database of certificates + issued. + verify - Check x509 certificate signatures. + speed - Benchmark SSLeay's ciphers. + s_server- A test SSL server. + s_client- A test SSL client. + s_time - Benchmark SSL performance of SSL server programs. + errstr - Convert from SSLeay hex error codes to a readable form. + +Documents avaliable are + A Postscript and html reference manual + (written by Tim Hudson tjh@cryptsoft.com). + + A list of text protocol references I used. + An initial version of the library manual. + +To install this package, read the INSTALL file. +For the Microsoft word, read MICROSOFT +This library has been compiled and tested on Solaris 2.[34] (sparc and x86), +SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23], +LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22. + +Multithreading has been tested under Windows NT and Solaris 2.5.1 + +Due to time constraints, the current release has only be rigorously tested +on Solaris 2.[45], Linux and Windows NT. + +For people in the USA, it is possible to compile SSLeay to use RSA +Inc.'s public key library, RSAref. From my understanding, it is +claimed by RSA Inc. to be illegal to use my public key routines inside the USA. +Read doc/rsaref.doc on how to build with RSAref. + +Read the documentation in the doc directory. It is quite rough, +but it lists the functions, you will probably have to look at +the code to work out how to used them. I will be working on +documentation. Look at the example programs. + +There should be a SSL reference manual which is being put together by +Tim Hudson (tjh@cryptsoft.com) in the same location as this +distribution. This contains a lot more information that is very +useful. For a description of X509 Certificates, their use, and +certification, read rfc1421, rfc1422, rfc1423 and rfc1424. ssl/README +also goes over the mechanism. + +We have setup some mailing lists for use by people that are interested +in helping develop this code and/or ask questions. + ssl-bugs@mincom.oz.au + ssl-users@mincom.oz.au + ssl-bugs-request@mincom.oz.au + ssl-users-request@mincom.oz.au + +I have recently read about a new form of software, that which is in +a permanent state of beta release. Linux and Netscape are 2 good +examples of this, and I would also add SSLeay to this category. +The Current stable release is 0.6.6. It has a few minor problems. +0.8.0 is not call compatable so make sure you have the correct version +of SSLeay to link with. + +eric (Jun 1997) + +Eric Young (eay@cryptsoft.com) +86 Taunton St. +Annerley 4103. +Australia. + diff --git a/README.066 b/README.066 new file mode 100644 index 0000000000000000000000000000000000000000..d8e086d0b4e638f4b921329fd0ba0fceb56bc829 --- /dev/null +++ b/README.066 @@ -0,0 +1,27 @@ + +SSLeay 0.6.6 13-Jan-1997 + +The main additions are + +- assember for x86 DES improvments. + From 191,000 per second on a pentium 100, I now get 281,000. The inner + loop and the IP/FP modifications are from + Svend Olaf Mikkelsen . Many thanks for his + contribution. +- The 'DES macros' introduced in 0.6.5 now have 3 types. + DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which + is best and there is a summery of mine in crypto/des/options.txt +- A few bug fixes. +- Added blowfish. It is not used by SSL but all the other stuff that + deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. + There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. + BF_PTR2 is pentium/x86 specific. The correct option is setup in + the 'Configure' script. +- There is now a 'get client certificate' callback which can be + 'non-blocking'. If more details are required, let me know. It will + documented more in SSLv3 when I finish it. +- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' + now tests the ca program. +- Lots of little things modified and tweaked. + +eric diff --git a/README.080 b/README.080 new file mode 100644 index 0000000000000000000000000000000000000000..155ce1c712cad812d73ecfe41165277e16ebc8d0 --- /dev/null +++ b/README.080 @@ -0,0 +1,147 @@ +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + diff --git a/TODO b/TODO new file mode 100644 index 0000000000000000000000000000000000000000..1c3da41cdfc704c496c2672faa4a2cbfa56d3e95 --- /dev/null +++ b/TODO @@ -0,0 +1,28 @@ +- The loading of the netscape RC4 encrypted key is a crock of pig pellets. + It will be reworked along with a nice general mechanism for encrypting + ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but + still have not done PKCS#8 support. + +- Winsock support in s_client/s_server for windows nt/3.1 is a crock. + I will probably not get this fixed for a while, it is just there so + I could test things. + +- Be able to generate DSS certificates. + +- Add CRL to the X509 verification stuff, this will probably be added with + SSLv3. + ++ X509 callback. I need to callback the application to retrieve certificates + and CRL. + +*<- designates the things I'm activly working on. ++<- designates that which I have next in the queue. + +==== + +X509v3 extensions +verify certificate chains +X509 cert lookup methods +RSA/DSA/DH methods mostly for smart cards +dsa cert generation + diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000000000000000000000000000000000..5555e9a3afd275f154f4ae8943aacf945ff7d251 --- /dev/null +++ b/VERSION @@ -0,0 +1,24 @@ +SSLeay 0.8.1 + - Mostly bug fixes. There is an Ephemeral DH cipher problem which + is fixed. + +SSLeay 0.8.0 + - New release, for those that are wondering what happend to + 0.7.x, call it our internal development version :-) + - There have been lots of changes, mostly the addition of SSLv3. + - There have been many additions from people and amongst + others, C2Net has assisted greatly. + +SSLeay 0.6.6 + SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so + if your application requires 0.6.6, use it. There have been + lots of bug fixes to 0.8.x that have not been applied to 0.6.6 + so use 0.8.0+ in preference. + +PORTING 0.6.6 to 0.8.0 + I'll be documenting this over the next few weeks but as + pressures have been increasing for making SSLv3 support + available I'm shipping it without this documentation as I + basically have not had time to write it (too busy earning a + living :-) + diff --git a/apps/CA.sh b/apps/CA.sh new file mode 100644 index 0000000000000000000000000000000000000000..1942b985a2b6ba203992f0cd910a9a9d90dceb3a --- /dev/null +++ b/apps/CA.sh @@ -0,0 +1,132 @@ +#!/bin/sh +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# default ssleay.cnf file has setup as per the following +# demoCA ... where everything is stored + +DAYS="-days 365" +REQ="ssleay req $SSLEAY_CONFIG" +CA="ssleay ca $SSLEAY_CONFIG" +VERIFY="ssleay verify" +X509="ssleay x509" + +CATOP=./demoCA +CAKEY=./cakey.pem +CACERT=./cacert.pem + +for i +do +case $i in +-\?|-h|-help) + echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2 + exit 0 + ;; +-newcert) + # create a certificate + $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Certificate (and private key) is in newreq.pem" + ;; +-newreq) + # create a certificate request + $REQ -new -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Request (and private key) is in newreq.pem" + ;; +-newca) + # if explictly asked for or it doesn't exist then setup the directory + # structure that Eric likes to manage things + NEW="1" + if [ "$NEW" -o ! -f ${CATOP}/serial ]; then + # create the directory hierarchy + mkdir ${CATOP} + mkdir ${CATOP}/certs + mkdir ${CATOP}/crl + mkdir ${CATOP}/newcerts + mkdir ${CATOP}/private + echo "01" > ${CATOP}/serial + touch ${CATOP}/index.txt + fi + if [ ! -f ${CATOP}/private/$CAKEY ]; then + echo "CA certificate filename (or enter to create)" + read FILE + + # ask user for existing CA certificate + if [ "$FILE" ]; then + cp $FILE ${CATOP}/private/$CAKEY + RET=$? + else + echo "Making CA certificate ..." + $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CACERT $DAYS + RET=$? + fi + fi + ;; +-xsign) + $CA -policy policy_anything -infiles newreq.pem + RET=$? + ;; +-sign|-signreq) + $CA -policy policy_anything -out newcert.pem -infiles newreq.pem + RET=$? + cat newcert.pem + echo "Signed certificate is in newcert.pem" + ;; +-signcert) + echo "Cert passphrase will be requested twice - bug?" + $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem + $CA -policy policy_anything -out newcert.pem -infiles tmp.pem + cat newcert.pem + echo "Signed certificate is in newcert.pem" + ;; +-verify) + shift + if [ -z "$1" ]; then + $VERIFY -CAfile $CATOP/$CACERT newcert.pem + RET=$? + else + for j + do + $VERIFY -CAfile $CATOP/$CACERT $j + if [ $? != 0 ]; then + RET=$? + fi + done + fi + exit 0 + ;; +*) + echo "Unknown arg $i"; + exit 1 + ;; +esac +done +exit $RET + diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..4fac51faa304e349d5a30fc0bdc86baf32b89d5d --- /dev/null +++ b/apps/Makefile.ssl @@ -0,0 +1,144 @@ +# +# SSLeay/apps/Makefile.ssl +# + +DIR= apps +TOP= .. +CC= cc +INCLUDES= -I../include +CFLAG= -g -static +INSTALLTOP= /usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +RM= /bin/rm -f + +PEX_LIBS= +EX_LIBS= + +CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG) + +GENERAL=Makefile + +DLIBCRYPTO=../libcrypto.a +DLIBSSL=../libssl.a +LIBCRYPTO=-L.. -lcrypto +LIBSSL=-L.. -lssl + +SSLEAY= ssleay + +SCRIPTS=CA.sh der_chop + +EXE= $(SSLEAY) + +E_EXE= verify asn1pars req dgst dh enc gendh gendsa errstr ca crl \ + rsa dsa dsaparam \ + x509 genrsa s_server s_client speed \ + s_time version pkcs7 crl2pkcs7 sess_id ciphers + +PROGS= $(SSLEAY).c + +A_OBJ=apps.o +A_SRC=apps.c +S_OBJ= s_cb.o s_socket.o +S_SRC= s_cb.c s_socket.c + +E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \ + gendsa.o pkcs7.o crl2p7.o crl.o \ + rsa.o dsa.o dsaparam.o \ + x509.o genrsa.o s_server.o s_client.o speed.o \ + s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \ + ciphers.o + +# pem_mail.o + +E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \ + gendsa.c pkcs7.c crl2p7.c crl.c \ + rsa.c dsa.c dsaparam.c \ + x509.c genrsa.c s_server.c s_client.c speed.c \ + s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \ + ciphers.c + +# pem_mail.c + +SRC=$(E_SRC) + +EXHEADER= +HEADER= apps.h progs.h s_apps.h \ + testdsa.h testrsa.h \ + $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + @(cd ..; $(MAKE) DIRS=$(DIR) all) + +all: exe + +exe: $(EXE) + +req: sreq.o $(A_OBJ) $(DLIBCRYPTO) + $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +sreq.o: req.c + $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +install: mklinks + @for i in $(EXE) $(SCRIPTS) mklinks; \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALLTOP)/bin/$$i; \ + chmod 755 $(INSTALLTOP)/bin/$$i ); \ + done; \ + cp ssleay.cnf $(INSTALLTOP)/lib + chmod 644 $(INSTALLTOP)/lib/ssleay.cnf + cd $(INSTALLTOP)/bin; \ + /bin/sh ./mklinks; \ + /bin/rm -f ./mklinks + +tags: + ctags $(SRC) + +tests: + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +errors: + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + /bin/rm -f req + +$(DLIBSSL): + (cd ../ssl; $(MAKE)) + +$(DLIBCRYPTO): + (cd ../crypto; $(MAKE)) + +$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL) + $(RM) $(SSLEAY) + $(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + +progs.h: + perl ./g_ssleay.pl $(E_EXE) >progs.h + $(RM) $(SSLEAY).o + +mklinks: + perl ./g_ssleay.pl $(E_EXE) >progs.h + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/apps/apps.c b/apps/apps.c new file mode 100644 index 0000000000000000000000000000000000000000..7c9510e3b54f03a99e707a830a5929dab2ac1703 --- /dev/null +++ b/apps/apps.c @@ -0,0 +1,325 @@ +/* apps/apps.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN + +#ifdef WIN16 +#define APPS_WIN16 +#ifdef FLAT_BUILD +#include "bss_file.c" +#else +#include "../crypto/bio/bss_file.c" +#endif +#endif + +#ifndef NOPROTO +int app_init(long mesgwin); +#else +int app_init(); +#endif + +#ifdef undef /* never finished - probably never will be :-) */ +int args_from_file(file,argc,argv) +char *file; +int *argc; +char **argv[]; + { + FILE *fp; + int num,i; + unsigned int len; + static char *buf=NULL; + static char **arg=NULL; + char *p; + struct stat stbuf; + + if (stat(file,&stbuf) < 0) return(0); + + fp=fopen(file,"r"); + if (fp == NULL) + return(0); + + *argc=0; + *argv=NULL; + + len=(unsigned int)stbuf.st_size; + if (buf != NULL) Free(buf); + buf=(char *)Malloc(len+1); + if (buf == NULL) return(0); + + len=fread(buf,1,len,fp); + if (len <= 1) return(0); + buf[len]='\0'; + + i=0; + for (p=buf; *p; p++) + if (*p == '\n') i++; + if (arg != NULL) Free(arg); + arg=(char **)Malloc(sizeof(char *)*(i*2)); + + *argv=arg; + num=0; + p=buf; + for (;;) + { + if (!*p) break; + if (*p == '#') /* comment line */ + { + while (*p && (*p != '\n')) p++; + continue; + } + /* else we have a line */ + *(arg++)=p; + num++; + while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n'))) + p++; + if (!*p) break; + if (*p == '\n') + { + *(p++)='\0'; + continue; + } + /* else it is a tab or space */ + p++; + while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) + p++; + if (!*p) break; + if (*p == '\n') + { + p++; + continue; + } + *(arg++)=p++; + num++; + while (*p && (*p != '\n')) p++; + if (!*p) break; + /* else *p == '\n' */ + *(p++)='\0'; + } + *argc=num; + return(1); + } +#endif + +int str2fmt(s) +char *s; + { + if ((*s == 'D') || (*s == 'd')) + return(FORMAT_ASN1); + else if ((*s == 'T') || (*s == 't')) + return(FORMAT_TEXT); + else if ((*s == 'P') || (*s == 'p')) + return(FORMAT_PEM); + else if ((*s == 'N') || (*s == 'n')) + return(FORMAT_NETSCAPE); + else + return(FORMAT_UNDEF); + } + +#if defined(MSDOS) || defined(WIN32) || defined(WIN16) +void program_name(in,out,size) +char *in; +char *out; +int size; + { + int i,n; + char *p=NULL; + + n=strlen(in); + /* find the last '/', '\' or ':' */ + for (i=n-1; i>0; i--) + { + if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) + { + p= &(in[i+1]); + break; + } + } + if (p == NULL) + p=in; + n=strlen(p); + /* strip off trailing .exe if present. */ + if ((n > 4) && (p[n-4] == '.') && + ((p[n-3] == 'e') || (p[n-3] == 'E')) && + ((p[n-2] == 'x') || (p[n-2] == 'X')) && + ((p[n-1] == 'e') || (p[n-1] == 'E'))) + n-=4; + if (n > size-1) + n=size-1; + + for (i=0; i= 'A') && (p[i] <= 'Z')) + out[i]=p[i]-'A'+'a'; + else + out[i]=p[i]; + } + out[n]='\0'; + } +#else +void program_name(in,out,size) +char *in; +char *out; +int size; + { + char *p; + + p=strrchr(in,'/'); + if (p != NULL) + p++; + else + p=in; + strncpy(out,p,size-1); + out[size-1]='\0'; + } +#endif + +#ifdef WIN32 +int WIN32_rename(from,to) +char *from; +char *to; + { + int ret; + + ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED); + return(ret?0:-1); + } +#endif + +int chopup_args(arg,buf,argc,argv) +ARGS *arg; +char *buf; +int *argc; +char **argv[]; + { + int num,len,i; + char *p; + + *argc=0; + *argv=NULL; + + len=strlen(buf); + i=0; + if (arg->count == 0) + { + arg->count=20; + arg->data=(char **)Malloc(sizeof(char *)*arg->count); + } + for (i=0; icount; i++) + arg->data[i]=NULL; + + num=0; + p=buf; + for (;;) + { + /* first scan over white space */ + if (!*p) break; + while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) + p++; + if (!*p) break; + + /* The start of something good :-) */ + if (num >= arg->count) + { + arg->count+=20; + arg->data=(char **)Realloc(arg->data, + sizeof(char *)*arg->count); + if (argc == 0) return(0); + } + arg->data[num++]=p; + + /* now look for the end of this */ + if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */ + { + i= *(p++); + arg->data[num-1]++; /* jump over quote */ + while (*p && (*p != i)) + p++; + *p='\0'; + } + else + { + while (*p && ((*p != ' ') && + (*p != '\t') && (*p != '\n'))) + p++; + + if (*p == '\0') + p--; + else + *p='\0'; + } + p++; + } + *argc=num; + *argv=arg->data; + return(1); + } + +#ifndef APP_INIT +int app_init(mesgwin) +long mesgwin; + { + return(1); + } +#endif diff --git a/apps/apps.h b/apps/apps.h new file mode 100644 index 0000000000000000000000000000000000000000..528828cf63f4fd24e57fbd4e7344f7ff530f259f --- /dev/null +++ b/apps/apps.h @@ -0,0 +1,154 @@ +/* apps/apps.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_APPS_H +#define HEADER_APPS_H + +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif + +#include "buffer.h" +#include "bio.h" +#include "crypto.h" +#include "progs.h" + +#ifdef WIN16 +BIO_METHOD *BIO_s_file(); +#endif + +#ifdef WIN32 +#define rename(from,to) WIN32_rename((from),(to)) +int WIN32_rename(char *oldname,char *newname); +#endif + +#ifndef MONOLITH + +#define MAIN(a,v) main(a,v) + +#ifndef NON_MAIN +BIO *bio_err=NULL; +#else +extern BIO *bio_err; +#endif + +#else + +#define MAIN(a,v) PROG(a,v) +#include "conf.h" +extern LHASH *config; +extern char *default_config_file; +extern BIO *bio_err; + +#endif + +#include + +#ifdef SIGPIPE +#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) +#else +#define do_pipe_sig() +#endif + +#if defined(MONOLITH) && !defined(SSLEAY) +# define apps_startup() do_pipe_sig() +#else +# if defined(MSDOS) || defined(WIN16) || defined(WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + SSLeay_add_all_algorithms() +# else +# define apps_startup() \ + _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + SSLeay_add_all_algorithms() +# endif +# else +# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms(); +# endif +#endif + +typedef struct args_st + { + char **data; + int count; + } ARGS; + +#ifndef NOPROTO +int should_retry(int i); +int args_from_file(char *file, int *argc, char **argv[]); +int str2fmt(char *s); +void program_name(char *in,char *out,int size); +int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); +#else +int should_retry(); +int args_from_file(); +int str2fmt(); +void program_name(); +int chopup_args(); +#endif + +#define FORMAT_UNDEF 0 +#define FORMAT_ASN1 1 +#define FORMAT_TEXT 2 +#define FORMAT_PEM 3 +#define FORMAT_NETSCAPE 4 + +#endif diff --git a/apps/asn1pars.c b/apps/asn1pars.c new file mode 100644 index 0000000000000000000000000000000000000000..111e28270932004e32ece8a5dffa42076f8ff5eb --- /dev/null +++ b/apps/asn1pars.c @@ -0,0 +1,219 @@ +/* apps/asn1pars.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include "err.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +#define FORMAT_UNDEF 0 +#define FORMAT_ASN1 1 +#define FORMAT_TEXT 2 +#define FORMAT_PEM 3 + +/* -inform arg - input format - default PEM (DER or PEM) + * -in arg - input file - default stdin + * -i - indent the details by depth + * -offset - where in the file to start + * -length - how many bytes to use + */ + +#undef PROG +#define PROG asn1parse_main + +int MAIN(argc, argv) +int argc; +char **argv; + { + int i,badops=0,offset=0,ret=1; + unsigned int length=0; + long num; + BIO *in=NULL,*out=NULL,*b64=NULL; + int informat,indent=0; + char *infile,*str=NULL,*prog; + BUF_MEM *buf=NULL; + + infile=NULL; + informat=FORMAT_PEM; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-i") == 0) + { + indent=1; + } + else if (strcmp(*argv,"-offset") == 0) + { + if (--argc < 1) goto bad; + offset= atoi(*(++argv)); + } + else if (strcmp(*argv,"-length") == 0) + { + if (--argc < 1) goto bad; + length= atoi(*(++argv)); + if (length == 0) goto bad; + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] data[num]),BUFSIZ); + if (i <= 0) break; + num+=i; + } + str=buf->data; + + if (length == 0) length=(unsigned int)num; + if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent)) + { + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (b64 != NULL) BIO_free(b64); + if (ret != 0) + ERR_print_errors(bio_err); + if (buf != NULL) BUF_MEM_free(buf); + EXIT(ret); + } + diff --git a/apps/bss_file.c b/apps/bss_file.c new file mode 100644 index 0000000000000000000000000000000000000000..9aa71f9d0f0ab5e6a4a1150c6cd298605702d10a --- /dev/null +++ b/apps/bss_file.c @@ -0,0 +1,324 @@ +/* crypto/bio/bss_file.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define APPS_WIN16 +#include +#include +#include "cryptlib.h" +#include "bio.h" +#include "err.h" + +#ifndef NOPROTO +static int MS_CALLBACK file_write(BIO *h,char *buf,int num); +static int MS_CALLBACK file_read(BIO *h,char *buf,int size); +static int MS_CALLBACK file_puts(BIO *h,char *str); +static int MS_CALLBACK file_gets(BIO *h,char *str,int size); +static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int MS_CALLBACK file_new(BIO *h); +static int MS_CALLBACK file_free(BIO *data); +#else +static int MS_CALLBACK file_write(); +static int MS_CALLBACK file_read(); +static int MS_CALLBACK file_puts(); +static int MS_CALLBACK file_gets(); +static long MS_CALLBACK file_ctrl(); +static int MS_CALLBACK file_new(); +static int MS_CALLBACK file_free(); +#endif + +static BIO_METHOD methods_filep= + { + BIO_TYPE_FILE,"FILE pointer", + file_write, + file_read, + file_puts, + file_gets, + file_ctrl, + file_new, + file_free, + }; + +BIO *BIO_new_file(filename,mode) +char *filename; +char *mode; + { + BIO *ret; + FILE *file; + + if ((file=fopen(filename,mode)) == NULL) + { + SYSerr(SYS_F_FOPEN,errno); + BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); + return(NULL); + } + if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL) + { + fclose(file); + return(NULL); + } + return(ret); + } + +BIO *BIO_new_fp(stream,close_flag) +FILE *stream; +int close_flag; + { + BIO *ret; + + if ((ret=BIO_new(BIO_s_file())) == NULL) + return(NULL); + BIO_set_fp(ret,stream,close_flag); + return(ret); + } + +#if !defined(WIN16) || defined(APPS_WIN16) + +BIO_METHOD *BIO_s_file() + { + return(&methods_filep); + } + +#else + +BIO_METHOD *BIO_s_file_internal_w16() + { + return(&methods_filep); + } + +#endif + +static int MS_CALLBACK file_new(bi) +BIO *bi; + { + bi->init=0; + bi->num=0; + bi->ptr=NULL; + return(1); + } + +static int MS_CALLBACK file_free(a) +BIO *a; + { + if (a == NULL) return(0); + if (a->shutdown) + { + if ((a->init) && (a->ptr != NULL)) + { + fclose((FILE *)a->ptr); + a->ptr=NULL; + } + a->init=0; + } + return(1); + } + +static int MS_CALLBACK file_read(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret=0; + + if (b->init && (out != NULL)) + { + ret=fread(out,1,(int)outl,(FILE *)b->ptr); + } + return(ret); + } + +static int MS_CALLBACK file_write(b,in,inl) +BIO *b; +char *in; +int inl; + { + int ret=0; + + if (b->init && (in != NULL)) + { + if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) + ret=inl; + /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ + /* acording to Tim Hudson , the commented + * out version above can cause 'inl' write calls under + * some stupid stdio implementations (VMS) */ + } + return(ret); + } + +static long MS_CALLBACK file_ctrl(b,cmd,num,ptr) +BIO *b; +int cmd; +long num; +char *ptr; + { + long ret=1; + FILE *fp=(FILE *)b->ptr; + FILE **fpp; + char p[4]; + + switch (cmd) + { + case BIO_CTRL_RESET: + ret=(long)fseek(fp,num,0); + break; + case BIO_CTRL_EOF: + ret=(long)feof(fp); + break; + case BIO_CTRL_INFO: + ret=ftell(fp); + break; + case BIO_C_SET_FILE_PTR: + file_free(b); + b->shutdown=(int)num; + b->ptr=(char *)ptr; + b->init=1; + break; + case BIO_C_SET_FILENAME: + file_free(b); + b->shutdown=(int)num&BIO_CLOSE; + if (num & BIO_FP_APPEND) + { + if (num & BIO_FP_READ) + strcpy(p,"a+"); + else strcpy(p,"a"); + } + else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) + strcpy(p,"r+"); + else if (num & BIO_FP_WRITE) + strcpy(p,"w"); + else if (num & BIO_FP_READ) + strcpy(p,"r"); + else + { + BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); + ret=0; + break; + } +#if defined(MSDOS) || defined(WINDOWS) + if (!(num & BIO_FP_TEXT)) + strcat(p,"b"); + else + strcat(p,"t"); +#endif + fp=fopen(ptr,p); + if (fp == NULL) + { + SYSerr(SYS_F_FOPEN,errno); + BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB); + ret=0; + break; + } + b->ptr=(char *)fp; + b->init=1; + break; + case BIO_C_GET_FILE_PTR: + /* the ptr parameter is actually a FILE ** in this case. */ + if (ptr != NULL) + { + fpp=(FILE **)ptr; + *fpp=(FILE *)b->ptr; + } + break; + case BIO_CTRL_GET_CLOSE: + ret=(long)b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown=(int)num; + break; + case BIO_CTRL_FLUSH: + fflush((FILE *)b->ptr); + break; + case BIO_CTRL_DUP: + ret=1; + break; + + case BIO_CTRL_PENDING: + case BIO_CTRL_PUSH: + case BIO_CTRL_POP: + default: + ret=0; + break; + } + return(ret); + } + +static int MS_CALLBACK file_gets(bp,buf,size) +BIO *bp; +char *buf; +int size; + { + int ret=0; + + buf[0]='\0'; + fgets(buf,size,(FILE *)bp->ptr); + if (buf[0] != '\0') + ret=strlen(buf); + return(ret); + } + +static int MS_CALLBACK file_puts(bp,str) +BIO *bp; +char *str; + { + int n,ret; + + n=strlen(str); + ret=file_write(bp,str,n); + return(ret); + } + diff --git a/apps/c512-key.pem b/apps/c512-key.pem new file mode 100644 index 0000000000000000000000000000000000000000..a1ea82e644345714b34b0f537268835ddd9441ea --- /dev/null +++ b/apps/c512-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm +q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko +/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1 +HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0 +ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/ +nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw +ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg== +-----END RSA PRIVATE KEY----- diff --git a/apps/c512-req.pem b/apps/c512-req.pem new file mode 100644 index 0000000000000000000000000000000000000000..e8d0fea538aaa75836be47ac80486d3fdb2f9c0a --- /dev/null +++ b/apps/c512-req.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa +MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0 +IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i +2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6 +2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13 +oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E= +-----END CERTIFICATE REQUEST----- diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl new file mode 100644 index 0000000000000000000000000000000000000000..75016ea3625245b1aac79cc5586c3f33ce8b7c78 --- /dev/null +++ b/apps/ca-cert.srl @@ -0,0 +1 @@ +03 diff --git a/apps/ca-key.pem b/apps/ca-key.pem new file mode 100644 index 0000000000000000000000000000000000000000..3a520b238f5b11021591a0dcd1f01eaccb0efb47 --- /dev/null +++ b/apps/ca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- diff --git a/apps/ca-req.pem b/apps/ca-req.pem new file mode 100644 index 0000000000000000000000000000000000000000..77bf7ec308b52dd5c5a24127a8d129aef0925372 --- /dev/null +++ b/apps/ca-req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx +MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy +bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d +FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe +cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7 +cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR +5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW +kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA= +-----END CERTIFICATE REQUEST----- diff --git a/apps/ca.c b/apps/ca.c new file mode 100644 index 0000000000000000000000000000000000000000..3e10d6c275d6d6de23efd50dc730fca4fb84e575 --- /dev/null +++ b/apps/ca.c @@ -0,0 +1,1916 @@ +/* apps/ca.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* The PPKI stuff has been donated by Jeff Barber */ + +#include +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "bn.h" +#include "txt_db.h" +#include "evp.h" +#include "x509.h" +#include "objects.h" +#include "pem.h" +#include "conf.h" + +#ifndef W_OK +#include +#endif + +#undef PROG +#define PROG ca_main + +#define BASE_SECTION "ca" +#define CONFIG_FILE "lib/ssleay.cnf" + +#define ENV_DEFAULT_CA "default_ca" + +#define ENV_DIR "dir" +#define ENV_CERTS "certs" +#define ENV_CRL_DIR "crl_dir" +#define ENV_CA_DB "CA_DB" +#define ENV_NEW_CERTS_DIR "new_certs_dir" +#define ENV_CERTIFICATE "certificate" +#define ENV_SERIAL "serial" +#define ENV_CRL "crl" +#define ENV_PRIVATE_KEY "private_key" +#define ENV_RANDFILE "RANDFILE" +#define ENV_DEFAULT_DAYS "default_days" +#define ENV_DEFAULT_CRL_DAYS "default_crl_days" +#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" +#define ENV_DEFAULT_MD "default_md" +#define ENV_PRESERVE "preserve" +#define ENV_POLICY "policy" +#define ENV_EXTENSIONS "x509_extensions" +#define ENV_MSIE_HACK "msie_hack" + +#define ENV_DATABASE "database" + +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique for active */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' +#define DB_TYPE_EXP 'E' +#define DB_TYPE_VAL 'V' + +static char *ca_usage[]={ +"usage: ca args\n", +"\n", +" -verbose - Talk alot while doing things\n", +" -config file - A config file\n", +" -name arg - The particular CA definition to use\n", +" -gencrl - Generate a new CRL\n", +" -crldays days - Days is when the next CRL is due\n", +" -crlhours hours - Hours is when the next CRL is due\n", +" -days arg - number of days to certify the certificate for\n", +" -md arg - md to use, one of md2, md5, sha or sha1\n", +" -policy arg - The CA 'policy' to support\n", +" -keyfile arg - PEM private key file\n", +" -key arg - key to decode the private key if it is encrypted\n", +" -cert - The CA certificate\n", +" -in file - The input PEM encoded certificate request(s)\n", +" -out file - Where to put the output file(s)\n", +" -outdir dir - Where to put output certificates\n", +" -infiles .... - The last argument, requests to process\n", +" -spkac file - File contains DN and signed public key and challenge\n", +" -preserveDN - Don't re-order the DN\n", +" -batch - Don't ask questions\n", +" -msie_hack - msie modifications to handle all thos universal strings\n", +NULL +}; + +#ifdef EFENCE +extern int EF_PROTECT_FREE; +extern int EF_PROTECT_BELOW; +extern int EF_ALIGNMENT; +#endif + +#ifndef NOPROTO +static STACK *load_extensions(char *section); +static void lookup_fail(char *name,char *tag); +static int MS_CALLBACK key_callback(char *buf,int len,int verify); +static unsigned long index_serial_hash(char **a); +static int index_serial_cmp(char **a, char **b); +static unsigned long index_name_hash(char **a); +static int index_name_qual(char **a); +static int index_name_cmp(char **a,char **b); +static BIGNUM *load_serial(char *serialfile); +static int save_serial(char *serialfile, BIGNUM *serial); +static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days, + int batch, STACK *extensions,int verbose); +static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days, + STACK *extensions,int verbose); +static int fix_data(int nid, int *type); +static void write_new_certificate(BIO *bp, X509 *x, int output_der); +static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst, + STACK *policy, TXT_DB *db, BIGNUM *serial, int days, int batch, + int verbose, X509_REQ *req, STACK *extensions); +static int check_time_format(char *str); +#else +static STACK *load_extensions(); +static void lookup_fail(); +static int MS_CALLBACK key_callback(); +static unsigned long index_serial_hash(); +static int index_serial_cmp(); +static unsigned long index_name_hash(); +static int index_name_qual(); +static int index_name_cmp(); +static int fix_data(); +static BIGNUM *load_serial(); +static int save_serial(); +static int certify(); +static int certify_spkac(); +static void write_new_certificate(); +static int do_body(); +static int check_time_format(); +#endif + +static LHASH *conf; +static char *key=NULL; +static char *section=NULL; + +static int preserve=0; +static int msie_hack=0; + +int MAIN(argc, argv) +int argc; +char **argv; + { + int total=0; + int total_done=0; + int badops=0; + int ret=1; + int req=0; + int verbose=0; + int gencrl=0; + long crldays=0; + long crlhours=0; + long errorline= -1; + char *configfile=NULL; + char *md=NULL; + char *policy=NULL; + char *keyfile=NULL; + char *certfile=NULL; + char *infile=NULL; + char *spkac_file=NULL; + EVP_PKEY *pkey=NULL; + int output_der = 0; + char *outfile=NULL; + char *outdir=NULL; + char *serialfile=NULL; + char *extensions=NULL; + BIGNUM *serial=NULL; + int days=0; + int batch=0; + X509 *x509=NULL; + X509 *x=NULL; + BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; + char *dbfile=NULL; + TXT_DB *db=NULL; + X509_CRL *crl=NULL; + X509_CRL_INFO *ci=NULL; + X509_REVOKED *r=NULL; + char **pp,*p,*f; + int i,j; + long l; + EVP_MD *dgst=NULL; + STACK *attribs=NULL; + STACK *extensions_sk=NULL; + STACK *cert_sk=NULL; + BIO *hex=NULL; +#undef BSIZE +#define BSIZE 256 + MS_STATIC char buf[3][BSIZE]; + +#ifdef EFENCE +EF_PROTECT_FREE=1; +EF_PROTECT_BELOW=1; +EF_ALIGNMENT=0; +#endif + + apps_startup(); + + X509v3_add_netscape_extensions(); + + preserve=0; + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-verbose") == 0) + verbose=1; + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + configfile= *(++argv); + } + else if (strcmp(*argv,"-name") == 0) + { + if (--argc < 1) goto bad; + section= *(++argv); + } + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days=atoi(*(++argv)); + } + else if (strcmp(*argv,"-md") == 0) + { + if (--argc < 1) goto bad; + md= *(++argv); + } + else if (strcmp(*argv,"-policy") == 0) + { + if (--argc < 1) goto bad; + policy= *(++argv); + } + else if (strcmp(*argv,"-keyfile") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key= *(++argv); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + certfile= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + req=1; + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-outdir") == 0) + { + if (--argc < 1) goto bad; + outdir= *(++argv); + } + else if (strcmp(*argv,"-batch") == 0) + batch=1; + else if (strcmp(*argv,"-preserveDN") == 0) + preserve=1; + else if (strcmp(*argv,"-gencrl") == 0) + gencrl=1; + else if (strcmp(*argv,"-msie_hack") == 0) + msie_hack=1; + else if (strcmp(*argv,"-crldays") == 0) + { + if (--argc < 1) goto bad; + crldays= atol(*(++argv)); + } + else if (strcmp(*argv,"-crlhours") == 0) + { + if (--argc < 1) goto bad; + crlhours= atol(*(++argv)); + } + else if (strcmp(*argv,"-infiles") == 0) + { + argc--; + argv++; + req=1; + break; + } + else if (strcmp(*argv, "-spkac") == 0) + { + if (--argc < 1) goto bad; + spkac_file = *(++argv); + req=1; + } + else + { +bad: + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { + for (pp=ca_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto err; + } + + ERR_load_crypto_strings(); + + /*****************************************************************/ + if (configfile == NULL) + { + /* We will just use 'buf[0]' as a temporary buffer. */ + strncpy(buf[0],X509_get_default_cert_area(), + sizeof(buf[0])-2-sizeof(CONFIG_FILE)); + strcat(buf[0],"/"); + strcat(buf[0],CONFIG_FILE); + configfile=buf[0]; + } + + BIO_printf(bio_err,"Using configuration from %s\n",configfile); + if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL) + { + if (errorline <= 0) + BIO_printf(bio_err,"error loading the config file '%s'\n", + configfile); + else + BIO_printf(bio_err,"error on line %ld of config file '%s'\n" + ,errorline,configfile); + goto err; + } + + /* Lets get the config section we are using */ + if (section == NULL) + { + section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); + if (section == NULL) + { + lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); + goto err; + } + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + Sout=BIO_new(BIO_s_file()); + Cout=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + + /*****************************************************************/ + /* we definitly need an public key, so lets get it */ + + if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, + section,ENV_PRIVATE_KEY)) == NULL)) + { + lookup_fail(section,ENV_PRIVATE_KEY); + goto err; + } + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + BIO_printf(bio_err,"trying to load CA private key\n"); + goto err; + } + if (key == NULL) + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL); + else + { + pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback); + memset(key,0,strlen(key)); + } + if (pkey == NULL) + { + BIO_printf(bio_err,"unable to load CA private key\n"); + goto err; + } + + /*****************************************************************/ + /* we need a certificate */ + if ((certfile == NULL) && ((certfile=CONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + if (BIO_read_filename(in,certfile) <= 0) + { + perror(certfile); + BIO_printf(bio_err,"trying to load CA certificate\n"); + goto err; + } + x509=PEM_read_bio_X509(in,NULL,NULL); + if (x509 == NULL) + { + BIO_printf(bio_err,"unable to load CA certificate\n"); + goto err; + } + + f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) + preserve=1; + f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) + msie_hack=1; + + /*****************************************************************/ + /* lookup where to write new certificates */ + if ((outdir == NULL) && (req)) + { + struct stat sb; + + if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) + == NULL) + { + BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); + goto err; + } + if (access(outdir,R_OK|W_OK|X_OK) != 0) + { + BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir); + perror(outdir); + goto err; + } + + if (stat(outdir,&sb) != 0) + { + BIO_printf(bio_err,"unable to stat(%s)\n",outdir); + perror(outdir); + goto err; + } + if (!(sb.st_mode & S_IFDIR)) + { + BIO_printf(bio_err,"%s need to be a directory\n",outdir); + perror(outdir); + goto err; + } + } + + /*****************************************************************/ + /* we need to load the database file */ + if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + { + lookup_fail(section,ENV_DATABASE); + goto err; + } + if (BIO_read_filename(in,dbfile) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + db=TXT_DB_read(in,DB_NUMBER); + if (db == NULL) goto err; + + /* Lets check some fields */ + for (i=0; idata); i++) + { + pp=(char **)sk_value(db->data,i); + if ((pp[DB_type][0] != DB_TYPE_REV) && + (pp[DB_rev_date][0] != '\0')) + { + BIO_printf(bio_err,"entry %d: not, revoked yet has a revokation date\n",i+1); + goto err; + } + if ((pp[DB_type][0] == DB_TYPE_REV) && + !check_time_format(pp[DB_rev_date])) + { + BIO_printf(bio_err,"entry %d: invalid revokation date\n", + i+1); + goto err; + } + if (!check_time_format(pp[DB_exp_date])) + { + BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); + goto err; + } + p=pp[DB_serial]; + j=strlen(p); + if ((j&1) || (j < 2)) + { + BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j); + goto err; + } + while (*p) + { + if (!( ((*p >= '0') && (*p <= '9')) || + ((*p >= 'A') && (*p <= 'F')) || + ((*p >= 'a') && (*p <= 'f'))) ) + { + BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p); + goto err; + } + p++; + } + } + if (verbose) + { + BIO_set_fp(out,stdout,BIO_NOCLOSE); /* cannot fail */ + TXT_DB_write(out,db); + BIO_printf(bio_err,"%d entries loaded from the database\n", + db->data->num); + BIO_printf(bio_err,"generating indexs\n"); + } + + if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, + index_serial_cmp)) + { + BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); + goto err; + } + + if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, + index_name_cmp)) + { + BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", + db->error,db->arg1,db->arg2); + goto err; + } + + /*****************************************************************/ + if (req || gencrl) + { + if (outfile != NULL) + { + + if (BIO_write_filename(Sout,outfile) <= 0) + { + perror(outfile); + goto err; + } + } + else + BIO_set_fp(Sout,stdout,BIO_NOCLOSE); + } + + if (req) + { + if ((md == NULL) && ((md=CONF_get_string(conf, + section,ENV_DEFAULT_MD)) == NULL)) + { + lookup_fail(section,ENV_DEFAULT_MD); + goto err; + } + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + if (verbose) + BIO_printf(bio_err,"message digest is %s\n", + OBJ_nid2ln(dgst->type)); + if ((policy == NULL) && ((policy=CONF_get_string(conf, + section,ENV_POLICY)) == NULL)) + { + lookup_fail(section,ENV_POLICY); + goto err; + } + if (verbose) + BIO_printf(bio_err,"policy is %s\n",policy); + + if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) + == NULL) + { + lookup_fail(section,ENV_SERIAL); + goto err; + } + + if ((extensions=CONF_get_string(conf,section,ENV_EXTENSIONS)) + != NULL) + { + if ((extensions_sk=load_extensions(extensions)) == NULL) + goto err; + } + + if (days == 0) + { + days=(int)CONF_get_number(conf,section, + ENV_DEFAULT_DAYS); + } + if (days == 0) + { + BIO_printf(bio_err,"cannot lookup how many days to certify for\n"); + goto err; + } + + if ((serial=load_serial(serialfile)) == NULL) + { + BIO_printf(bio_err,"error while loading serial number\n"); + goto err; + } + if (verbose) + { + if ((f=BN_bn2ascii(serial)) == NULL) goto err; + BIO_printf(bio_err,"next serial number is %s\n",f); + Free(f); + } + + if ((attribs=CONF_get_section(conf,policy)) == NULL) + { + BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); + goto err; + } + + if ((cert_sk=sk_new_null()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + if (spkac_file != NULL) + { + total++; + j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, + serial,days,extensions_sk,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + if (outfile) + { + output_der = 1; + batch = 1; + } + } + } + if (infile != NULL) + { + total++; + j=certify(&x,infile,pkey,x509,dgst,attribs,db, + serial,days,batch,extensions_sk,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + for (i=0; i 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + /* we have a stack of newly certified certificates + * and a data base and serial number that need + * updating */ + + if (sk_num(cert_sk) > 0) + { + if (!batch) + { + BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); + BIO_flush(bio_err); + buf[0][0]='\0'; + fgets(buf[0],10,stdin); + if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) + { + BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); + ret=0; + goto err; + } + } + + BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk)); + + strncpy(buf[0],serialfile,BSIZE-4); + strcat(buf[0],".new"); + + if (!save_serial(buf[0],serial)) goto err; + + strncpy(buf[1],dbfile,BSIZE-4); + strcat(buf[1],".new"); + if (BIO_write_filename(out,buf[1]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + l=TXT_DB_write(out,db); + if (l <= 0) goto err; + } + + if (verbose) + BIO_printf(bio_err,"writing new certificates\n"); + for (i=0; icert_info->serialNumber->length; + p=(char *)x->cert_info->serialNumber->data; + + strncpy(buf[2],outdir,BSIZE-(j*2)-6); + strcat(buf[2],"/"); + n=(unsigned char *)&(buf[2][strlen(buf[2])]); + if (j > 0) + { + for (k=0; kcrl; + X509_NAME_free(ci->issuer); + ci->issuer=X509_NAME_dup(x509->cert_info->subject); + if (ci->issuer == NULL) goto err; + + X509_gmtime_adj(ci->lastUpdate,0); + X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); + + for (i=0; idata); i++) + { + pp=(char **)sk_value(db->data,i); + if (pp[DB_type][0] == DB_TYPE_REV) + { + if ((r=X509_REVOKED_new()) == NULL) goto err; + ASN1_STRING_set((ASN1_STRING *) + r->revocationDate, + (unsigned char *)pp[DB_rev_date], + strlen(pp[DB_rev_date])); + /* strcpy(r->revocationDate,pp[DB_rev_date]);*/ + + BIO_reset(hex); + if (!BIO_puts(hex,pp[DB_serial])) + goto err; + if (!a2i_ASN1_INTEGER(hex,r->serialNumber, + buf[0],BSIZE)) goto err; + + sk_push(ci->revoked,(char *)r); + } + } + /* sort the data so it will be written in serial + * number order */ + sk_find(ci->revoked,NULL); + for (i=0; irevoked); i++) + { + r=(X509_REVOKED *)sk_value(ci->revoked,i); + r->sequence=i; + } + + /* we how have a CRL */ + if (verbose) BIO_printf(bio_err,"signing CRL\n"); + if (md != NULL) + { + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + } + else + dgst=EVP_md5(); + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; + + PEM_write_bio_X509_CRL(Sout,crl); + } + /*****************************************************************/ + ret=0; +err: + if (hex != NULL) BIO_free(hex); + if (Cout != NULL) BIO_free(Cout); + if (Sout != NULL) BIO_free(Sout); + if (out != NULL) BIO_free(out); + if (in != NULL) BIO_free(in); + + if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free); + if (extensions_sk != NULL) + sk_pop_free(extensions_sk,X509_EXTENSION_free); + + if (ret) ERR_print_errors(bio_err); + if (serial != NULL) BN_free(serial); + if (db != NULL) TXT_DB_free(db); + if (pkey != NULL) EVP_PKEY_free(pkey); + if (x509 != NULL) X509_free(x509); + if (crl != NULL) X509_CRL_free(crl); + if (conf != NULL) CONF_free(conf); + X509v3_cleanup_extensions(); + EXIT(ret); + } + +static void lookup_fail(name,tag) +char *name; +char *tag; + { + BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); + } + +static int MS_CALLBACK key_callback(buf,len,verify) +char *buf; +int len,verify; + { + int i; + + if (key == NULL) return(0); + i=strlen(key); + i=(i > len)?len:i; + memcpy(buf,key,i); + return(i); + } + +static unsigned long index_serial_hash(a) +char **a; + { + char *n; + + n=a[DB_serial]; + while (*n == '0') n++; + return(lh_strhash(n)); + } + +static int index_serial_cmp(a,b) +char **a; +char **b; + { + char *aa,*bb; + + for (aa=a[DB_serial]; *aa == '0'; aa++); + for (bb=b[DB_serial]; *bb == '0'; bb++); + return(strcmp(aa,bb)); + } + +static unsigned long index_name_hash(a) +char **a; + { return(lh_strhash(a[DB_name])); } + +static int index_name_qual(a) +char **a; + { return(a[0][0] == 'V'); } + +static int index_name_cmp(a,b) +char **a; +char **b; + { return(strcmp(a[DB_name],b[DB_name])); } + +static BIGNUM *load_serial(serialfile) +char *serialfile; + { + BIO *in=NULL; + BIGNUM *ret=NULL; + MS_STATIC char buf[1024]; + ASN1_INTEGER *ai=NULL; + + if ((in=BIO_new(BIO_s_file())) == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + if (BIO_read_filename(in,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + ai=ASN1_INTEGER_new(); + if (ai == NULL) goto err; + if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) + { + BIO_printf(bio_err,"unable to load number from %s\n", + serialfile); + goto err; + } + ret=ASN1_INTEGER_to_BN(ai,NULL); + if (ret == NULL) + { + BIO_printf(bio_err,"error converting number from bin to BIGNUM"); + goto err; + } +err: + if (in != NULL) BIO_free(in); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +static int save_serial(serialfile,serial) +char *serialfile; +BIGNUM *serial; + { + BIO *out; + int ret=0; + ASN1_INTEGER *ai=NULL; + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_write_filename(out,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + + if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) + { + BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); + goto err; + } + i2a_ASN1_INTEGER(out,ai); + BIO_puts(out,"\n"); + ret=1; +err: + if (out != NULL) BIO_free(out); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,days, + batch,extensions,verbose) +X509 **xret; +char *infile; +EVP_PKEY *pkey; +X509 *x509; +EVP_MD *dgst; +STACK *policy; +TXT_DB *db; +BIGNUM *serial; +int days; +int batch; +STACK *extensions; +int verbose; + { + X509_REQ *req=NULL; + BIO *in=NULL; + EVP_PKEY *pktmp=NULL; + int ok= -1,i; + + in=BIO_new(BIO_s_file()); + + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto err; + } + if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"Error reading certificate request in %s\n", + infile); + goto err; + } + if (verbose) + X509_REQ_print(bio_err,req); + + BIO_printf(bio_err,"Check that the request matches the signature\n"); + + if ( (req->req_info == NULL) || + (req->req_info->pubkey == NULL) || + (req->req_info->pubkey->public_key == NULL) || + (req->req_info->pubkey->public_key->data == NULL)) + { + BIO_printf(bio_err,"The certificate request appears to corrupted\n"); + BIO_printf(bio_err,"It does not contain a public key\n"); + goto err; + } + if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) + { + BIO_printf(bio_err,"error unpacking public key\n"); + goto err; + } + i=X509_REQ_verify(req,pktmp); + if (i < 0) + { + ok=0; + BIO_printf(bio_err,"Signature verification problems....\n"); + goto err; + } + if (i == 0) + { + ok=0; + BIO_printf(bio_err,"Signature did not match the certificate request\n"); + goto err; + } + else + BIO_printf(bio_err,"Signature ok\n"); + + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req, + extensions); + +err: + if (req != NULL) X509_REQ_free(req); + if (in != NULL) BIO_free(in); + return(ok); + } + +static int do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req, + extensions) +X509 **xret; +EVP_PKEY *pkey; +X509 *x509; +EVP_MD *dgst; +STACK *policy; +TXT_DB *db; +BIGNUM *serial; +int days; +int batch; +int verbose; +X509_REQ *req; +STACK *extensions; + { + X509_NAME *name=NULL,*CAname=NULL,*subject=NULL; + ASN1_UTCTIME *tm; + ASN1_STRING *str,*str2; + ASN1_OBJECT *obj; + X509 *ret=NULL; + X509_CINF *ci; + X509_NAME_ENTRY *ne; + X509_NAME_ENTRY *tne,*push; + X509_EXTENSION *ex=NULL; + EVP_PKEY *pktmp; + int ok= -1,i,j,last,nid; + char *p; + CONF_VALUE *cv; + char *row[DB_NUMBER],**rrow,**irow=NULL; + char buf[25],*pbuf; + + for (i=0; i0; j--) + *(pbuf++)=' '; + *(pbuf++)=':'; + *(pbuf++)='\0'; + BIO_puts(bio_err,buf); + + if (msie_hack) + { + /* assume all type should be strings */ + nid=OBJ_obj2nid(ne->object); + + if (str->type == V_ASN1_UNIVERSALSTRING) + ASN1_UNIVERSALSTRING_to_string(str); + + if ((str->type == V_ASN1_IA5STRING) && + (nid != NID_pkcs9_emailAddress)) + str->type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_emailAddress) && + (str->type == V_ASN1_PRINTABLESTRING)) + str->type=V_ASN1_IA5STRING; + } + + if (str->type == V_ASN1_PRINTABLESTRING) + BIO_printf(bio_err,"PRINTABLE:'"); + else if (str->type == V_ASN1_T61STRING) + BIO_printf(bio_err,"T61STRING:'"); + else if (str->type == V_ASN1_IA5STRING) + BIO_printf(bio_err,"IA5STRING:'"); + else if (str->type == V_ASN1_UNIVERSALSTRING) + BIO_printf(bio_err,"UNIVERSALSTRING:'"); + else + BIO_printf(bio_err,"ASN.1 %2d:'",str->type); + + /* check some things */ + if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && + (str->type != V_ASN1_IA5STRING)) + { + BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n"); + goto err; + } + j=ASN1_PRINTABLE_type(str->data,str->length); + if ( ((j == V_ASN1_T61STRING) && + (str->type != V_ASN1_T61STRING)) || + ((j == V_ASN1_IA5STRING) && + (str->type == V_ASN1_PRINTABLESTRING))) + { + BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n"); + goto err; + } + + p=(char *)str->data; + for (j=str->length; j>0; j--) + { + if ((*p >= ' ') && (*p <= '~')) + BIO_printf(bio_err,"%c",*p); + else if (*p & 0x80) + BIO_printf(bio_err,"\\0x%02X",*p); + else if ((unsigned char)*p == 0xf7) + BIO_printf(bio_err,"^?"); + else BIO_printf(bio_err,"^%c",*p+'@'); + p++; + } + BIO_printf(bio_err,"'\n"); + } + + /* Ok, now we check the 'policy' stuff. */ + if ((subject=X509_NAME_new()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + /* take a copy of the issuer name before we mess with it. */ + CAname=X509_NAME_dup(x509->cert_info->subject); + if (CAname == NULL) goto err; + str=str2=NULL; + + for (i=0; iname)) == NID_undef) + { + BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name); + goto err; + } + obj=OBJ_nid2obj(j); + + last= -1; + for (;;) + { + /* lookup the object in the supplied name list */ + j=X509_NAME_get_index_by_OBJ(name,obj,last); + if (j < 0) + { + if (last != -1) break; + tne=NULL; + } + else + { + tne=X509_NAME_get_entry(name,j); + } + last=j; + + /* depending on the 'policy', decide what to do. */ + push=NULL; + if (strcmp(cv->value,"optional") == 0) + { + if (tne != NULL) + push=tne; + } + else if (strcmp(cv->value,"supplied") == 0) + { + if (tne == NULL) + { + BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name); + goto err; + } + else + push=tne; + } + else if (strcmp(cv->value,"match") == 0) + { + int last2; + + if (tne == NULL) + { + BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name); + goto err; + } + + last2= -1; + +again2: + j=X509_NAME_get_index_by_OBJ(CAname,obj,last2); + if ((j < 0) && (last2 == -1)) + { + BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name); + goto err; + } + if (j >= 0) + { + push=X509_NAME_get_entry(CAname,j); + str=X509_NAME_ENTRY_get_data(tne); + str2=X509_NAME_ENTRY_get_data(push); + last2=j; + if (ASN1_STRING_cmp(str,str2) != 0) + goto again2; + } + if (j < 0) + { + BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data)); + goto err; + } + } + else + { + BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value); + goto err; + } + + if (push != NULL) + { + if (!X509_NAME_add_entry(subject,push, + X509_NAME_entry_count(subject),0)) + { + if (push != NULL) + X509_NAME_ENTRY_free(push); + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + if (j < 0) break; + } + } + + if (preserve) + { + X509_NAME_free(subject); + subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); + if (subject == NULL) goto err; + } + + if (verbose) + BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n"); + + row[DB_name]=X509_NAME_oneline(subject,NULL,0); + row[DB_serial]=BN_bn2ascii(serial); + if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + rrow=TXT_DB_get_by_index(db,DB_name,row); + if (rrow != NULL) + { + BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + else + { + rrow=TXT_DB_get_by_index(db,DB_serial,row); + if (rrow != NULL) + { + BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err," check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) + { + BIO_printf(bio_err, + "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p="Expired"; + else if (rrow[DB_type][0] == 'R') + p="Revoked"; + else if (rrow[DB_type][0] == 'V') + p="Valid"; + else + p="\ninvalid type, Data base error\n"; + BIO_printf(bio_err,"Type :%s\n",p);; + if (rrow[DB_type][0] == 'R') + { + p=rrow[DB_exp_date]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Was revoked on:%s\n",p); + } + p=rrow[DB_exp_date]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Expires on :%s\n",p); + p=rrow[DB_serial]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Serial Number :%s\n",p); + p=rrow[DB_file]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"File name :%s\n",p); + p=rrow[DB_name]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Subject Name :%s\n",p); + ok= -1; /* This is now a 'bad' error. */ + goto err; + } + + /* We are now totaly happy, lets make and sign the certificate */ + if (verbose) + BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n"); + + if ((ret=X509_new()) == NULL) goto err; + ci=ret->cert_info; + +#ifdef X509_V3 + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(x509,2)) goto err; +#endif + + if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) + goto err; + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + + BIO_printf(bio_err,"Certificate is to be certified until "); + X509_gmtime_adj(X509_get_notBefore(ret),0); + X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + BIO_printf(bio_err," (%d days)\n",days); + + if (!X509_set_subject_name(ret,subject)) goto err; + + pktmp=X509_REQ_get_pubkey(req); + if (!X509_set_pubkey(ret,pktmp)) goto err; + + /* Lets add the extensions, if there are any */ + if ((extensions != NULL) && (sk_num(extensions) > 0)) + { + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) + goto err; + ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ + + /* Free the current entries if any, there should not + * be any I belive */ + if (ci->extensions != NULL) + sk_pop_free(ci->extensions,X509_EXTENSION_free); + + if ((ci->extensions=sk_new_null()) == NULL) + goto err; + + /* Lets 'copy' in the new ones */ + for (i=0; iextensions,(char *)ex)) goto err; + } + } + + + if (!batch) + { + BIO_printf(bio_err,"Sign the certificate? [y/n]:"); + BIO_flush(bio_err); + buf[0]='\0'; + fgets(buf,sizeof(buf)-1,stdin); + if (!((buf[0] == 'y') || (buf[0] == 'Y'))) + { + BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); + ok=0; + goto err; + } + } + +#ifndef NO_DSA + pktmp=X509_get_pubkey(ret); + if (EVP_PKEY_missing_parameters(pktmp) && + !EVP_PKEY_missing_parameters(pkey)) + EVP_PKEY_copy_parameters(pktmp,pkey); +#endif + + if (!X509_sign(ret,pkey,dgst)) + goto err; + + /* We now just add it to the database */ + row[DB_type]=(char *)Malloc(2); + + tm=X509_get_notAfter(ret); + row[DB_exp_date]=(char *)Malloc(tm->length+1); + memcpy(row[DB_exp_date],tm->data,tm->length); + row[DB_exp_date][tm->length]='\0'; + + row[DB_rev_date]=NULL; + + /* row[DB_serial] done already */ + row[DB_file]=(char *)Malloc(8); + /* row[DB_name] done already */ + + if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || + (row[DB_file] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + strcpy(row[DB_file],"unknown"); + row[DB_type][0]='V'; + row[DB_type][1]='\0'; + + if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + for (i=0; ierror); + goto err; + } + ok=1; +err: + for (i=0; icert_info->serialNumber); + BIO_puts(bp,"\n\n"); + X509_print(bp,x); + BIO_puts(bp,"\n"); + PEM_write_bio_X509(bp,x); + BIO_puts(bp,"\n"); + } + +static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,days, + extensions,verbose) +X509 **xret; +char *infile; +EVP_PKEY *pkey; +X509 *x509; +EVP_MD *dgst; +STACK *policy; +TXT_DB *db; +BIGNUM *serial; +int days; +STACK *extensions; +int verbose; + { + STACK *sk=NULL; + LHASH *parms=NULL; + X509_REQ *req=NULL; + CONF_VALUE *cv=NULL; + NETSCAPE_SPKI *spki = NULL; + unsigned char *spki_der = NULL,*p; + X509_REQ_INFO *ri; + char *type,*buf; + EVP_PKEY *pktmp=NULL; + X509_NAME *n=NULL; + X509_NAME_ENTRY *ne=NULL; + int ok= -1,i,j; + long errline; + int nid; + + /* + * Load input file into a hash table. (This is just an easy + * way to read and parse the file, then put it into a convenient + * STACK format). + */ + parms=CONF_load(NULL,infile,&errline); + if (parms == NULL) + { + BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile); + ERR_print_errors(bio_err); + goto err; + } + + sk=CONF_get_section(parms, "default"); + if (sk_num(sk) == 0) + { + BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); + CONF_free(parms); + goto err; + } + + /* + * Now create a dummy X509 request structure. We don't actually + * have an X509 request, but we have many of the components + * (a public key, various DN components). The idea is that we + * put these components into the right X509 request structure + * and we can use the same code as if you had a real X509 request. + */ + req=X509_REQ_new(); + if (req == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + /* + * Build up the subject name set. + */ + ri=req->req_info; + n = ri->subject; + + for (i = 0; ; i++) + { + if ((int)sk_num(sk) <= i) break; + + cv=(CONF_VALUE *)sk_value(sk,i); + type=cv->name; + buf=cv->value; + + if ((nid=OBJ_txt2nid(type)) == NID_undef) + { + if (strcmp(type, "SPKAC") == 0) + { + spki_der=(unsigned char *)Malloc( + strlen(cv->value)+1); + if (spki_der == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value, + strlen(cv->value)); + if (j <= 0) + { + BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n"); + goto err; + } + + p=spki_der; + spki = d2i_NETSCAPE_SPKI(&spki, &p, j); + Free(spki_der); + spki_der = NULL; + if (spki == NULL) + { + BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n"); + ERR_print_errors(bio_err); + goto err; + } + } + continue; + } + + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + if (fix_data(nid, &j) == 0) + { + BIO_printf(bio_err, + "invalid characters in string %s\n",buf); + goto err; + } + + if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, + (unsigned char *)buf, + strlen(buf))) == NULL) + goto err; + + if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) + goto err; + } + if (spki == NULL) + { + BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n", + infile); + goto err; + } + + /* + * Now extract the key from the SPKI structure. + */ + + BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n"); + + if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL) + { + BIO_printf(bio_err,"error unpacking SPKAC public key\n"); + goto err; + } + + j = NETSCAPE_SPKI_verify(spki, pktmp); + if (j <= 0) + { + BIO_printf(bio_err,"signature verification failed on SPKAC public key\n"); + goto err; + } + BIO_printf(bio_err,"Signature ok\n"); + + X509_REQ_set_pubkey(req,pktmp); + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,1,verbose,req, + extensions); +err: + if (req != NULL) X509_REQ_free(req); + if (parms != NULL) CONF_free(parms); + if (spki_der != NULL) Free(spki_der); + if (spki != NULL) NETSCAPE_SPKI_free(spki); + if (ne != NULL) X509_NAME_ENTRY_free(ne); + + return(ok); + } + +static int fix_data(nid,type) +int nid; +int *type; + { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING)) + return(0); + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + return(1); + } + + +static STACK *load_extensions(sec) +char *sec; + { + STACK *ext; + STACK *ret=NULL; + CONF_VALUE *cv; + ASN1_OCTET_STRING *str=NULL; + ASN1_STRING *tmp=NULL; + X509_EXTENSION *x; + BIO *mem=NULL; + BUF_MEM *buf=NULL; + int i,nid,len; + unsigned char *ptr; + int pack_type; + int data_type; + + if ((ext=CONF_get_section(conf,sec)) == NULL) + { + BIO_printf(bio_err,"unable to find extension section called '%s'\n",sec); + return(NULL); + } + + if ((ret=sk_new_null()) == NULL) return(NULL); + + for (i=0; iname)) == NID_undef) + { + BIO_printf(bio_err,"%s:unknown object type in section, '%s'\n",sec,cv->name); + goto err; + } + + pack_type=X509v3_pack_type_by_NID(nid); + data_type=X509v3_data_type_by_NID(nid); + + /* pack up the input bytes */ + ptr=(unsigned char *)cv->value; + len=strlen((char *)ptr); + if ((len > 2) && (cv->value[0] == '0') && + (cv->value[1] == 'x')) + { + if (data_type == V_ASN1_UNDEF) + { + BIO_printf(bio_err,"data type for extension %s is unknown\n",cv->name); + goto err; + } + if (mem == NULL) + if ((mem=BIO_new(BIO_s_mem())) == NULL) + goto err; + if (((buf=BUF_MEM_new()) == NULL) || + !BUF_MEM_grow(buf,128)) + goto err; + if ((tmp=ASN1_STRING_new()) == NULL) goto err; + + BIO_reset(mem); + BIO_write(mem,(char *)&(ptr[2]),len-2); + if (!a2i_ASN1_STRING(mem,tmp,buf->data,buf->max)) + goto err; + len=tmp->length; + ptr=tmp->data; + } + + switch (pack_type) + { + case X509_EXT_PACK_STRING: + if ((str=X509v3_pack_string(&str, + data_type,ptr,len)) == NULL) + goto err; + break; + case X509_EXT_PACK_UNKNOWN: + default: + BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name); + goto err; + break; + } + + if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL) + goto err; + sk_push(ret,(char *)x); + } + + if (0) + { +err: + if (ret != NULL) sk_pop_free(ret,X509_EXTENSION_free); + ret=NULL; + } + if (str != NULL) ASN1_OCTET_STRING_free(str); + if (tmp != NULL) ASN1_STRING_free(tmp); + if (buf != NULL) BUF_MEM_free(buf); + if (mem != NULL) BIO_free(mem); + return(ret); + } + +static int check_time_format(str) +char *str; + { + ASN1_UTCTIME tm; + + tm.data=(unsigned char *)str; + tm.length=strlen(str); + tm.type=V_ASN1_UTCTIME; + return(ASN1_UTCTIME_check(&tm)); + } + diff --git a/apps/ciphers.c b/apps/ciphers.c new file mode 100644 index 0000000000000000000000000000000000000000..16ff2b49275dbbe25a9139918b5212170d75faf8 --- /dev/null +++ b/apps/ciphers.c @@ -0,0 +1,191 @@ +/* apps/ciphers.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#ifdef WIN16 +#define APPS_WIN16 +#endif +#include "apps.h" +#include "err.h" +#include "ssl.h" + +#undef PROG +#define PROG ciphers_main + +static char *ciphers_usage[]={ +"usage: ciphers args\n", +" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", +" -ssl2 - SSL2 mode\n", +" -ssl3 - SSL3 mode\n", +NULL +}; + +int MAIN(argc, argv) +int argc; +char **argv; + { + int ret=1,i; + int verbose=0; + char **pp,*p; + int badops=0; + SSL_CTX *ctx=NULL; + SSL *ssl=NULL; + char *ciphers=NULL; + SSL_METHOD *meth=NULL; + STACK *sk; + char buf[512]; + BIO *STDout=NULL; + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_server_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_server_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_server_method(); +#endif + + apps_startup(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + STDout=BIO_new_fp(stdout,BIO_NOCLOSE); + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-v") == 0) + verbose=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif + else if ((strncmp(*argv,"-h",2) == 0) || + (strcmp(*argv,"-?") == 0)) + { + badops=1; + break; + } + else + { + ciphers= *argv; + } + argc--; + argv++; + } + + if (badops) + { + for (pp=ciphers_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(meth); + if (ctx == NULL) goto err; + if (ciphers != NULL) + SSL_CTX_set_cipher_list(ctx,ciphers); + ssl=SSL_new(ctx); + if (ssl == NULL) goto err; + + + if (!verbose) + { + for (i=0; ; i++) + { + p=SSL_get_cipher_list(ssl,i); + if (p == NULL) break; + if (i != 0) BIO_printf(STDout,":"); + BIO_printf(STDout,"%s",p); + } + BIO_printf(STDout,"\n"); + } + else + { + sk=SSL_get_ciphers(ssl); + + for (i=0; i +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "x509.h" +#include "pem.h" + +#undef PROG +#define PROG crl_main + +#undef POSTFIX +#define POSTFIX ".rvk" + +#define FORMAT_UNDEF 0 +#define FORMAT_ASN1 1 +#define FORMAT_TEXT 2 +#define FORMAT_PEM 3 + +static char *crl_usage[]={ +"usage: crl args\n", +"\n", +" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", +" -outform arg - output format - default PEM\n", +" -text - print out a text format version\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -hash - print hash value\n", +" -issuer - print issuer DN\n", +" -lastupdate - lastUpdate field\n", +" -nextupdate - nextUpdate field\n", +" -noout - no CRL output\n", +NULL +}; + +#ifndef NOPROTO +static X509_CRL *load_crl(char *file, int format); +#else +static X509_CRL *load_crl(); +#endif + +static BIO *bio_out=NULL; + +int MAIN(argc, argv) +int argc; +char **argv; + { + X509_CRL *x=NULL; + int ret=1,i,num,badops=0; + BIO *out=NULL; + int informat,outformat; + char *infile=NULL,*outfile=NULL; + char *str=NULL; + int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0; + char **pp,buf[256]; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + if (bio_out == NULL) + if ((bio_out=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + argc--; + argv++; + num=0; + while (argc >= 1) + { +#ifdef undef + if (strcmp(*argv,"-p") == 0) + { + if (--argc < 1) goto bad; + if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ + } +#endif + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-text") == 0) + { + outformat=FORMAT_TEXT; + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-hash") == 0) + hash= ++num; + else if (strcmp(*argv,"-issuer") == 0) + issuer= ++num; + else if (strcmp(*argv,"-lastupdate") == 0) + lastupdate= ++num; + else if (strcmp(*argv,"-nextupdate") == 0) + nextupdate= ++num; + else if (strcmp(*argv,"-noout") == 0) + noout= ++num; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (outformat == FORMAT_TEXT) + { + num=0; + issuer= ++num; + lastupdate= ++num; + nextupdate= ++num; + } + + if (badops) + { +bad: + for (pp=crl_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + ERR_load_crypto_strings(); + x=load_crl(infile,informat); + if (x == NULL) { goto end; } + + if (num) + { + for (i=1; i<=num; i++) + { + if (issuer == i) + { + X509_NAME_oneline(x->crl->issuer,buf,256); + fprintf(stdout,"issuer= %s\n",str); + } + + if (hash == i) + { + fprintf(stdout,"%08lx\n", + X509_NAME_hash(x->crl->issuer)); + } + if (lastupdate == i) + { + fprintf(stdout,"lastUpdate="); + ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate); + fprintf(stdout,"\n"); + } + if (nextupdate == i) + { + fprintf(stdout,"nextUpdate="); + ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate); + fprintf(stdout,"\n"); + } + } + } + + if (noout) goto end; + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (outformat == FORMAT_ASN1) + i=(int)i2d_X509_CRL_bio(out,x); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509_CRL(out,x); + else if (outformat == FORMAT_TEXT) + { + X509_REVOKED *r; + + while ((r=(X509_REVOKED *)sk_pop(x->crl->revoked)) != NULL) + { + fprintf(stdout,"revoked: serialNumber="); + i2a_ASN1_INTEGER(out,r->serialNumber); + fprintf(stdout," revocationDate="); + ASN1_UTCTIME_print(bio_out,r->revocationDate); + fprintf(stdout,"\n"); + } + i=1; + } + else + { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } + ret=0; +end: + if (out != NULL) BIO_free(out); + if (bio_out != NULL) BIO_free(bio_out); + if (x != NULL) X509_CRL_free(x); + EXIT(ret); + } + +static X509_CRL *load_crl(infile, format) +char *infile; +int format; + { + X509_CRL *x=NULL; + BIO *in=NULL; + + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (format == FORMAT_ASN1) + x=d2i_X509_CRL_bio(in,NULL); + else if (format == FORMAT_PEM) + x=PEM_read_bio_X509_CRL(in,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (x == NULL) + { + BIO_printf(bio_err,"unable to load CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + +end: + if (in != NULL) BIO_free(in); + return(x); + } + diff --git a/apps/crl.out b/apps/crl.out new file mode 100644 index 0000000000000000000000000000000000000000..85d10e989bf84edfa8ae2c6a15f3d772350c4172 --- /dev/null +++ b/apps/crl.out @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD +UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG +A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw +MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa +MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi +oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ== +-----END X509 CRL----- diff --git a/apps/crl2p7.c b/apps/crl2p7.c new file mode 100644 index 0000000000000000000000000000000000000000..04bb1a1c87df2c5fdfe076cf22cd47062bd2d021 --- /dev/null +++ b/apps/crl2p7.c @@ -0,0 +1,334 @@ +/* apps/crl2p7.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* This was written by Gordon Chaffee + * and donated 'to the cause' along with lots and lots of other fixes to + * the library. */ + +#include +#include +#include +#include +#include "apps.h" +#include "err.h" +#include "evp.h" +#include "x509.h" +#include "pkcs7.h" +#include "pem.h" +#include "objects.h" + +#ifndef NOPROTO +static int add_certs_from_file(STACK *stack, char *certfile); +#else +static int add_certs_from_file(); +#endif + +#undef PROG +#define PROG crl2pkcs7_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + */ + +int MAIN(argc, argv) +int argc; +char **argv; + { + int i,badops=0; + BIO *in=NULL,*out=NULL; + int informat,outformat; + char *infile,*outfile,*prog,*certfile; + PKCS7 *p7 = NULL; + PKCS7_SIGNED *p7s = NULL; + X509_CRL *crl=NULL; + STACK *crl_stack=NULL; + STACK *cert_stack=NULL; + int ret=1,nocrl=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + certfile=NULL; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-nocrl") == 0) + { + nocrl=1; + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-certfile") == 0) + { + if (--argc < 1) goto bad; + certfile= *(++argv); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); + BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); + EXIT(1); + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (!nocrl) + { + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + crl=d2i_X509_CRL_bio(in,NULL); + else if (informat == FORMAT_PEM) + crl=PEM_read_bio_X509_CRL(in,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (crl == NULL) + { + BIO_printf(bio_err,"unable to load CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + if ((p7=PKCS7_new()) == NULL) goto end; + if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; + p7->type=OBJ_nid2obj(NID_pkcs7_signed); + p7->d.sign=p7s; + p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); + + if (!ASN1_INTEGER_set(p7s->version,1)) goto end; + if ((crl_stack=sk_new(NULL)) == NULL) goto end; + p7s->crl=crl_stack; + if (crl != NULL) + { + sk_push(crl_stack,(char *)crl); + crl=NULL; /* now part of p7 for Freeing */ + } + + if ((cert_stack=sk_new(NULL)) == NULL) goto end; + p7s->cert=cert_stack; + + if (certfile != NULL) + { + if (add_certs_from_file(cert_stack,certfile) < 0) + { + BIO_printf(bio_err,"error loading certificates\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (outformat == FORMAT_ASN1) + i=i2d_PKCS7_bio(out,p7); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_PKCS7(out,p7); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write pkcs7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (p7 != NULL) PKCS7_free(p7); + if (crl != NULL) X509_CRL_free(crl); + + EXIT(ret); + } + +/* + *---------------------------------------------------------------------- + * int add_certs_from_file + * + * Read a list of certificates to be checked from a file. + * + * Results: + * number of certs added if successful, -1 if not. + *---------------------------------------------------------------------- + */ +static int add_certs_from_file(stack,certfile) +STACK *stack; +char *certfile; + { + struct stat st; + BIO *in=NULL; + int count=0; + int ret= -1; + STACK *sk=NULL; + X509_INFO *xi; + + if ((stat(certfile,&st) != 0)) + { + BIO_printf(bio_err,"unable to file the file, %s\n",certfile); + goto end; + } + + in=BIO_new(BIO_s_file()); + if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) + { + goto end; + } + + /* This loads from a file, a stack of x509/crl/pkey sets */ + sk=PEM_X509_INFO_read_bio(in,NULL,NULL); + if (sk == NULL) goto end; + + /* scan over it and pull out the CRL's */ + while (sk_num(sk)) + { + xi=(X509_INFO *)sk_shift(sk); + if (xi->x509 != NULL) + { + sk_push(stack,(char *)xi->x509); + xi->x509=NULL; + count++; + } + X509_INFO_free(xi); + } + + ret=count; +end: + /* never need to Free x */ + if (in != NULL) BIO_free(in); + if (sk != NULL) sk_free(sk); + return(ret); + } + diff --git a/apps/demoCA/cacert.pem b/apps/demoCA/cacert.pem new file mode 100644 index 0000000000000000000000000000000000000000..affbce3bc94837333486376b5b79edd3a26981c8 --- /dev/null +++ b/apps/demoCA/cacert.pem @@ -0,0 +1,14 @@ +subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- diff --git a/apps/demoCA/index.txt b/apps/demoCA/index.txt new file mode 100644 index 0000000000000000000000000000000000000000..2cdd252d67ca73185fe331a2e7b153babd459523 --- /dev/null +++ b/apps/demoCA/index.txt @@ -0,0 +1,39 @@ +R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young +E 951009233205Z 02 certs/00000002 /CN=Duncan Young +R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson +V 980705233205Z 04 certs/00000004 /CN=Eric Young4 +V 980705233205Z 05 certs/00000004 /CN=Eric Young5 +V 980705233205Z 06 certs/00000004 /CN=Eric Young6 +V 980705233205Z 07 certs/00000004 /CN=Eric Young7 +V 980705233205Z 08 certs/00000004 /CN=Eric Young8 +V 980705233205Z 09 certs/00000004 /CN=Eric Young9 +V 980705233205Z 0A certs/00000004 /CN=Eric YoungA +V 980705233205Z 0B certs/00000004 /CN=Eric YoungB +V 980705233205Z 0C certs/00000004 /CN=Eric YoungC +V 980705233205Z 0D certs/00000004 /CN=Eric YoungD +V 980705233205Z 0E certs/00000004 /CN=Eric YoungE +V 980705233205Z 0F certs/00000004 /CN=Eric YoungF +V 980705233205Z 10 certs/00000004 /CN=Eric Young10 +V 980705233205Z 11 certs/00000004 /CN=Eric Young11 +V 980705233205Z 12 certs/00000004 /CN=Eric Young12 +V 980705233205Z 13 certs/00000004 /CN=Eric Young13 +V 980705233205Z 14 certs/00000004 /CN=Eric Young14 +V 980705233205Z 15 certs/00000004 /CN=Eric Young15 +V 980705233205Z 16 certs/00000004 /CN=Eric Young16 +V 980705233205Z 17 certs/00000004 /CN=Eric Young17 +V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au +V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au +V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au +V 970322075152Z 010F unknown /CN=Eric Young +V 970322075906Z 0110 unknown /CN=Eric Youngg +V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young +V 970324221931Z 0112 unknown /CN=Fred +V 970324224934Z 0113 unknown /C=AU/CN=eay +V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test +V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 +V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test +V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test +V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 +V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 +V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr +V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk diff --git a/apps/demoCA/private/cakey.pem b/apps/demoCA/private/cakey.pem new file mode 100644 index 0000000000000000000000000000000000000000..48fb18c7d80707fe20ce27c0a70d05cdb2a29063 --- /dev/null +++ b/apps/demoCA/private/cakey.pem @@ -0,0 +1,24 @@ +issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- + +MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe +Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ +hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG +sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw +tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq +agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA +g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= +-----END RSA PRIVATE KEY----- diff --git a/apps/demoCA/serial b/apps/demoCA/serial new file mode 100644 index 0000000000000000000000000000000000000000..69fa0ffe28e7e4f14a2f0847383c68a1a350d4e5 --- /dev/null +++ b/apps/demoCA/serial @@ -0,0 +1 @@ +011E diff --git a/apps/der_chop b/apps/der_chop new file mode 100644 index 0000000000000000000000000000000000000000..4639330c101efe58211027f08a475d39d4b7892c --- /dev/null +++ b/apps/der_chop @@ -0,0 +1,305 @@ +#!/usr/local/bin/perl +# +# der_chop ... this is one total hack that Eric is really not proud of +# so don't look at it and don't ask for support +# +# The "documentation" for this (i.e. all the comments) are my fault --tjh +# +# This program takes the "raw" output of derparse/asn1parse and +# converts it into tokens and then runs regular expression matches +# to try to figure out what to grab to get the things that are needed +# and it is possible that this will do the wrong thing as it is a *hack* +# +# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) +# [I know ... promises promises :-)] +# +# To convert a Netscape Certificate: +# der_chop < ServerCert.der > cert.pem +# To convert a Netscape Key (and encrypt it again to protect it) +# rsa -inform NET -in ServerKey.der -des > key.pem +# +# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this +# is an evil hack. If nothing else the parsing should +# be relative, not absolute. +# 19-Apr-96 tjh hacked (with eay) into 0.5.x format +# +# Tim Hudson +# tjh@cryptsoft.com +# + + +require 'getopts.pl'; + +$debug=0; + +# this was the 0.4.x way of doing things ... +$cmd="derparse"; +$x509_cmd="x509"; +$crl_cmd="crl"; +$rc4_cmd="rc4"; +$md2_cmd="md2"; +$md4_cmd="md4"; +$rsa_cmd="rsa -des -inform der "; + +# this was the 0.5.x way of doing things ... +$cmd="ssleay asn1parse"; +$x509_cmd="ssleay x509"; +$crl_cmd="ssleay crl"; +$rc4_cmd="ssleay rc4"; +$md2_cmd="ssleay md2"; +$md4_cmd="ssleay md4"; +$rsa_cmd="ssleay rsa -des -inform der "; + +&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; +$depth=($opt_d =~ /^\d+$/)?$opt_d:0; + +&init_der(); + +if ($#ARGV != -1) + { + foreach $file (@ARGV) + { + print STDERR "doing $file\n"; + &dofile($file); + } + } +else + { + $file="/tmp/a$$.DER"; + open(OUT,">$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(STDIN,$b,1024*10); + last if ($i <= 0); + $i=syswrite(OUT,$b,$i); + } + &dofile($file); + unlink($file); + } + +sub dofile + { + local($file)=@_; + local(@p); + + $b=&load_file($file); + @p=&load_file_parse($file); + + foreach $_ (@p) + { + ($off,$d,$hl,$len)=&parse_line($_); + $d-=$depth; + next if ($d != 0); + next if ($len == 0); + + $o=substr($b,$off,$len+$hl); + ($str,@data)=&der_str($o); + print "$str\n" if ($opt_v); + if ($str =~ /^$crl/) + { + open(OUT,"|$crl_cmd -inform d -hash -issuer") || + die "unable to run $crl_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$x509/) + { + open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") + || die "unable to run $x509_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$rsa/) + { + ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + next unless ($type eq "rsaEncryption"); + ($off,$d,$hl,$len)=&parse_line($data[5]); + $os=substr($o,$off+$hl,$len); + open(OUT,"|$rsa_cmd") + || die "unable to run $rsa_cmd:$!\n"; + print OUT $os; + close(OUT); + } + elsif ($str =~ /^0G-1D-1G/) + { + ($off,$d,$hl,$len)=&parse_line($data[1]); + $os=substr($o,$off+$hl,$len); + print STDERR "<$os>\n" if $opt_v; + &do_certificate($o,@data) + if (($os eq "certificate") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + &do_private_key($o,@data) + if (($os eq "private-key") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + } + } + } + +sub der_str + { + local($str)=@_; + local(*OUT,*IN,@a,$t,$d,$ret); + local($file)="/tmp/b$$.DER"; + local(@ret); + + open(OUT,">$file"); + print OUT $str; + close(OUT); + open(IN,"$cmd -inform 'd' -in $file |") || + die "unable to run $cmd:$!\n"; + $ret=""; + while () + { + chop; + push(@ret,$_); + + print STDERR "$_\n" if ($debug); + + @a=split(/\s*:\s*/); + ($d)=($a[1] =~ /d=\s*(\d+)/); + $a[2] =~ s/\s+$//; + $t=$DER_s2i{$a[2]}; + $ret.="$d$t-"; + } + close(IN); + unlink($file); + chop $ret; + $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; + $ret =~ s/(-3G-4B-4L)+/-RCERT/g; + return($ret,@ret); + } + +sub init_der + { + $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; + $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; + $rsa= "0G-1B-1G-2F-2E-1D"; + + %DER_i2s=( + # SSLeay 0.4.x has this list + "A","EOC", + "B","INTEGER", + "C","BIT STRING", + "D","OCTET STRING", + "E","NULL", + "F","OBJECT", + "G","SEQUENCE", + "H","SET", + "I","PRINTABLESTRING", + "J","T61STRING", + "K","IA5STRING", + "L","UTCTIME", + "M","NUMERICSTRING", + "N","VIDEOTEXSTRING", + "O","GENERALIZEDTIME", + "P","GRAPHICSTRING", + "Q","ISO64STRING", + "R","GENERALSTRING", + "S","UNIVERSALSTRING", + + # SSLeay 0.5.x changed some things ... and I'm + # leaving in the old stuff but adding in these + # to handle the new as well --tjh + # - Well I've just taken them out and added the extra new + # ones :-) - eay + ); + + foreach (keys %DER_i2s) + { $DER_s2i{$DER_i2s{$_}}=$_; } + } + +sub parse_line + { + local($_)=@_; + + return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); + } + +# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE +# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING +# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE +# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE +# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 +# 33:d=3 hl=2 l= 0 prim: univ: NULL +# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING +sub do_private_key + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + if ($type eq "rc4") + { + ($off,$d,$hl,$len)=&parse_line($struct[6]); + open(OUT,"|$rc4_cmd >$file") || + die "unable to run $rc4_cmd:$!\n"; + print OUT substr($data,$off+$hl,$len); + close(OUT); + + $b=&load_file($file); + unlink($file); + + ($s,@p)=&der_str($b); + die "unknown rsa key type\n$s\n" + if ($s ne '0G-1B-1G-2F-2E-1D'); + local($off,$d,$hl,$len)=&parse_line($p[5]); + $b=substr($b,$off+$hl,$len); + ($s,@p)=&der_str($b); + open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; + print OUT $b; + close(OUT); + } + else + { + print "'$type' is unknown\n"; + exit(1); + } + } + +sub do_certificate + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($off,$d,$hl,$len)=&parse_line($struct[2]); + $b=substr($data,$off,$len+$hl); + + open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; + print OUT $b; + close(OUT); + } + +sub load_file + { + local($file)=@_; + local(*IN,$r,$b,$i); + + $r=""; + open(IN,"<$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(IN,$b,10240); + last if ($i <= 0); + $r.=$b; + } + close(IN); + return($r); + } + +sub load_file_parse + { + local($file)=@_; + local(*IN,$r,@ret,$_,$i,$n,$b); + + open(IN,"$cmd -inform d -in $file|") + || die "unable to run der_parse\n"; + while () + { + chop; + push(@ret,$_); + } + return($r,@ret); + } + diff --git a/apps/dgst.c b/apps/dgst.c new file mode 100644 index 0000000000000000000000000000000000000000..6d7a1787f4a12aec1e6f7b4f01397aa23d64bf4a --- /dev/null +++ b/apps/dgst.c @@ -0,0 +1,227 @@ +/* apps/dgst.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "pem.h" + +#undef BUFSIZE +#define BUFSIZE 1024*8 + +#undef PROG +#define PROG dgst_main + +#ifndef NOPROTO +void do_fp(unsigned char *buf,BIO *f,int sep); +#else +void do_fp(); +#endif + +int MAIN(argc,argv) +int argc; +char **argv; + { + unsigned char *buf=NULL; + int i,err=0; + EVP_MD *md=NULL,*m; + BIO *in=NULL,*inp; + BIO *bmd=NULL; + char *name; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + int separator=0; + int debug=0; + + apps_startup(); + + if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + /* first check the program name */ + program_name(argv[0],pname,PROG_NAME_SIZE); + + md=EVP_get_digestbyname(pname); + + argc--; + argv++; + for (i=0; i 0) && (argv[0][0] == '-')) /* bad option */ + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"-c to output the digest with separating colons\n"); + BIO_printf(bio_err,"-c to output debug info\n"); + BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm (default)\n", + LN_md5,LN_md5); + BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n", + LN_md2,LN_md2); + BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n", + LN_sha1,LN_sha1); + BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n", + LN_sha,LN_sha); + BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n", + LN_mdc2,LN_mdc2); + err=1; + goto end; + } + + in=BIO_new(BIO_s_file()); + bmd=BIO_new(BIO_f_md()); + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + /* needed for windows 3.1 */ + BIO_set_callback_arg(in,bio_err); + } + + if ((in == NULL) || (bmd == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + /* we use md as a filter, reading from 'in' */ + BIO_set_md(bmd,md); + inp=BIO_push(bmd,in); + + if (argc == 0) + { + BIO_set_fp(in,stdin,BIO_NOCLOSE); + do_fp(buf,inp,separator); + } + else + { + name=OBJ_nid2sn(md->type); + for (i=0; i +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "bn.h" +#include "dh.h" +#include "x509.h" +#include "pem.h" + +#undef PROG +#define PROG dh_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -check - check the parameters are ok + * -noout + * -text + * -C + */ + +int MAIN(argc, argv) +int argc; +char **argv; + { + DH *dh=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,check=0,noout=0,C=0,ret=1; + char *infile,*outfile,*prog; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-check") == 0) + check=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -check check the DH parameters\n"); + BIO_printf(bio_err," -text check the DH parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + dh=d2i_DHparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dh=PEM_read_bio_DHparams(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dh == NULL) + { + BIO_printf(bio_err,"unable to load DH parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + + + if (text) + { + DHparams_print(out,dh); +#ifdef undef + printf("p="); + BN_print(stdout,dh->p); + printf("\ng="); + BN_print(stdout,dh->g); + printf("\n"); + if (dh->length != 0) + printf("recomented private length=%ld\n",dh->length); +#endif + } + + if (check) + { + if (!DH_check(dh,&i)) + { + ERR_print_errors(bio_err); + goto end; + } + if (i & DH_CHECK_P_NOT_PRIME) + printf("p value is not prime\n"); + if (i & DH_CHECK_P_NOT_STRONG_PRIME) + printf("p value is not a strong prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + printf("unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + printf("the g value is not a generator\n"); + if (i == 0) + printf("DH parameters appear to be ok.\n"); + } + if (C) + { + unsigned char *data; + int len,l,bits; + + len=BN_num_bytes(dh->p); + bits=BN_num_bits(dh->p); + data=(unsigned char *)Malloc(len); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dh->p,data); + printf("static unsigned char dh%d_p[]={",bits); + for (i=0; ig,data); + printf("static unsigned char dh%d_g[]={",bits); + for (i=0; ip=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", + bits,bits); + printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", + bits,bits); + printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dh);\n\t}\n"); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DHparams_bio(out,dh); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DHparams(out,dh); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DH paramaters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } diff --git a/apps/dh1024.pem b/apps/dh1024.pem new file mode 100644 index 0000000000000000000000000000000000000000..81d43f6a3eae3e68d664df67149392e9012eae20 --- /dev/null +++ b/apps/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq +/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx +/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC +-----END DH PARAMETERS----- diff --git a/apps/dsa-ca.pem b/apps/dsa-ca.pem new file mode 100644 index 0000000000000000000000000000000000000000..9eb08f3ddd45864dff7c3403c26e6ef6dbf4a5e9 --- /dev/null +++ b/apps/dsa-ca.pem @@ -0,0 +1,43 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0 + +svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0 +Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl +Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/ +par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr +zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO +uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5 +rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx +1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4 +HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827 +MVqOsYxGCb+kez0FoDSTgw== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew +ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW +sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m +rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk +cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo +bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR +CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB +F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH +vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq +AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u +3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v +AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE +AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi +ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh +MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD +MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa +C1Q= +-----END CERTIFICATE----- + diff --git a/apps/dsa-pca.pem b/apps/dsa-pca.pem new file mode 100644 index 0000000000000000000000000000000000000000..e3641ad47e6b317a3fa797981ec63d80fee4a073 --- /dev/null +++ b/apps/dsa-pca.pem @@ -0,0 +1,49 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4 + +GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS +mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt +of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr +FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX +RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd +qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1 +diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn +V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h +hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf +dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7 +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB +MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G +lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O +Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR +5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl +aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 +kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als +QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe +6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ +yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 +z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB +nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww +ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ +R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 +JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps +BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze +mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO +VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C +uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D +AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n +5rKUjNBhSg== +-----END CERTIFICATE----- + diff --git a/apps/dsa.c b/apps/dsa.c new file mode 100644 index 0000000000000000000000000000000000000000..585116a677ebf5974f7cc12fd810736ee7c6a1a6 --- /dev/null +++ b/apps/dsa.c @@ -0,0 +1,257 @@ +/* apps/dsa.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "dsa.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +#undef PROG +#define PROG dsa_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -text - print a text version + * -modulus - print the DSA public key + */ + +int MAIN(argc, argv) +int argc; +char **argv; + { + int ret=1; + DSA *dsa=NULL; + int i,badops=0; + EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat,text=0,noout=0; + char *infile,*outfile,*prog; + int modulus=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the DSA public value\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err,"read DSA private key\n"); + if (informat == FORMAT_ASN1) + dsa=d2i_DSAPrivateKey_bio(in,NULL); + else if (informat == FORMAT_PEM) + dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } + if (dsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) + if (!DSA_print(out,dsa,0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (modulus) + { + fprintf(stdout,"Public Key="); + BN_print(out,dsa->pub_key); + fprintf(stdout,"\n"); + } + + if (noout) goto end; + BIO_printf(bio_err,"writing DSA private key\n"); + if (outformat == FORMAT_ASN1) + i=i2d_DSAPrivateKey_bio(out,dsa); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + diff --git a/apps/dsa1024.pem b/apps/dsa1024.pem new file mode 100644 index 0000000000000000000000000000000000000000..082dec3897826ef5a7b04d705484fad6750db1d4 --- /dev/null +++ b/apps/dsa1024.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx +mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us +OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36 +bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8 +3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH +zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O +Arg= +-----END DSA PARAMETERS----- diff --git a/apps/dsa512.pem b/apps/dsa512.pem new file mode 100644 index 0000000000000000000000000000000000000000..5f86d1a6e7e80e577cb37d3e875bb9237b461f68 --- /dev/null +++ b/apps/dsa512.pem @@ -0,0 +1,6 @@ +-----BEGIN DSA PARAMETERS----- +MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97 +TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA +gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO +L8wka5B33qJoplISogOdIA== +-----END DSA PARAMETERS----- diff --git a/apps/dsaparam.c b/apps/dsaparam.c new file mode 100644 index 0000000000000000000000000000000000000000..e9485c003623ccadad9992013cac025f2d370fdf --- /dev/null +++ b/apps/dsaparam.c @@ -0,0 +1,340 @@ +/* apps/dsaparam.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "bn.h" +#include "rand.h" +#include "dsa.h" +#include "x509.h" +#include "pem.h" + +#undef PROG +#define PROG dsaparam_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -noout + * -text + * -C + * -noout + */ + +#ifndef NOPROTO +static void MS_CALLBACK dsa_cb(int p, int n); +#else +static void MS_CALLBACK dsa_cb(); +#endif + +int MAIN(argc, argv) +int argc; +char **argv; + { + DSA *dsa=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,noout=0,C=0,ret=1; + char *infile,*outfile,*prog,*inrand=NULL; + int numbits= -1,num; + char buffer[200],*randfile=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (sscanf(*argv,"%d",&num) == 1) + { + /* generate a key */ + numbits=num; + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] [bits] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text check the DSA parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -rand files to use for random number input\n"); + BIO_printf(bio_err," number number of bits to use for generating private key\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (numbits > 0) + { + randfile=RAND_file_name(buffer,200); + RAND_load_file(randfile,1024L*1024L); + + BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); + BIO_printf(bio_err,"This could take some time\n"); + dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,dsa_cb); + } + else if (informat == FORMAT_ASN1) + dsa=d2i_DSAparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dsa=PEM_read_bio_DSAparams(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dsa == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (text) + { + DSAparams_print(out,dsa); + } + + if (C) + { + unsigned char *data; + int l,len,bits_p,bits_q,bits_g; + + len=BN_num_bytes(dsa->p); + bits_p=BN_num_bits(dsa->p); + bits_q=BN_num_bits(dsa->q); + bits_g=BN_num_bits(dsa->g); + data=(unsigned char *)Malloc(len+20); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dsa->p,data); + printf("static unsigned char dsa%d_p[]={",bits_p); + for (i=0; iq,data); + printf("static unsigned char dsa%d_q[]={",bits_p); + for (i=0; ig,data); + printf("static unsigned char dsa%d_g[]={",bits_p); + for (i=0; ip=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n", + bits_p,bits_p); + printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n", + bits_p,bits_p); + printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", + bits_p,bits_p); + printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dsa);\n\t}\n"); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DSAparams_bio(out,dsa); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAparams(out,dsa); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DSA paramaters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + +static void MS_CALLBACK dsa_cb(p, n) +int p; +int n; + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(bio_err,&c,1); + BIO_flush(bio_err); +#ifdef LINT + p=n; +#endif + } diff --git a/apps/eay.c b/apps/eay.c new file mode 100644 index 0000000000000000000000000000000000000000..c7a59ca242a84f59e91c34a124be40fda438607e --- /dev/null +++ b/apps/eay.c @@ -0,0 +1,130 @@ +/* apps/eay.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#define MONOLITH +#define USE_SOCKETS +#include "../e_os.h" + +#include "bio.h" +#include "stack.h" +#include "lhash.h" + +#include "err.h" + +#include "bn.h" + +#include "evp.h" + +#include "rand.h" +#include "conf.h" +#include "txt_db.h" + +#include "err.h" + +#include "x509.h" +#include "pkcs7.h" +#include "pem.h" +#include "asn1.h" +#include "objects.h" + +#define MONOLITH + +#include "ssleay.c" +#include "apps.c" +#include "asn1pars.c" +#ifndef NO_RSA +#include "ca.c" +#include "genrsa.c" +#include "req.c" +#include "rsa.c" +#endif +#ifndef NO_DH +#include "gendh.c" +#include "dh.c" +#endif +#include "crl.c" +#include "crl2p7.c" +#include "dgst.c" +#include "enc.c" +#include "errstr.c" +#if !defined(NO_SSL2) || !defined(NO_SSL3) +#ifndef NO_SOCK +#include "s_cb.c" +#include "s_client.c" +#include "s_server.c" +#include "s_socket.c" +#include "s_time.c" +#endif +#endif +#include "speed.c" +#include "verify.c" +#include "version.c" +#include "x509.c" +#include "ciphers.c" +#include "sess_id.c" +#include "pkcs7.c" +#ifndef NO_DSA +#include "dsaparam.c" +#include "dsa.c" +#include "gendsa.c" +#endif + diff --git a/apps/enc.c b/apps/enc.c new file mode 100644 index 0000000000000000000000000000000000000000..d7c990911f083dcdf2812a49ff44492807031ca2 --- /dev/null +++ b/apps/enc.c @@ -0,0 +1,545 @@ +/* apps/enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#ifdef NO_MD5 +#include "md5.h" +#endif +#include "pem.h" + +#ifndef NOPROTO +int set_hex(char *in,unsigned char *out,int size); +#else +int set_hex(); +#endif + +#undef SIZE +#undef BSIZE +#undef PROG + +#define SIZE (512) +#define BSIZE (8*1024) +#define PROG enc_main + +int MAIN(argc,argv) +int argc; +char **argv; + { + char *strbuf=NULL; + unsigned char *buff=NULL,*bufsize=NULL; + int bsize=BSIZE,verbose=0; + int ret=1,inl; + unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + char *str=NULL; + char *hkey=NULL,*hiv=NULL; + int enc=1,printkey=0,i,base64=0; + int debug=0; + EVP_CIPHER *cipher=NULL,*c; + char *inf=NULL,*outf=NULL; + BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + /* first check the program name */ + program_name(argv[0],pname,PROG_NAME_SIZE); + if (strcmp(pname,"base64") == 0) + base64=1; + + cipher=EVP_get_cipherbyname(pname); + if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) + { + BIO_printf(bio_err,"%s is an unknown cipher\n",pname); + goto bad; + } + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-e") == 0) + enc=1; + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + inf= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outf= *(++argv); + } + else if (strcmp(*argv,"-d") == 0) + enc=0; + else if (strcmp(*argv,"-p") == 0) + printkey=1; + else if (strcmp(*argv,"-v") == 0) + verbose=1; + else if ((strcmp(*argv,"-debug") == 0) || + (strcmp(*argv,"-d") == 0)) + debug=1; + else if (strcmp(*argv,"-P") == 0) + printkey=2; + else if (strcmp(*argv,"-a") == 0) + base64=1; + else if (strcmp(*argv,"-base64") == 0) + base64=1; + else if (strcmp(*argv,"-bufsize") == 0) + { + if (--argc < 1) goto bad; + bufsize=(unsigned char *)*(++argv); + } + else if (strcmp(*argv,"-k") == 0) + { + if (--argc < 1) goto bad; + str= *(++argv); + } + else if (strcmp(*argv,"-kfile") == 0) + { + static char buf[128]; + FILE *infile; + char *file; + + if (--argc < 1) goto bad; + file= *(++argv); + infile=fopen(file,"r"); + if (infile == NULL) + { + BIO_printf(bio_err,"unable to read key from '%s'\n", + file); + goto bad; + } + buf[0]='\0'; + fgets(buf,128,infile); + fclose(infile); + i=strlen(buf); + if ((i > 0) && + ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) + buf[--i]='\0'; + if ((i > 0) && + ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) + buf[--i]='\0'; + if (i < 1) + { + BIO_printf(bio_err,"zero length password\n"); + goto bad; + } + str=buf; + } + else if (strcmp(*argv,"-K") == 0) + { + if (--argc < 1) goto bad; + hkey= *(++argv); + } + else if (strcmp(*argv,"-iv") == 0) + { + if (--argc < 1) goto bad; + hiv= *(++argv); + } + else if ((argv[0][0] == '-') && + ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) + { + cipher=c; + } + else if (strcmp(*argv,"-none") == 0) + cipher=NULL; + else + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); +bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s input file\n","-in "); + BIO_printf(bio_err,"%-14s output fileencrypt\n","-out "); + BIO_printf(bio_err,"%-14s encrypt\n","-e"); + BIO_printf(bio_err,"%-14s decrypt\n","-d"); + BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); + BIO_printf(bio_err,"%-14s key is the next argument\n","-k"); + BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); + BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); + BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); + + BIO_printf(bio_err,"Cipher Types\n"); + BIO_printf(bio_err,"des : 56 bit key DES encryption\n"); + BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n"); + BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n"); +#ifndef NO_IDEA + BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n"); +#endif +#ifndef NO_RC4 + BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n"); +#endif +#ifndef NO_BLOWFISH + BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n"); +#endif +#ifndef NO_RC4 + BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n", + LN_rc4); +#endif + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ecb,LN_des_cbc, + LN_des_cfb64,LN_des_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n", + "des", LN_des_cbc); + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ede,LN_des_ede_cbc, + LN_des_ede_cfb64,LN_des_ede_ofb64); + BIO_printf(bio_err," -desx -none\n"); + + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ede3,LN_des_ede3_cbc, + LN_des_ede3_cfb64,LN_des_ede3_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n", + "des3", LN_des_ede3_cbc); + +#ifndef NO_IDEA + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_idea_ecb, LN_idea_cbc, + LN_idea_cfb64, LN_idea_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc); +#endif +#ifndef NO_RC2 + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_rc2_ecb, LN_rc2_cbc, + LN_rc2_cfb64, LN_rc2_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc); +#endif +#ifndef NO_BLOWFISH + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_bf_ecb, LN_bf_cbc, + LN_bf_cfb64, LN_bf_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc); +#endif + goto end; + } + argc--; + argv++; + } + + if (bufsize != NULL) + { + unsigned long n; + + for (n=0; *bufsize; bufsize++) + { + i= *bufsize; + if ((i <= '9') && (i >= '0')) + n=n*10+i-'0'; + else if (i == 'k') + { + n*=1024; + bufsize++; + break; + } + } + if (*bufsize != '\0') + { + BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); + goto end; + } + + /* It must be large enough for a base64 encoded line */ + if (n < 80) n=80; + + bsize=(int)n; + if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); + } + + strbuf=Malloc(SIZE); + buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize)); + if ((buff == NULL) || (strbuf == NULL)) + { + BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); + goto end; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + BIO_set_callback(out,BIO_debug_callback); + BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(out,bio_err); + } + + if (inf == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,inf) <= 0) + { + perror(inf); + goto end; + } + } + + if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) + { + for (;;) + { + char buf[200]; + + sprintf(buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); + strbuf[0]='\0'; + i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); + if (i == 0) + { + if (strbuf[0] == '\0') + { + ret=1; + goto end; + } + str=strbuf; + break; + } + if (i < 0) + { + BIO_printf(bio_err,"bad password read\n"); + goto end; + } + } + } + + if (cipher != NULL) + { + if (str != NULL) + { + EVP_BytesToKey(cipher,EVP_md5(),NULL, + (unsigned char *)str, + strlen(str),1,key,iv); + /* zero the complete buffer or the string + * passed from the command line + * bug picked up by + * Larry J. Hughes Jr. */ + if (str == strbuf) + memset(str,0,SIZE); + else + memset(str,0,strlen(str)); + } + if ((hiv != NULL) && !set_hex(hiv,iv,8)) + { + BIO_printf(bio_err,"invalid hex iv value\n"); + goto end; + } + if ((hkey != NULL) && !set_hex(hkey,key,24)) + { + BIO_printf(bio_err,"invalid hex key value\n"); + goto end; + } + + if ((benc=BIO_new(BIO_f_cipher())) == NULL) + goto end; + BIO_set_cipher(benc,cipher,key,iv,enc); + if (debug) + { + BIO_set_callback(benc,BIO_debug_callback); + BIO_set_callback_arg(benc,bio_err); + } + + if (printkey) + { + if (cipher->key_len > 0) + { + printf("key="); + for (i=0; ikey_len; i++) + printf("%02X",key[i]); + printf("\n"); + } + if (cipher->iv_len > 0) + { + printf("iv ="); + for (i=0; iiv_len; i++) + printf("%02X",iv[i]); + printf("\n"); + } + if (printkey == 2) + { + ret=0; + goto end; + } + } + } + + + if (outf == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outf) <= 0) + { + perror(outf); + goto end; + } + } + + rbio=in; + wbio=out; + + if (base64) + { + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + if (debug) + { + BIO_set_callback(b64,BIO_debug_callback); + BIO_set_callback_arg(b64,bio_err); + } + if (enc) + wbio=BIO_push(b64,wbio); + else + rbio=BIO_push(b64,rbio); + } + + /* Only encrypt/decrypt as we write the file */ + if (benc != NULL) + wbio=BIO_push(benc,wbio); + + for (;;) + { + inl=BIO_read(rbio,(char *)buff,bsize); + if (inl <= 0) break; + if (BIO_write(wbio,(char *)buff,inl) != inl) + { + BIO_printf(bio_err,"error writing output file\n"); + goto end; + } + } + if (!BIO_flush(wbio)) + { + BIO_printf(bio_err,"bad decrypt\n"); + goto end; + } + + ret=0; + if (verbose) + { + BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); + BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); + } +end: + if (strbuf != NULL) Free(strbuf); + if (buff != NULL) Free(buff); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (benc != NULL) BIO_free(benc); + if (b64 != NULL) BIO_free(b64); + EXIT(ret); + } + +int set_hex(in,out,size) +char *in; +unsigned char *out; +int size; + { + int i,n; + unsigned char j; + + n=strlen(in); + if (n > (size*2)) + { + BIO_printf(bio_err,"hex string is too long\n"); + return(0); + } + memset(out,0,size); + for (i=0; i= '0') && (j <= '9')) + j-='0'; + else if ((j >= 'A') && (j <= 'F')) + j=j-'A'+10; + else if ((j >= 'a') && (j <= 'f')) + j=j-'a'+10; + else + { + BIO_printf(bio_err,"non-hex digit\n"); + return(0); + } + if (i&1) + out[i/2]|=j; + else + out[i/2]=(j<<4); + } + return(1); + } diff --git a/apps/errstr.c b/apps/errstr.c new file mode 100644 index 0000000000000000000000000000000000000000..6d0f9d137be27a0615c1cf279e60fc035135300b --- /dev/null +++ b/apps/errstr.c @@ -0,0 +1,116 @@ +/* apps/errstr.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "lhash.h" +#include "err.h" +#include "ssl.h" + +#undef PROG +#define PROG errstr_main + +int MAIN(argc, argv) +int argc; +char **argv; + { + int i,ret=0; + char buf[256]; + unsigned long l; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + SSL_load_error_strings(); + + if ((argc > 1) && (strcmp(argv[1],"-stats") == 0)) + { + BIO *out=NULL; + + out=BIO_new(BIO_s_file()); + if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) + { + lh_node_stats_bio((LHASH *)ERR_get_string_table(),out); + lh_stats_bio((LHASH *)ERR_get_string_table(),out); + lh_node_usage_stats_bio((LHASH *) + ERR_get_string_table(),out); + } + if (out != NULL) BIO_free(out); + argc--; + argv++; + } + + for (i=1; i ...\n"); + ret++; + } + } + EXIT(ret); + } diff --git a/apps/f b/apps/f new file mode 100644 index 0000000000000000000000000000000000000000..857052edd05007159a1a15ffde4804d0e13d1930 --- /dev/null +++ b/apps/f @@ -0,0 +1,5 @@ +586 +2481 + +1400 +2064 diff --git a/apps/g_ssleay.pl b/apps/g_ssleay.pl new file mode 100644 index 0000000000000000000000000000000000000000..237dd4c698fbdf0ac240aaafca7f3b727a8f798a --- /dev/null +++ b/apps/g_ssleay.pl @@ -0,0 +1,110 @@ +#!/usr/local/bin/perl + +$mkprog='mklinks'; +$rmprog='rmlinks'; + +print "#ifndef NOPROTO\n"; + +grep(s/^asn1pars$/asn1parse/,@ARGV); + +foreach (@ARGV) + { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } +print "#else\n"; +foreach (@ARGV) + { printf "extern int %s_main();\n",$_; } +print "#endif\n"; + + +print <<'EOF'; + +#ifdef SSLEAY_SRC + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { +EOF + +foreach (@ARGV) + { + push(@files,$_); + $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) + { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } + elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || + ($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/)) + { print "#ifndef NO_RSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) + { print "#ifndef NO_DSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/)) + { print "#ifndef NO_DH\n${str}#endif\n"; } + else + { print $str; } + } + +foreach ("md2","md5","sha","sha1","mdc2") + { + push(@files,$_); + printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; + } + +foreach ( + "base64", + "des", "des3", "desx", "idea", "rc4", "rc2","bf", + "des-ecb", "des-ede", "des-ede3", + "des-cbc", "des-ede-cbc","des-ede3-cbc", + "des-cfb", "des-ede-cfb","des-ede3-cfb", + "des-ofb", "des-ede-ofb","des-ede3-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb", + "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb") + { + push(@files,$_); + + $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; } + elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; } + elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; } + elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; } + elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; } + print $t; + } + +print "\t{0,NULL,NULL}\n\t};\n"; +print "#endif\n\n"; + +open(OUT,">$mkprog") || die "unable to open '$prog':$!\n"; +print OUT "#!/bin/sh\nfor i in "; +foreach (@files) + { print OUT $_." "; } +print OUT <<'EOF'; + +do +echo making symlink for $i +/bin/rm -f $i +ln -s ssleay $i +done +EOF +close(OUT); +chmod(0755,$mkprog); + +open(OUT,">$rmprog") || die "unable to open '$prog':$!\n"; +print OUT "#!/bin/sh\nfor i in "; +foreach (@files) + { print OUT $_." "; } +print OUT <<'EOF'; + +do +echo removing $i +/bin/rm -f $i +done +EOF +close(OUT); +chmod(0755,$rmprog); diff --git a/apps/gendh.c b/apps/gendh.c new file mode 100644 index 0000000000000000000000000000000000000000..b7b6d0fd629f4c6e8267e9f8455f93c88f7f5b95 --- /dev/null +++ b/apps/gendh.c @@ -0,0 +1,234 @@ +/* apps/gendh.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "rand.h" +#include "err.h" +#include "bn.h" +#include "dh.h" +#include "x509.h" +#include "pem.h" + +#define DEFBITS 512 +#undef PROG +#define PROG gendh_main + +#ifndef NOPROTO +static void MS_CALLBACK dh_cb(int p, int n); +static long dh_load_rand(char *names); +#else +static void MS_CALLBACK dh_cb(); +static long dh_load_rand(); +#endif + +int MAIN(argc, argv) +int argc; +char **argv; + { + char buffer[200]; + DH *dh=NULL; + int ret=1,num=DEFBITS; + int g=2; + char *outfile=NULL; + char *inrand=NULL,*randfile; + BIO *out=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-2") == 0) + g=2; + /* else if (strcmp(*argv,"-3") == 0) + g=3; */ + else if (strcmp(*argv,"-5") == 0) + g=5; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else + break; + argv++; + argc--; + } + if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) + { +bad: + BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -2 use 2 as the generator value\n"); + /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */ + BIO_printf(bio_err," -5 use 5 as the generator value\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto end; + } + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) + BIO_printf(bio_err,"unable to load 'random state'\n"); + + if (inrand == NULL) + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + else + { + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + dh_load_rand(inrand)); + } + + BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g); + BIO_printf(bio_err,"This is going to take a long time\n"); + dh=DH_generate_parameters(num,g,dh_cb); + + if (dh == NULL) goto end; + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (!PEM_write_bio_DHparams(out,dh)) + goto end; + ret=0; +end: + if (ret != 0) + ERR_print_errors(bio_err); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } + +static void MS_CALLBACK dh_cb(p, n) +int p; +int n; + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(bio_err,&c,1); + BIO_flush(bio_err); +#ifdef LINT + p=n; +#endif + } + +static long dh_load_rand(name) +char *name; + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1); + if (last) break; + } + return(tot); + } + + diff --git a/apps/gendsa.c b/apps/gendsa.c new file mode 100644 index 0000000000000000000000000000000000000000..35f299a58b187eb618ade523787b15fc8a165b4b --- /dev/null +++ b/apps/gendsa.c @@ -0,0 +1,220 @@ +/* apps/gendsa.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "rand.h" +#include "err.h" +#include "bn.h" +#include "dsa.h" +#include "x509.h" +#include "pem.h" + +#define DEFBITS 512 +#undef PROG +#define PROG gendsa_main + +#ifndef NOPROTO +static long dsa_load_rand(char *names); +#else +static long dsa_load_rand(); +#endif + +int MAIN(argc, argv) +int argc; +char **argv; + { + char buffer[200]; + DSA *dsa=NULL; + int ret=1,num=DEFBITS; + char *outfile=NULL; + char *inrand=NULL,*randfile,*dsaparams=NULL; + BIO *out=NULL,*in=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (strcmp(*argv,"-") == 0) + goto bad; + else if (dsaparams == NULL) + { + dsaparams= *argv; + } + else + goto bad; + argv++; + argc--; + } + + if (dsaparams == NULL) + { +bad: + BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n"); + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto end; + } + + in=BIO_new(BIO_s_file()); + if (!(BIO_read_filename(in,"r"))) + { + perror(dsaparams); + goto end; + } + + if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameter file\n"); + goto end; + } + BIO_free(in); + + out=BIO_new(BIO_s_file()); + if (out == NULL) goto end; + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) + BIO_printf(bio_err,"unable to load 'random state'\n"); + + if (inrand == NULL) + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + else + { + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + dsa_load_rand(inrand)); + } + + BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); + BIO_printf(bio_err,"This could take some time\n"); + if (!DSA_generate_key(dsa)) goto end; + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL)) + goto end; + ret=0; +end: + if (ret != 0) + ERR_print_errors(bio_err); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + +static long dsa_load_rand(name) +char *name; + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1); + if (last) break; + } + return(tot); + } + + diff --git a/apps/genrsa.c b/apps/genrsa.c new file mode 100644 index 0000000000000000000000000000000000000000..973175447f484cf90b1c1c1f741a866c2e482b83 --- /dev/null +++ b/apps/genrsa.c @@ -0,0 +1,277 @@ +/* apps/genrsa.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "rand.h" +#include "err.h" +#include "bn.h" +#include "rsa.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +#define DEFBITS 512 +#undef PROG +#define PROG genrsa_main + +#ifndef NOPROTO +static void MS_CALLBACK genrsa_cb(int p, int n); +static long gr_load_rand(char *names); +#else +static void MS_CALLBACK genrsa_cb(); +static long gr_load_rand(); +#endif + +int MAIN(argc, argv) +int argc; +char **argv; + { + int ret=1; + char buffer[200]; + RSA *rsa=NULL; + int i,num=DEFBITS; + long rnum=0,l; + EVP_CIPHER *enc=NULL; + unsigned long f4=RSA_F4; + char *outfile=NULL; + char *inrand=NULL,*randfile; + BIO *out=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + if ((out=BIO_new(BIO_s_file())) == NULL) + { + BIO_printf(bio_err,"unable to creat BIO for output\n"); + goto err; + } + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-3") == 0) + f4=3; + else if (strcmp(*argv,"-F4") == 0) + f4=RSA_F4; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else + break; + argv++; + argc--; + } + if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) + { +bad: + BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); + BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); + BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); +#endif + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -f4 - use F4 (0x10001) for the E value\n"); + BIO_printf(bio_err," -3 - use 3 for the E value\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto err; + } + + ERR_load_crypto_strings(); + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto err; + } + } + +#ifdef WINDOWS + BIO_printf(bio_err,"Loading 'screen' into random state -"); + BIO_flush(bio_err); + RAND_screen(); + BIO_printf(bio_err," done\n"); +#endif + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL) || + !(rnum=(long)RAND_load_file(randfile,1024L*1024L))) + { + BIO_printf(bio_err,"unable to load 'random state'\n"); + } + + if (inrand == NULL) + { + if (rnum == 0) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + } + else + { + rnum+=gr_load_rand(inrand); + } + if (rnum != 0) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum); + + BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", + num); + rsa=RSA_generate_key(num,f4,genrsa_cb); + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (rsa == NULL) goto err; + + /* We need to do the folloing for when the base number size is < + * long, esp windows 3.1 :-(. */ + l=0L; + for (i=0; ie->top; i++) + { +#ifndef SIXTY_FOUR_BIT + l<<=BN_BITS4; + l<<=BN_BITS4; +#endif + l+=rsa->e->d[i]; + } + BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); + if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL)) + goto err; + + ret=0; +err: + if (rsa != NULL) RSA_free(rsa); + if (out != NULL) BIO_free(out); + if (ret != 0) + ERR_print_errors(bio_err); + EXIT(ret); + } + +static void MS_CALLBACK genrsa_cb(p, n) +int p; +int n; + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(bio_err,&c,1); + BIO_flush(bio_err); +#ifdef LINT + p=n; +#endif + } + +static long gr_load_rand(name) +char *name; + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1024L*1024L); + if (last) break; + } + return(tot); + } + + diff --git a/apps/mklinks b/apps/mklinks new file mode 100644 index 0000000000000000000000000000000000000000..6423613383ce77b057208d4b4082d268ce812788 --- /dev/null +++ b/apps/mklinks @@ -0,0 +1,7 @@ +#!/bin/sh +for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb +do +echo making symlink for $i +/bin/rm -f $i +ln -s ssleay $i +done diff --git a/apps/openssl.c b/apps/openssl.c new file mode 100644 index 0000000000000000000000000000000000000000..f69f14aa2e262e9977caefe5354b0de8e5f83f08 --- /dev/null +++ b/apps/openssl.c @@ -0,0 +1,339 @@ +/* apps/ssleay.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define DEBUG + +#include +#include +#include +#ifdef WIN16 +#define APPS_WIN16 +#endif +#include "bio.h" +#include "crypto.h" +#include "lhash.h" +#include "conf.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#define SSLEAY /* turn off a few special case MONOLITH macros */ +#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ +#define SSLEAY_SRC +#include "apps.h" +#include "s_apps.h" +#include "err.h" + + +#ifndef NOPROTO +static unsigned long MS_CALLBACK hash(FUNCTION *a); +static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); +static LHASH *prog_init(void ); +static int do_cmd(LHASH *prog,int argc,char *argv[]); +static void sig_stop(int i); +#else +static unsigned long MS_CALLBACK hash(); +static int MS_CALLBACK cmp(); +static LHASH *prog_init(); +static int do_cmd(); +static void sig_stop(); +#endif + +LHASH *config=NULL; +char *default_config_file=NULL; + +#ifdef DEBUG +static void sig_stop(i) +int i; + { + char *a=NULL; + + *a='\0'; + } +#endif + +/* Make sure there is only one when MONOLITH is defined */ +#ifdef MONOLITH +BIO *bio_err=NULL; +#endif + +int main(Argc,Argv) +int Argc; +char *Argv[]; + { + ARGS arg; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + FUNCTION f,*fp; + MS_STATIC char *prompt,buf[1024],config_name[256]; + int n,i,ret=0; + int argc; + char **argv,*p; + LHASH *prog=NULL; + long errline; + + arg.data=NULL; + arg.count=0; + + /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */ + apps_startup(); + +#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS) +#ifdef SIGBUS + signal(SIGBUS,sig_stop); +#endif +#ifdef SIGSEGV + signal(SIGSEGV,sig_stop); +#endif +#endif + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* Lets load up our environment a little */ + p=getenv("SSLEAY_CONF"); + if (p == NULL) + { + strcpy(config_name,X509_get_default_cert_area()); + strcat(config_name,"/lib/"); + strcat(config_name,SSLEAY_CONF); + p=config_name; + } + + default_config_file=p; + + config=CONF_load(config,p,&errline); + if (config == NULL) ERR_clear_error(); + + prog=prog_init(); + + /* first check the program name */ + program_name(Argv[0],pname,PROG_NAME_SIZE); + + f.name=pname; + fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); + if (fp != NULL) + { + Argv[0]=pname; + ret=fp->func(Argc,Argv); + goto end; + } + + /* ok, now check that there are not arguments, if there are, + * run with them, shifting the ssleay off the front */ + if (Argc != 1) + { + Argc--; + Argv++; + ret=do_cmd(prog,Argc,Argv); + if (ret < 0) ret=0; + goto end; + } + + /* ok, lets enter the old 'SSLeay>' mode */ + + for (;;) + { + ret=0; + p=buf; + n=1024; + i=0; + for (;;) + { + p[0]='\0'; + if (i++) + prompt=">"; + else prompt="SSLeay>"; + fputs(prompt,stdout); + fflush(stdout); + fgets(p,n,stdin); + if (p[0] == '\0') goto end; + i=strlen(p); + if (i <= 1) break; + if (p[i-2] != '\\') break; + i-=2; + p+=i; + n-=i; + } + if (!chopup_args(&arg,buf,&argc,&argv)) break; + + ret=do_cmd(prog,argc,argv); + if (ret < 0) + { + ret=0; + goto end; + } + if (ret != 0) + BIO_printf(bio_err,"error in %s\n",argv[0]); + } + BIO_printf(bio_err,"bad exit\n"); + ret=1; +end: + if (config != NULL) + { + CONF_free(config); + config=NULL; + } + if (prog != NULL) lh_free(prog); + if (arg.data != NULL) Free(arg.data); + ERR_remove_state(0); + + EVP_cleanup(); + + CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) + { + BIO_free(bio_err); + bio_err=NULL; + } + EXIT(ret); + } + +static int do_cmd(prog,argc,argv) +LHASH *prog; +int argc; +char *argv[]; + { + FUNCTION f,*fp; + int i,ret=1,tp,nl; + + if ((argc <= 0) || (argv[0] == NULL)) + { ret=0; goto end; } + f.name=argv[0]; + fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); + if (fp != NULL) + { + ret=fp->func(argc,argv); + } + else if ((strcmp(argv[0],"quit") == 0) || + (strcmp(argv[0],"q") == 0) || + (strcmp(argv[0],"exit") == 0) || + (strcmp(argv[0],"bye") == 0)) + { + ret= -1; + goto end; + } + else + { + BIO_printf(bio_err,"'%s' is a bad command, valid commands are", + argv[0]); + i=0; + fp=functions; + tp=0; + for (fp=functions; fp->name != NULL; fp++) + { + nl=0; + if (((i++) % 5) == 0) + { + BIO_printf(bio_err,"\n"); + nl=1; + } + if (fp->type != tp) + { + tp=fp->type; + if (!nl) BIO_printf(bio_err,"\n"); + if (tp == FUNC_TYPE_MD) + { + i=1; + BIO_printf(bio_err, + "Message Digest commands - see the dgst command for more details\n"); + } + else if (tp == FUNC_TYPE_CIPHER) + { + i=1; + BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n"); + } + } + BIO_printf(bio_err,"%-15s",fp->name); + } + BIO_printf(bio_err,"\nquit\n"); + ret=0; + } +end: + return(ret); + } + +static LHASH *prog_init() + { + LHASH *ret; + FUNCTION *f; + + if ((ret=lh_new(hash,cmp)) == NULL) return(NULL); + + for (f=functions; f->name != NULL; f++) + lh_insert(ret,(char *)f); + return(ret); + } + +static int MS_CALLBACK cmp(a,b) +FUNCTION *a,*b; + { + return(strncmp(a->name,b->name,8)); + } + +static unsigned long MS_CALLBACK hash(a) +FUNCTION *a; + { + return(lh_strhash(a->name)); + } + +#undef SSLEAY diff --git a/apps/openssl.cnf b/apps/openssl.cnf new file mode 100644 index 0000000000000000000000000000000000000000..0b3bfa64f861487d30786b04d40cb6a9d8effc7f --- /dev/null +++ b/apps/openssl.cnf @@ -0,0 +1,116 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = x509v3_extensions # The extentions to add to the cert +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = CryptSoft Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 40 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ x509v3_extensions ] + +nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem +nsComment = "This is a comment" + +# under ASN.1, the 0 bit would be encoded as 80 +nsCertType = 0x40 + +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName +#nsCertSequence +#nsCertExt +#nsDataType + diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl new file mode 100644 index 0000000000000000000000000000000000000000..8a0f05e166aa61225bf6649cb345f87416b5f509 --- /dev/null +++ b/apps/pca-cert.srl @@ -0,0 +1 @@ +01 diff --git a/apps/pca-key.pem b/apps/pca-key.pem new file mode 100644 index 0000000000000000000000000000000000000000..20029ab779f28e12d27c5869db61223526a09f5f --- /dev/null +++ b/apps/pca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- diff --git a/apps/pca-req.pem b/apps/pca-req.pem new file mode 100644 index 0000000000000000000000000000000000000000..33f155337b3412a6dcf0de8b861d62f542f88577 --- /dev/null +++ b/apps/pca-req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo +MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj +Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX +MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3 +vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz +IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv +wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L +Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV +-----END CERTIFICATE REQUEST----- diff --git a/apps/pem_mail.c b/apps/pem_mail.c new file mode 100644 index 0000000000000000000000000000000000000000..e48c358f72f6b89c5717ce7b3497364bdcbeb63e --- /dev/null +++ b/apps/pem_mail.c @@ -0,0 +1,170 @@ +/* apps/pem_mail.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "apps.h" + +#undef PROG +#define PROG pem_mail_main + +static char *usage[]={ +"usage: pem_mail args\n", +"\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -cert arg - the certificate to use\n", +" -key arg - the private key to use\n", +" -MIC - sign the message\n", +" -enc arg - encrypt with one of cbc-des\n", +NULL +}; + + +typedef struct lines_St + { + char *line; + struct lines_st *next; + } LINES; + +int main(argc, argv) +int argc; +char **argv; + { + FILE *in; + RSA *rsa=NULL; + EVP_MD_CTX ctx; + unsigned int mic=0,i,n; + unsigned char buf[1024*15]; + char *prog,*infile=NULL,*outfile=NULL,*key=NULL; + int badops=0; + + apps_startup(); + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-mic") == 0) + mic=1; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + EXIT(1); + } + + if (key == NULL) + { BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); } + in=fopen(key,"r"); + if (in == NULL) { perror(key); EXIT(1); } + rsa=PEM_read_RSAPrivateKey(in,NULL,NULL); + if (rsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + EXIT(1); + } + fclose(in); + + PEM_SignInit(&ctx,EVP_md5()); + for (;;) + { + i=fread(buf,1,1024*10,stdin); + if (i <= 0) break; + PEM_SignUpdate(&ctx,buf,i); + } + if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err; + BIO_printf(bio_err,"%s\n",buf); + EXIT(0); +err: + ERR_print_errors(bio_err); + EXIT(1); + } diff --git a/apps/pkcs7.c b/apps/pkcs7.c new file mode 100644 index 0000000000000000000000000000000000000000..47bd7564a97722aab5830cfae1f55bad7f789c6c --- /dev/null +++ b/apps/pkcs7.c @@ -0,0 +1,313 @@ +/* apps/pkcs7.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "err.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "pkcs7.h" +#include "pem.h" + +#undef PROG +#define PROG pkcs7_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -print_certs + */ + +int MAIN(argc, argv) +int argc; +char **argv; + { + PKCS7 *p7=NULL; + int i,badops=0; + EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat; + char *infile,*outfile,*prog,buf[256]; + int print_certs=0; + int ret=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-print_certs") == 0) + print_certs=1; +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + EXIT(1); + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + if (in == NULL) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + p7=d2i_PKCS7_bio(in,NULL); + else if (informat == FORMAT_PEM) + p7=PEM_read_bio_PKCS7(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); + goto end; + } + if (p7 == NULL) + { + BIO_printf(bio_err,"unable to load PKCS7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (print_certs) + { + STACK *certs=NULL; + STACK *crls=NULL; + + i=OBJ_obj2nid(p7->type); + switch (i) + { + case NID_pkcs7_signed: + certs=p7->d.sign->cert; + crls=p7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: + certs=p7->d.signed_and_enveloped->cert; + crls=p7->d.signed_and_enveloped->crl; + break; + default: + break; + } + + if (certs != NULL) + { + X509 *x; + + for (i=0; icrl->issuer,buf,256); + BIO_puts(out,"issuer= "); + BIO_puts(out,buf); + + BIO_puts(out,"\nlast update="); + ASN1_UTCTIME_print(out,crl->crl->lastUpdate); + BIO_puts(out,"\nnext update="); + ASN1_UTCTIME_print(out,crl->crl->nextUpdate); + BIO_puts(out,"\n"); + + PEM_write_bio_X509_CRL(out,crl); + BIO_puts(out,"\n"); + } + } + + ret=0; + goto end; + } + + if (outformat == FORMAT_ASN1) + i=i2d_PKCS7_bio(out,p7); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_PKCS7(out,p7); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + + if (!i) + { + BIO_printf(bio_err,"unable to write pkcs7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (p7 != NULL) PKCS7_free(p7); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + EXIT(ret); + } diff --git a/apps/privkey.pem b/apps/privkey.pem new file mode 100644 index 0000000000000000000000000000000000000000..8308004d5b8f8deef07733aa06967a7188573088 --- /dev/null +++ b/apps/privkey.pem @@ -0,0 +1,15 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,2221AF3DAA41AB24 + +IOx3ubYOV2SETDSWiuG4bsioEl7jA2CulYKAJvIfy8z5GI+08NwptNOUqbMhDV1s +156KhUvBvG48uz9mxcOyHjZRD0HNixGNMXDaFJSajINFoGtmYZRc20DEoY6buzsi +E76GK95cJHsjJsdNrdggIJRTaiLayLzsMFVDrKhmaJVTKlBpcdnFM4BEKSyD2H5N +OllrfK6GgmlH+WVXU9AlXoy5Jm0YXT7i5bPCB5eDDL/GkTISFHZsnEYpHCrMARsw +5V15dYEwFc6NA/psBGk1qS2CHVIOYNcfCfndR90+UCos+rMBkcQDfvxI95+L8dbS +ONJJrUqiCHV/zYSE+aXZN001mJJLvHOW65YbgdwSOfiowcv7HPbFrGdwOOJvSEx2 +d571YvqfsaDojwR5KLgfFDSwVBwzo/mfcFeVrT9Q8LwPL4/dwwoElWTmYbSaW0uZ +Ov73xRUbVGa5LTJoGbFVMvjpmEO2qtBsx7vq9AT8v8gDzYSuEafyC7d0h85EIfTJ +wPlIN3xKTiqFpp/eFCkdKqNn826NoC1TgQuoCBIrJ8gZsIr1l8R+iAuGxKGPASoF +cyqnpcqGgaaTrxnk9cX4dQ== +-----END DSA PRIVATE KEY----- diff --git a/apps/progs.h b/apps/progs.h new file mode 100644 index 0000000000000000000000000000000000000000..50e2ca4a4c63f36703eac0bc9d8c496b482859a7 --- /dev/null +++ b/apps/progs.h @@ -0,0 +1,223 @@ +#ifndef NOPROTO +extern int verify_main(int argc,char *argv[]); +extern int asn1parse_main(int argc,char *argv[]); +extern int req_main(int argc,char *argv[]); +extern int dgst_main(int argc,char *argv[]); +extern int dh_main(int argc,char *argv[]); +extern int enc_main(int argc,char *argv[]); +extern int gendh_main(int argc,char *argv[]); +extern int gendsa_main(int argc,char *argv[]); +extern int errstr_main(int argc,char *argv[]); +extern int ca_main(int argc,char *argv[]); +extern int crl_main(int argc,char *argv[]); +extern int rsa_main(int argc,char *argv[]); +extern int dsa_main(int argc,char *argv[]); +extern int dsaparam_main(int argc,char *argv[]); +extern int x509_main(int argc,char *argv[]); +extern int genrsa_main(int argc,char *argv[]); +extern int s_server_main(int argc,char *argv[]); +extern int s_client_main(int argc,char *argv[]); +extern int speed_main(int argc,char *argv[]); +extern int s_time_main(int argc,char *argv[]); +extern int version_main(int argc,char *argv[]); +extern int pkcs7_main(int argc,char *argv[]); +extern int crl2pkcs7_main(int argc,char *argv[]); +extern int sess_id_main(int argc,char *argv[]); +extern int ciphers_main(int argc,char *argv[]); +#else +extern int verify_main(); +extern int asn1parse_main(); +extern int req_main(); +extern int dgst_main(); +extern int dh_main(); +extern int enc_main(); +extern int gendh_main(); +extern int gendsa_main(); +extern int errstr_main(); +extern int ca_main(); +extern int crl_main(); +extern int rsa_main(); +extern int dsa_main(); +extern int dsaparam_main(); +extern int x509_main(); +extern int genrsa_main(); +extern int s_server_main(); +extern int s_client_main(); +extern int speed_main(); +extern int s_time_main(); +extern int version_main(); +extern int pkcs7_main(); +extern int crl2pkcs7_main(); +extern int sess_id_main(); +extern int ciphers_main(); +#endif + +#ifdef SSLEAY_SRC + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { + {FUNC_TYPE_GENERAL,"verify",verify_main}, + {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"req",req_main}, +#endif + {FUNC_TYPE_GENERAL,"dgst",dgst_main}, +#ifndef NO_DH + {FUNC_TYPE_GENERAL,"dh",dh_main}, +#endif + {FUNC_TYPE_GENERAL,"enc",enc_main}, +#ifndef NO_DH + {FUNC_TYPE_GENERAL,"gendh",gendh_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, +#endif + {FUNC_TYPE_GENERAL,"errstr",errstr_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"ca",ca_main}, +#endif + {FUNC_TYPE_GENERAL,"crl",crl_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"rsa",rsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"dsa",dsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, +#endif +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"x509",x509_main}, +#endif +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, +#endif +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_server",s_server_main}, +#endif +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_client",s_client_main}, +#endif + {FUNC_TYPE_GENERAL,"speed",speed_main}, +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_time",s_time_main}, +#endif + {FUNC_TYPE_GENERAL,"version",version_main}, + {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, + {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, + {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, +#endif + {FUNC_TYPE_MD,"md2",dgst_main}, + {FUNC_TYPE_MD,"md5",dgst_main}, + {FUNC_TYPE_MD,"sha",dgst_main}, + {FUNC_TYPE_MD,"sha1",dgst_main}, + {FUNC_TYPE_MD,"mdc2",dgst_main}, + {FUNC_TYPE_CIPHER,"base64",enc_main}, +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des3",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"desx",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea",enc_main}, +#endif +#ifndef NO_RC4 + {FUNC_TYPE_CIPHER,"rc4",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2",enc_main}, +#endif +#ifndef NO_BLOWFISH + {FUNC_TYPE_CIPHER,"bf",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ecb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ofb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-cbc",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-ecb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-cfb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, +#endif +#ifndef NO_BLOWFISH + {FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, +#endif +#ifndef NO_BLOWFISH + {FUNC_TYPE_CIPHER,"bf-ecb",enc_main}, +#endif +#ifndef NO_BLOWFISH + {FUNC_TYPE_CIPHER,"bf-cfb",enc_main}, +#endif +#ifndef NO_BLOWFISH + {FUNC_TYPE_CIPHER,"bf-ofb",enc_main}, +#endif + {0,NULL,NULL} + }; +#endif + diff --git a/apps/progs.pl b/apps/progs.pl new file mode 100644 index 0000000000000000000000000000000000000000..237dd4c698fbdf0ac240aaafca7f3b727a8f798a --- /dev/null +++ b/apps/progs.pl @@ -0,0 +1,110 @@ +#!/usr/local/bin/perl + +$mkprog='mklinks'; +$rmprog='rmlinks'; + +print "#ifndef NOPROTO\n"; + +grep(s/^asn1pars$/asn1parse/,@ARGV); + +foreach (@ARGV) + { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } +print "#else\n"; +foreach (@ARGV) + { printf "extern int %s_main();\n",$_; } +print "#endif\n"; + + +print <<'EOF'; + +#ifdef SSLEAY_SRC + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { +EOF + +foreach (@ARGV) + { + push(@files,$_); + $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) + { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } + elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || + ($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/)) + { print "#ifndef NO_RSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) + { print "#ifndef NO_DSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/)) + { print "#ifndef NO_DH\n${str}#endif\n"; } + else + { print $str; } + } + +foreach ("md2","md5","sha","sha1","mdc2") + { + push(@files,$_); + printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; + } + +foreach ( + "base64", + "des", "des3", "desx", "idea", "rc4", "rc2","bf", + "des-ecb", "des-ede", "des-ede3", + "des-cbc", "des-ede-cbc","des-ede3-cbc", + "des-cfb", "des-ede-cfb","des-ede3-cfb", + "des-ofb", "des-ede-ofb","des-ede3-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb", + "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb") + { + push(@files,$_); + + $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; } + elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; } + elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; } + elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; } + elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; } + print $t; + } + +print "\t{0,NULL,NULL}\n\t};\n"; +print "#endif\n\n"; + +open(OUT,">$mkprog") || die "unable to open '$prog':$!\n"; +print OUT "#!/bin/sh\nfor i in "; +foreach (@files) + { print OUT $_." "; } +print OUT <<'EOF'; + +do +echo making symlink for $i +/bin/rm -f $i +ln -s ssleay $i +done +EOF +close(OUT); +chmod(0755,$mkprog); + +open(OUT,">$rmprog") || die "unable to open '$prog':$!\n"; +print OUT "#!/bin/sh\nfor i in "; +foreach (@files) + { print OUT $_." "; } +print OUT <<'EOF'; + +do +echo removing $i +/bin/rm -f $i +done +EOF +close(OUT); +chmod(0755,$rmprog); diff --git a/apps/req.c b/apps/req.c new file mode 100644 index 0000000000000000000000000000000000000000..9b6041e1791bf4633d6e37f31ff42fca8c07b881 --- /dev/null +++ b/apps/req.c @@ -0,0 +1,1097 @@ +/* apps/req.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#ifdef WIN16 +#define APPS_WIN16 +#endif +#include "apps.h" +#include "bio.h" +#include "evp.h" +#include "rand.h" +#include "conf.h" +#include "err.h" +#include "asn1.h" +#include "x509.h" +#include "objects.h" +#include "pem.h" + +#define SECTION "req" + +#define BITS "default_bits" +#define KEYFILE "default_keyfile" +#define DISTINGUISHED_NAME "distinguished_name" +#define ATTRIBUTES "attributes" + +#define DEFAULT_KEY_LENGTH 512 +#define MIN_KEY_LENGTH 384 + +#undef PROG +#define PROG req_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -verify - check request signature + * -noout - don't print stuff out. + * -text - print out human readable text. + * -nodes - no des encryption + * -config file - Load configuration file. + * -key file - make a request using key in file (or use it for verification). + * -keyform - key file format. + * -newkey - make a key and a request. + * -modulus - print RSA modulus. + * -x509 - output a self signed X509 structure instead. + * -asn1-kludge - output new certificate request in a format that some CA's + * require. This format is wrong + */ + +#ifndef NOPROTO +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); +static int add_attribute_object(STACK *n, char *text, char *def, + char *value, int nid,int min,int max); +static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, + int nid,int min,int max); +static void MS_CALLBACK req_cb(int p,int n); +static int req_fix_data(int nid,int *type,int len,int min,int max); +#else +static int make_REQ(); +static int add_attribute_object(); +static int add_DN_object(); +static void MS_CALLBACK req_cb(); +static int req_fix_data(); +#endif + +#ifndef MONOLITH +static char *default_config_file=NULL; +static LHASH *config=NULL; +#endif +static LHASH *req_conf=NULL; + +#define TYPE_RSA 1 +#define TYPE_DSA 2 +#define TYPE_DH 3 + +int MAIN(argc, argv) +int argc; +char **argv; + { + DSA *dsa_params=NULL; + int ex=1,x509=0,days=30; + X509 *x509ss=NULL; + X509_REQ *req=NULL; + EVP_PKEY *pkey=NULL; + int i,badops=0,newreq=0,newkey= -1,pkey_type=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; + int nodes=0,kludge=0; + char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + EVP_CIPHER *cipher=NULL; + int modulus=0; + char *p; + EVP_MD *md_alg=NULL,*digest=EVP_md5(); +#ifndef MONOLITH + MS_STATIC char config_name[256]; +#endif + +#ifndef NO_DES + cipher=EVP_des_ede3_cbc(); +#endif + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-new") == 0) + { + pkey_type=TYPE_RSA; + newreq=1; + } + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + template= *(++argv); + } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyform=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-keyout") == 0) + { + if (--argc < 1) goto bad; + keyout= *(++argv); + } + else if (strcmp(*argv,"-newkey") == 0) + { + if (--argc < 1) goto bad; + p= *(++argv); + if ((strncmp("rsa:",p,4) == 0) || + ((p[0] >= '0') && (p[0] <= '9'))) + { + pkey_type=TYPE_RSA; + p+=4; + newkey= atoi(p); + } + else if (strncmp("dsa:",p,4) == 0) + { + X509 *xtmp=NULL; + EVP_PKEY *dtmp; + + pkey_type=TYPE_DSA; + p+=4; + if ((in=BIO_new_file(p,"r")) == NULL) + { + perror(p); + goto end; + } + if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL) + { + ERR_clear_error(); + BIO_reset(in); + if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameters from file\n"); + goto end; + } + dtmp=X509_get_pubkey(xtmp); + if (dtmp->type == EVP_PKEY_DSA) + dsa_params=DSAparams_dup(dtmp->pkey.dsa); + X509_free(xtmp); + if (dsa_params == NULL) + { + BIO_printf(bio_err,"Certificate does not contain DSA parameters\n"); + goto end; + } + + } + BIO_free(in); + newkey=BN_num_bits(dsa_params->p); + in=NULL; + } + else if (strncmp("dh:",p,4) == 0) + { + pkey_type=TYPE_DH; + p+=3; + } + else + pkey_type=TYPE_RSA; + + newreq=1; + } + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if (strcmp(*argv,"-verify") == 0) + verify=1; + else if (strcmp(*argv,"-nodes") == 0) + nodes=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-x509") == 0) + x509=1; + else if (strcmp(*argv,"-asn1-kludge") == 0) + kludge=1; + else if (strcmp(*argv,"-no-asn1-kludge") == 0) + kludge=0; + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days= atoi(*(++argv)); + if (days == 0) days=30; + } + else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + { + /* ok */ + digest=md_alg; + } + else + + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text text form of request\n"); + BIO_printf(bio_err," -noout do not output REQ\n"); + BIO_printf(bio_err," -verify verify signature on REQ\n"); + BIO_printf(bio_err," -modulus RSA modulus\n"); + BIO_printf(bio_err," -nodes don't encrypt the output key\n"); + BIO_printf(bio_err," -key file use the private key contained in file\n"); + BIO_printf(bio_err," -keyform arg key file format\n"); + BIO_printf(bio_err," -keyout arg file to send the key to\n"); + BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); + BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); + + BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n"); + BIO_printf(bio_err," -config file request templace file.\n"); + BIO_printf(bio_err," -new new request.\n"); + BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); + BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); + BIO_printf(bio_err," have been reported as requiring\n"); + BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n"); + goto end; + } + + ERR_load_crypto_strings(); + +#ifndef MONOLITH + /* Lets load up our environment a little */ + p=getenv("SSLEAY_CONF"); + if (p == NULL) + { + strcpy(config_name,X509_get_default_cert_area()); + strcat(config_name,"/lib/"); + strcat(config_name,SSLEAY_CONF); + p=config_name; + } + default_config_file=p; + config=CONF_load(config,p,NULL); +#endif + + if (template != NULL) + { + long errline; + + BIO_printf(bio_err,"Using configuration from %s\n",template); + req_conf=CONF_load(NULL,template,&errline); + if (req_conf == NULL) + { + BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); + goto end; + } + } + else + { + req_conf=config; + BIO_printf(bio_err,"Using configuration from %s\n", + default_config_file); + if (req_conf == NULL) + { + BIO_printf(bio_err,"Unable to load config info\n"); + } + } + + if ((md_alg == NULL) && + ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) + { + if ((md_alg=EVP_get_digestbyname(p)) != NULL) + digest=md_alg; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + goto end; + + if (keyfile != NULL) + { + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + goto end; + } + +/* if (keyform == FORMAT_ASN1) + rsa=d2i_RSAPrivateKey_bio(in,NULL); + else */ + if (keyform == FORMAT_PEM) + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } + + if (pkey == NULL) + { + BIO_printf(bio_err,"unable to load Private key\n"); + goto end; + } + } + + if (newreq && (pkey == NULL)) + { + char *randfile; + char buffer[200]; + + if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL) + randfile=RAND_file_name(buffer,200); +#ifdef WINDOWS + BIO_printf(bio_err,"Loading 'screen' into random state -"); + BIO_flush(bio_err); + RAND_screen(); + BIO_printf(bio_err," done\n"); +#endif + if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L)) + { + BIO_printf(bio_err,"unable to load 'random state'\n"); + BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n"); + BIO_printf(bio_err,"with much random data.\n"); + BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n"); + BIO_printf(bio_err,"'random' data can be kept in.\n"); + } + if (newkey <= 0) + { + newkey=(int)CONF_get_number(req_conf,SECTION,BITS); + if (newkey <= 0) + newkey=DEFAULT_KEY_LENGTH; + } + + if (newkey < MIN_KEY_LENGTH) + { + BIO_printf(bio_err,"private key length is too short,\n"); + BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + goto end; + } + BIO_printf(bio_err,"Generating a %d bit %s private key\n", + newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA"); + + if ((pkey=EVP_PKEY_new()) == NULL) goto end; + +#ifndef NO_RSA + if (pkey_type == TYPE_RSA) + { + if (!EVP_PKEY_assign_RSA(pkey, + RSA_generate_key(newkey,0x10001,req_cb))) + goto end; + } + else +#endif +#ifndef NO_DSA + if (pkey_type == TYPE_DSA) + { + if (!DSA_generate_key(dsa_params)) goto end; + if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end; + dsa_params=NULL; + } +#endif + + if ((randfile == NULL) || (RAND_write_file(randfile) == 0)) + BIO_printf(bio_err,"unable to write 'random state'\n"); + + if (pkey == NULL) goto end; + + if (keyout == NULL) + keyout=CONF_get_string(req_conf,SECTION,KEYFILE); + + if (keyout == NULL) + { + BIO_printf(bio_err,"writing new private key to stdout\n"); + BIO_set_fp(out,stdout,BIO_NOCLOSE); + } + else + { + BIO_printf(bio_err,"writing new private key to '%s'\n",keyout); + if (BIO_write_filename(out,keyout) <= 0) + { + perror(keyout); + goto end; + } + } + + p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); + if (p == NULL) + p=CONF_get_string(req_conf,SECTION,"encrypt_key"); + if ((p != NULL) && (strcmp(p,"no") == 0)) + cipher=NULL; + if (nodes) cipher=NULL; + + i=0; +loop: + if (!PEM_write_bio_PrivateKey(out,pkey,cipher, + NULL,0,NULL)) + { + if ((ERR_GET_REASON(ERR_peek_error()) == + PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) + { + ERR_clear_error(); + i++; + goto loop; + } + goto end; + } + BIO_printf(bio_err,"-----\n"); + } + + if (!newreq) + { + /* Since we are using a pre-existing certificate + * request, the kludge 'format' info should not be + * changed. */ + kludge= -1; + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + req=d2i_X509_REQ_bio(in,NULL); + else if (informat == FORMAT_PEM) + req=PEM_read_bio_X509_REQ(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } + if (req == NULL) + { + BIO_printf(bio_err,"unable to load X509 request\n"); + goto end; + } + } + + if (newreq || x509) + { + if (pkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); + + if (pkey == NULL) + { + BIO_printf(bio_err,"you need to specify a private key\n"); + goto end; + } + if (req == NULL) + { + req=X509_REQ_new(); + if (req == NULL) + { + goto end; + } + + i=make_REQ(req,pkey,!x509); + if (kludge >= 0) + req->req_info->req_kludge=kludge; + if (!i) + { + BIO_printf(bio_err,"problems making Certificate Request\n"); + goto end; + } + } + if (x509) + { + if ((x509ss=X509_new()) == NULL) goto end; + + /* don't set the version number, for starters + * the field is null and second, null is v0 + * if (!ASN1_INTEGER_set(ci->version,0L)) goto end; + */ + ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); + + X509_set_issuer_name(x509ss, + X509_REQ_get_subject_name(req)); + X509_gmtime_adj(X509_get_notBefore(x509ss),0); + X509_gmtime_adj(X509_get_notAfter(x509ss), + (long)60*60*24*days); + X509_set_subject_name(x509ss, + X509_REQ_get_subject_name(req)); + X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req)); + + if (!(i=X509_sign(x509ss,pkey,digest))) + goto end; + } + else + { + if (!(i=X509_REQ_sign(req,pkey,digest))) + goto end; + } + } + + if (verify && !x509) + { + int tmp=0; + + if (pkey == NULL) + { + pkey=X509_REQ_get_pubkey(req); + tmp=1; + if (pkey == NULL) goto end; + } + + i=X509_REQ_verify(req,pkey); + if (tmp) pkey=NULL; + + if (i < 0) + { + goto end; + } + else if (i == 0) + { + BIO_printf(bio_err,"verify failure\n"); + } + else /* if (i > 0) */ + BIO_printf(bio_err,"verify OK\n"); + } + + if (noout && !text && !modulus) + { + ex=0; + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) + i=(int)BIO_append_filename(out,outfile); + else + i=(int)BIO_write_filename(out,outfile); + if (!i) + { + perror(outfile); + goto end; + } + } + + if (text) + { + if (x509) + X509_print(out,x509ss); + else + X509_REQ_print(out,req); + } + + if (modulus) + { + EVP_PKEY *pubkey; + + if (x509) + pubkey=X509_get_pubkey(x509ss); + else + pubkey=X509_REQ_get_pubkey(req); + if (pubkey == NULL) + { + fprintf(stdout,"Modulus=unavailable\n"); + goto end; + } + fprintf(stdout,"Modulus="); + if (pubkey->type == EVP_PKEY_RSA) + BN_print(out,pubkey->pkey.rsa->n); + else + fprintf(stdout,"Wrong Algorithm type"); + fprintf(stdout,"\n"); + } + + if (!noout && !x509) + { + if (outformat == FORMAT_ASN1) + i=i2d_X509_REQ_bio(out,req); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509_REQ(out,req); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write X509 request\n"); + goto end; + } + } + if (!noout && x509 && (x509ss != NULL)) + { + if (outformat == FORMAT_ASN1) + i=i2d_X509_bio(out,x509ss); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509(out,x509ss); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write X509 certificate\n"); + goto end; + } + } + ex=0; +end: + if (ex) + { + ERR_print_errors(bio_err); + } + if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (pkey != NULL) EVP_PKEY_free(pkey); + if (req != NULL) X509_REQ_free(req); + if (x509ss != NULL) X509_free(x509ss); + if (dsa_params != NULL) DSA_free(dsa_params); + EXIT(ex); + } + +static int make_REQ(req,pkey,attribs) +X509_REQ *req; +EVP_PKEY *pkey; +int attribs; + { + int ret=0,i,j; + unsigned char *p; + X509_REQ_INFO *ri; + char buf[100]; + int nid,min,max; + char *type,*def,*tmp,*value,*tmp_attr; + STACK *sk,*attr=NULL; + CONF_VALUE *v; + + tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + if (tmp == NULL) + { + BIO_printf(bio_err,"unable to find '%s' in config\n", + DISTINGUISHED_NAME); + goto err; + } + sk=CONF_get_section(req_conf,tmp); + if (sk == NULL) + { + BIO_printf(bio_err,"unable to get '%s' section\n",tmp); + goto err; + } + + tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + if (tmp_attr == NULL) + attr=NULL; + else + { + attr=CONF_get_section(req_conf,tmp_attr); + if (attr == NULL) + { + BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr); + goto err; + } + } + + ri=req->req_info; + + BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); + BIO_printf(bio_err,"into your certificate request.\n"); + BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); + BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); + BIO_printf(bio_err,"For some fields there will be a default value,\n"); + BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); + BIO_printf(bio_err,"-----\n"); + + /* setup version number */ + if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ + + if (sk_num(sk)) + { + i= -1; +start: for (;;) + { + i++; + if ((int)sk_num(sk) <= i) break; + + v=(CONF_VALUE *)sk_value(sk,i); + p=NULL; + type=v->name; + for (j=0; type[j] != '\0'; j++) + { + if ( (type[j] == ':') || + (type[j] == ',') || + (type[j] == '.')) + p= (unsigned char *)&(type[j+1]); + } + if (p != NULL) + type=(char *)p; + if ((nid=OBJ_txt2nid(type)) == NID_undef) + goto start; + + sprintf(buf,"%s_default",v->name); + if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL) + def=""; + + sprintf(buf,"%s_value",v->name); + if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL) + value=NULL; + + sprintf(buf,"%s_min",v->name); + min=(int)CONF_get_number(req_conf,tmp,buf); + + sprintf(buf,"%s_max",v->name); + max=(int)CONF_get_number(req_conf,tmp,buf); + + if (!add_DN_object(ri->subject,v->value,def,value,nid, + min,max)) + goto err; + } + if (sk_num(ri->subject->entries) == 0) + { + BIO_printf(bio_err,"error, no objects specified in config file\n"); + goto err; + } + + if (attribs) + { + if ((attr != NULL) && (sk_num(attr) > 0)) + { + BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); + BIO_printf(bio_err,"to be sent with your certificate request\n"); + } + + i= -1; +start2: for (;;) + { + i++; + if ((attr == NULL) || ((int)sk_num(attr) <= i)) + break; + + v=(CONF_VALUE *)sk_value(attr,i); + type=v->name; + if ((nid=OBJ_txt2nid(type)) == NID_undef) + goto start2; + + sprintf(buf,"%s_default",type); + if ((def=CONF_get_string(req_conf,tmp_attr,buf)) + == NULL) + def=""; + + sprintf(buf,"%s_value",type); + if ((value=CONF_get_string(req_conf,tmp_attr,buf)) + == NULL) + value=NULL; + + sprintf(buf,"%s_min",type); + min=(int)CONF_get_number(req_conf,tmp_attr,buf); + + sprintf(buf,"%s_max",type); + max=(int)CONF_get_number(req_conf,tmp_attr,buf); + + if (!add_attribute_object(ri->attributes, + v->value,def,value,nid,min,max)) + goto err; + } + } + } + else + { + BIO_printf(bio_err,"No template, please set one up.\n"); + goto err; + } + + X509_REQ_set_pubkey(req,pkey); + + ret=1; +err: + return(ret); + } + +static int add_DN_object(n,text,def,value,nid,min,max) +X509_NAME *n; +char *text; +char *def; +char *value; +int nid; +int min; +int max; + { + int i,j,ret=0; + X509_NAME_ENTRY *ne=NULL; + MS_STATIC char buf[1024]; + + BIO_printf(bio_err,"%s [%s]:",text,def); + BIO_flush(bio_err); + if (value != NULL) + { + strcpy(buf,value); + strcat(buf,"\n"); + BIO_printf(bio_err,"%s\n",value); + } + else + { + buf[0]='\0'; + fgets(buf,1024,stdin); + } + + if (buf[0] == '\0') return(0); + else if (buf[0] == '\n') + { + if ((def == NULL) || (def[0] == '\0')) + return(1); + strcpy(buf,def); + strcat(buf,"\n"); + } + else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); + + i=strlen(buf); + if (buf[i-1] != '\n') + { + BIO_printf(bio_err,"weird input :-(\n"); + return(0); + } + buf[--i]='\0'; + + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + if (req_fix_data(nid,&j,i,min,max) == 0) + goto err; + if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf, + strlen(buf))) + == NULL) goto err; + if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) + goto err; + + ret=1; +err: + if (ne != NULL) X509_NAME_ENTRY_free(ne); + return(ret); + } + +static int add_attribute_object(n,text,def,value,nid,min,max) +STACK *n; +char *text; +char *def; +char *value; +int nid; +int min; +int max; + { + int i,z; + X509_ATTRIBUTE *xa=NULL; + static char buf[1024]; + ASN1_BIT_STRING *bs=NULL; + ASN1_TYPE *at=NULL; + +start: + BIO_printf(bio_err,"%s [%s]:",text,def); + BIO_flush(bio_err); + if (value != NULL) + { + strcpy(buf,value); + strcat(buf,"\n"); + BIO_printf(bio_err,"%s\n",value); + } + else + { + buf[0]='\0'; + fgets(buf,1024,stdin); + } + + if (buf[0] == '\0') return(0); + else if (buf[0] == '\n') + { + if ((def == NULL) || (def[0] == '\0')) + return(1); + strcpy(buf,def); + strcat(buf,"\n"); + } + else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); + + i=strlen(buf); + if (buf[i-1] != '\n') + { + BIO_printf(bio_err,"weird input :-(\n"); + return(0); + } + buf[--i]='\0'; + + /* add object plus value */ + if ((xa=X509_ATTRIBUTE_new()) == NULL) + goto err; + if ((xa->value.set=sk_new_null()) == NULL) + goto err; + xa->set=1; + + if (xa->object != NULL) ASN1_OBJECT_free(xa->object); + xa->object=OBJ_nid2obj(nid); + + if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err; + + bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + + z=req_fix_data(nid,&bs->type,i,min,max); + if (z == 0) + { + if (value == NULL) + goto start; + else goto err; + } + + if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1)) + { BIO_printf(bio_err,"Malloc failure\n"); goto err; } + + if ((at=ASN1_TYPE_new()) == NULL) + { BIO_printf(bio_err,"Malloc failure\n"); goto err; } + + ASN1_TYPE_set(at,bs->type,(char *)bs); + sk_push(xa->value.set,(char *)at); + bs=NULL; + at=NULL; + /* only one item per attribute */ + + if (!sk_push(n,(char *)xa)) goto err; + return(1); +err: + if (xa != NULL) X509_ATTRIBUTE_free(xa); + if (at != NULL) ASN1_TYPE_free(at); + if (bs != NULL) ASN1_BIT_STRING_free(bs); + return(0); + } + +static void MS_CALLBACK req_cb(p, n) +int p; +int n; + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(bio_err,&c,1); + BIO_flush(bio_err); +#ifdef LINT + p=n; +#endif + } + +static int req_fix_data(nid,type,len,min,max) +int nid; +int *type; +int len,min,max; + { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && + (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_unstructuredName) && + (*type == V_ASN1_T61STRING)) + { + BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n"); + return(0); + } + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + + if (len < min) + { + BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); + return(0); + } + if ((max != 0) && (len > max)) + { + BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); + return(0); + } + return(1); + } diff --git a/apps/rmlinks b/apps/rmlinks new file mode 100644 index 0000000000000000000000000000000000000000..54bc996f1163c7de7f2311a875046cd453a91f68 --- /dev/null +++ b/apps/rmlinks @@ -0,0 +1,6 @@ +#!/bin/sh +for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb +do +echo removing $i +/bin/rm -f $i +done diff --git a/apps/rsa.c b/apps/rsa.c new file mode 100644 index 0000000000000000000000000000000000000000..9f2df771bd04fcbfd3669b1f4f12f5e3725fa3c6 --- /dev/null +++ b/apps/rsa.c @@ -0,0 +1,303 @@ +/* apps/rsa.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include "bio.h" +#include "err.h" +#include "rsa.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +#undef PROG +#define PROG rsa_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -text - print a text version + * -modulus - print the RSA key modulus + */ + +int MAIN(argc, argv) +int argc; +char **argv; + { + int ret=1; + RSA *rsa=NULL; + int i,badops=0; + EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat,text=0,noout=0; + char *infile,*outfile,*prog; + int modulus=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg inout file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the RSA key modulus\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err,"read RSA private key\n"); + if (informat == FORMAT_ASN1) + rsa=d2i_RSAPrivateKey_bio(in,NULL); +#ifndef NO_RC4 + else if (informat == FORMAT_NETSCAPE) + { + BUF_MEM *buf=NULL; + unsigned char *p; + int size=0; + + buf=BUF_MEM_new(); + for (;;) + { + if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) + goto end; + i=BIO_read(in,&(buf->data[size]),1024*10); + size+=i; + if (i == 0) break; + if (i < 0) + { + perror("reading private key"); + BUF_MEM_free(buf); + goto end; + } + } + p=(unsigned char *)buf->data; + rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL); + BUF_MEM_free(buf); + } +#endif + else if (informat == FORMAT_PEM) + rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } + if (rsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) + if (!RSA_print(out,rsa,0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (modulus) + { + fprintf(stdout,"Modulus="); + BN_print(out,rsa->n); + fprintf(stdout,"\n"); + } + + if (noout) goto end; + BIO_printf(bio_err,"writing RSA private key\n"); + if (outformat == FORMAT_ASN1) + i=i2d_RSAPrivateKey_bio(out,rsa); +#ifndef NO_RC4 + else if (outformat == FORMAT_NETSCAPE) + { + unsigned char *p,*pp; + int size; + + i=1; + size=i2d_Netscape_RSA(rsa,NULL,NULL); + if ((p=(unsigned char *)Malloc(size)) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + pp=p; + i2d_Netscape_RSA(rsa,&p,NULL); + BIO_write(out,(char *)pp,size); + Free(pp); + } +#endif + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (rsa != NULL) RSA_free(rsa); + EXIT(ret); + } + diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem new file mode 100644 index 0000000000000000000000000000000000000000..946a6e5433cefe8a98015c750f970aac9b08176c --- /dev/null +++ b/apps/rsa8192.pem @@ -0,0 +1,101 @@ +-----BEGIN RSA PRIVATE KEY----- + +MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ +ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF +MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY +55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm +yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3 +tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA +LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE +aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d +PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59 +mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi +71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z +d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2 +wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0 +bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE +Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa +Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd +pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS +os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah +mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx +cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K +LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ +tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS +PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9 +psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0 +9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6 +xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c +ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW +RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf +1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI +P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH +77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4 +4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I +/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg +GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq +HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB +ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy +AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT +52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p +5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr +7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5 +KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h +cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1 +dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/ +DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw +Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr +f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ +J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+ +TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY +fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c +Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5 +mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC +YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd +mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ +Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw +c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w +Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR +WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh +KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi +JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo +yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ +kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 +DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN +22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz +D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP +PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 +dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ +FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg +6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz +eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG +bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz +XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf +7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w +82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly +beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr +pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9 +70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM +YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin +ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy +lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe +4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P +lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG +LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3 +x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w +O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD +6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80 +Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz +DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn +Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R +oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q +nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H +X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV +QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg +TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c +46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE +rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv +I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= +-----END RSA PRIVATE KEY----- + diff --git a/apps/s1024key.pem b/apps/s1024key.pem new file mode 100644 index 0000000000000000000000000000000000000000..19e04035724fbb6e9f18952e35c43aab673101da --- /dev/null +++ b/apps/s1024key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV +S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP +pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB +AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0 +dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY +bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E +Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq +zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM +6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf +QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD +dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M +0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv +nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA== +-----END RSA PRIVATE KEY----- diff --git a/apps/s1024req.pem b/apps/s1024req.pem new file mode 100644 index 0000000000000000000000000000000000000000..bb75e7eeb7e9472acea61abb5fc3122ad11173cd --- /dev/null +++ b/apps/s1024req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz +dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR +9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo +KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2 +RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE +BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq +nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil +frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M= +-----END CERTIFICATE REQUEST----- diff --git a/apps/s512-key.pem b/apps/s512-key.pem new file mode 100644 index 0000000000000000000000000000000000000000..0e3ff2d373a3f39bfac9596309c29a6b5f6991b3 --- /dev/null +++ b/apps/s512-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD +TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu +OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj +gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz +rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b +PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA +vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= +-----END RSA PRIVATE KEY----- diff --git a/apps/s512-req.pem b/apps/s512-req.pem new file mode 100644 index 0000000000000000000000000000000000000000..ea314be5550e129686babeed177d98dee9b1af75 --- /dev/null +++ b/apps/s512-req.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa +MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0 +IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S +MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E +y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm +5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8= +-----END CERTIFICATE REQUEST----- diff --git a/apps/s_apps.h b/apps/s_apps.h new file mode 100644 index 0000000000000000000000000000000000000000..685767454a27f75bc4e7ba7934f4a330f09927e6 --- /dev/null +++ b/apps/s_apps.h @@ -0,0 +1,122 @@ +/* apps/s_apps.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define PORT 4433 +#define PORT_STR "4433" +#define PROTOCOL "tcp" + +#ifndef NOPROTO +int do_accept(int acc_sock, int *sock, char **host); +int do_server(int port, int *ret, int (*cb) ()); +#ifdef HEADER_X509_H +int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +#else +int MS_CALLBACK verify_callback(int ok, char *ctx); +#endif +#ifdef HEADER_SSL_H +int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); +#else +int set_cert_stuff(char *ctx, char *cert_file, char *key_file); +#endif +int init_client(int *sock, char *server, int port); +int init_client_ip(int *sock,unsigned char ip[4], int port); +int nbio_init_client_ip(int *sock,unsigned char ip[4], int port); +int nbio_sock_error(int sock); +int spawn(int argc, char **argv, int *in, int *out); +int init_server(int *sock, int port); +int should_retry(int i); +int sock_err(void ); +int socket_ioctl(int, long,unsigned long *); +void sock_cleanup(void ); +int extract_port(char *str, short *port_ptr); +int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +int host_ip(char *str, unsigned char ip[4]); + +long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp, + int argi, long argl, long ret); + +#ifdef HEADER_SSL_H +void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret); +#else +void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret); +#endif + +#else +int do_accept(); +int do_server(); +int MS_CALLBACK verify_callback(); +int set_cert_stuff(); +int init_client(); +int init_client_ip(); +int nbio_init_client_ip(); +int nbio_sock_error(); +int spawn(); +int init_server(); +int should_retry(); +int sock_err(); +int socket_ioctl(); +void sock_cleanup(); +int extract_port(); +int extract_host_port(); +int host_ip(); + +long MS_CALLBACK bio_dump_cb(); +void MS_CALLBACK apps_ssl_info_callback(); + +#endif + diff --git a/apps/s_cb.c b/apps/s_cb.c new file mode 100644 index 0000000000000000000000000000000000000000..712a043311564bfab5e24df82f82ccf17a9960d7 --- /dev/null +++ b/apps/s_cb.c @@ -0,0 +1,243 @@ +/* apps/s_cb.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#define USE_SOCKETS +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN +#undef USE_SOCKETS +#include "err.h" +#include "x509.h" +#include "ssl.h" +#include "s_apps.h" + +int verify_depth=0; +int verify_error=X509_V_OK; + +/* should be X509 * but we can just have them as char *. */ +int MS_CALLBACK verify_callback(ok, ctx) +int ok; +X509_STORE_CTX *ctx; + { + char buf[256]; + X509 *err_cert; + int err,depth; + + err_cert=X509_STORE_CTX_get_current_cert(ctx); + err= X509_STORE_CTX_get_error(ctx); + depth= X509_STORE_CTX_get_error_depth(ctx); + + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + BIO_printf(bio_err,"depth=%d %s\n",depth,buf); + if (!ok) + { + BIO_printf(bio_err,"verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err)); + if (verify_depth >= depth) + { + ok=1; + verify_error=X509_V_OK; + } + else + { + ok=0; + verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; + } + } + switch (ctx->error) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + BIO_printf(bio_err,"issuer= %s\n",buf); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err,"notBefore="); + ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err,"notAfter="); + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + } + BIO_printf(bio_err,"verify return:%d\n",ok); + return(ok); + } + +int set_cert_stuff(ctx, cert_file, key_file) +SSL_CTX *ctx; +char *cert_file; +char *key_file; + { + if (cert_file != NULL) + { + SSL *ssl; + X509 *x509; + + if (SSL_CTX_use_certificate_file(ctx,cert_file, + SSL_FILETYPE_PEM) <= 0) + { + BIO_printf(bio_err,"unable to set certificate file\n"); + ERR_print_errors(bio_err); + return(0); + } + if (key_file == NULL) key_file=cert_file; + if (SSL_CTX_use_PrivateKey_file(ctx,key_file, + SSL_FILETYPE_PEM) <= 0) + { + BIO_printf(bio_err,"unable to set public key file\n"); + ERR_print_errors(bio_err); + return(0); + } + + ssl=SSL_new(ctx); + x509=SSL_get_certificate(ssl); + + if (x509 != NULL) + EVP_PKEY_copy_parameters(X509_get_pubkey(x509), + SSL_get_privatekey(ssl)); + SSL_free(ssl); + + /* If we are using DSA, we can copy the parameters from + * the private key */ + + + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + return(0); + } + } + return(1); + } + +long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret) +BIO *bio; +int cmd; +char *argp; +int argi; +long argl; +long ret; + { + BIO *out; + + out=(BIO *)BIO_get_callback_arg(bio); + if (out == NULL) return(ret); + + if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) + { + BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", + bio,argp,argi,ret,ret); + BIO_dump(out,argp,(int)ret); + return(ret); + } + else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) + { + BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", + bio,argp,argi,ret,ret); + BIO_dump(out,argp,(int)ret); + } + return(ret); + } + +void MS_CALLBACK apps_ssl_info_callback(s,where,ret) +SSL *s; +int where; +int ret; + { + char *str; + int w; + + w=where& ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) str="SSL_connect"; + else if (w & SSL_ST_ACCEPT) str="SSL_accept"; + else str="undefined"; + + if (where & SSL_CB_LOOP) + { + BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); + } + else if (where & SSL_CB_ALERT) + { + str=(where & SSL_CB_READ)?"read":"write"; + BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", + str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } + else if (where & SSL_CB_EXIT) + { + if (ret == 0) + BIO_printf(bio_err,"%s:failed in %s\n", + str,SSL_state_string_long(s)); + else if (ret < 0) + { + BIO_printf(bio_err,"%s:error in %s\n", + str,SSL_state_string_long(s)); + } + } + } + diff --git a/apps/s_client.c b/apps/s_client.c new file mode 100644 index 0000000000000000000000000000000000000000..b5dc238878a73aa8b264ca57414a41950fb404fd --- /dev/null +++ b/apps/s_client.c @@ -0,0 +1,717 @@ +/* apps/s_client.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#define USE_SOCKETS +#ifdef WIN16 +#define APPS_WIN16 +#endif +#include "apps.h" +#include "x509.h" +#include "ssl.h" +#include "err.h" +#include "pem.h" +#include "s_apps.h" + +#undef PROG +#define PROG s_client_main + +/*#define SSL_HOST_NAME "www.netscape.com" */ +/*#define SSL_HOST_NAME "193.118.187.102" */ +#define SSL_HOST_NAME "localhost" + +/*#define TEST_CERT "client.pem" */ /* no default cert. */ + +#undef BUFSIZZ +#define BUFSIZZ 1024*8 + +extern int verify_depth; +extern int verify_error; + +#ifdef FIONBIO +static int c_nbio=0; +#endif +static int c_Pause=0; +static int c_debug=0; + +#ifndef NOPROTO +static void sc_usage(void); +static void print_stuff(BIO *berr,SSL *con,int full); +#else +static void sc_usage(); +static void print_stuff(); +#endif + +static BIO *bio_c_out=NULL; +static int c_quiet=0; + +static void sc_usage() + { + BIO_printf(bio_err,"usage: client args\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); + + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified but cert file is.\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err," -state - print the 'ssl' states\n"); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err," -quiet - no s_client output\n"); + BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); + BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n"); + BIO_printf(bio_err," command to se what is available\n"); + + } + +int MAIN(argc, argv) +int argc; +char **argv; + { + SSL *con=NULL,*con2=NULL; + int s,k,width,state=0; + char *cbuf=NULL,*sbuf=NULL; + int cbuf_len,cbuf_off; + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; + char *CApath=NULL,*CAfile=NULL,*cipher=NULL; + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; + int write_tty,read_tty,write_ssl,read_ssl,tty_on; + SSL_CTX *ctx=NULL; + int ret=1,in_init=1,i,nbio_test=0; + SSL_METHOD *meth=NULL; + BIO *sbio; + /*static struct timeval timeout={10,0};*/ + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_client_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_client_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_client_method(); +#endif + + apps_startup(); + c_quiet=0; + c_debug=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || + ((sbuf=Malloc(BUFSIZZ)) == NULL)) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + + verify_depth=0; + verify_error=X509_V_OK; +#ifdef FIONBIO + c_nbio=0; +#endif + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-host") == 0) + { + if (--argc < 1) goto bad; + host= *(++argv); + } + else if (strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; + port=atoi(*(++argv)); + if (port == 0) goto bad; + } + else if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; + if (!extract_host_port(*(++argv),&host,NULL,&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + verify=SSL_VERIFY_PEER; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + cert_file= *(++argv); + } + else if (strcmp(*argv,"-quiet") == 0) + c_quiet=1; + else if (strcmp(*argv,"-pause") == 0) + c_Pause=1; + else if (strcmp(*argv,"-debug") == 0) + c_debug=1; + else if (strcmp(*argv,"-nbio_test") == 0) + nbio_test=1; + else if (strcmp(*argv,"-state") == 0) + state=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif + else if (strcmp(*argv,"-bugs") == 0) + bugs=1; + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key_file= *(++argv); + } + else if (strcmp(*argv,"-reconnect") == 0) + { + reconnect=5; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { c_nbio=1; } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sc_usage(); + goto end; + } + + if (bio_c_out == NULL) + { + if (c_quiet) + { + bio_c_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_c_out == NULL) + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + + SSLeay_add_ssl_algorithms(); + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); +#if 0 + else + SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); +#endif + + SSL_CTX_set_verify(ctx,verify,verify_callback); + if (!set_cert_stuff(ctx,cert_file,key_file)) + goto end; + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + BIO_printf(bio_err,"error seting default verify locations\n"); + ERR_print_errors(bio_err); + goto end; + } + + SSL_load_error_strings(); + + con=(SSL *)SSL_new(ctx); + +re_start: + + if (init_client(&s,host,port) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",errno); + SHUTDOWN(s); + goto end; + } + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + +#ifdef FIONBIO + if (c_nbio) + { + unsigned long l=1; + BIO_printf(bio_c_out,"turning on non blocking io\n"); + socket_ioctl(s,FIONBIO,&l); + } +#endif + if (c_Pause & 0x01) con->debug=1; + sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if (nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + + if (c_debug) + { + con->debug=1; + BIO_set_callback(sbio,bio_dump_cb); + BIO_set_callback_arg(sbio,bio_c_out); + } + + SSL_set_bio(con,sbio,sbio); + SSL_set_connect_state(con); + + /* ok, lets connect */ + width=SSL_get_fd(con)+1; + + read_tty=1; + write_tty=0; + tty_on=0; + read_ssl=1; + write_ssl=1; + + cbuf_len=0; + cbuf_off=0; + sbuf_len=0; + sbuf_off=0; + + for (;;) + { + FD_ZERO(&readfds); + FD_ZERO(&writefds); + + if (SSL_in_init(con)) + { + in_init=1; + tty_on=0; + } + else + { + tty_on=1; + if (in_init) + { + in_init=0; + print_stuff(bio_c_out,con,full_log); + if (full_log > 0) full_log--; + + if (reconnect) + { + reconnect--; + BIO_printf(bio_c_out,"drop connection and then reconnect\n"); + SSL_shutdown(con); + SSL_set_connect_state(con); + SHUTDOWN(SSL_get_fd(con)); + goto re_start; + } + } + } + +#ifndef WINDOWS + if (tty_on) + { + if (read_tty) FD_SET(fileno(stdin),&readfds); + if (write_tty) FD_SET(fileno(stdout),&writefds); + } +#endif + if (read_ssl) + FD_SET(SSL_get_fd(con),&readfds); + if (write_ssl) + FD_SET(SSL_get_fd(con),&writefds); + +/* printf("mode tty(%d %d%d) ssl(%d%d)\n", + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ + +/* printf("pending=%d\n",SSL_pending(con)); */ + i=select(width,&readfds,&writefds,NULL,NULL); + if ( i < 0) + { + BIO_printf(bio_err,"bad select %d\n",sock_err()); + goto shut; + /* goto end; */ + } + + if (FD_ISSET(SSL_get_fd(con),&writefds)) + { + k=SSL_write(con,&(cbuf[cbuf_off]), + (unsigned int)cbuf_len); + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + cbuf_off+=k; + cbuf_len-=k; + if (k <= 0) goto end; + /* we have done a write(con,NULL,0); */ + if (cbuf_len <= 0) + { + read_tty=1; + write_ssl=0; + } + else /* if (cbuf_len > 0) */ + { + read_tty=0; + write_ssl=1; + } + break; + case SSL_ERROR_WANT_WRITE: + BIO_printf(bio_c_out,"write W BLOCK\n"); + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: + BIO_printf(bio_c_out,"write R BLOCK\n"); + write_tty=0; + read_ssl=1; + write_ssl=0; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"write X BLOCK\n"); + break; + case SSL_ERROR_ZERO_RETURN: + if (cbuf_len != 0) + { + BIO_printf(bio_c_out,"shutdown\n"); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + break; + } + + case SSL_ERROR_SYSCALL: + if ((k != 0) || (cbuf_len != 0)) + { + BIO_printf(bio_err,"write:errno=%d\n", + errno); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + } + break; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + } + } +#ifndef WINDOWS + else if (FD_ISSET(fileno(stdout),&writefds)) + { + i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); + + if (i <= 0) + { + BIO_printf(bio_c_out,"DONE\n"); + goto shut; + /* goto end; */ + } + + sbuf_len-=i;; + sbuf_off+=i; + if (sbuf_len <= 0) + { + read_ssl=1; + write_tty=0; + } + } +#endif + else if (FD_ISSET(SSL_get_fd(con),&readfds)) + { + k=SSL_read(con,sbuf,BUFSIZZ); + + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + if (k <= 0) + goto end; + sbuf_off=0; + sbuf_len=k; + + read_ssl=0; + write_tty=1; + break; + case SSL_ERROR_WANT_WRITE: + BIO_printf(bio_c_out,"read W BLOCK\n"); + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: + BIO_printf(bio_c_out,"read R BLOCK\n"); + write_tty=0; + read_ssl=1; + if ((read_tty == 0) && (write_ssl == 0)) + write_ssl=1; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"read X BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + BIO_printf(bio_err,"read:errno=%d\n",errno); + goto shut; + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_c_out,"closed\n"); + goto shut; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + break; + } + } + +#ifndef WINDOWS + else if (FD_ISSET(fileno(stdin),&readfds)) + { + i=read(fileno(stdin),cbuf,BUFSIZZ); + + if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q'))) + { + BIO_printf(bio_err,"DONE\n"); + goto shut; + } + + if ((!c_quiet) && (cbuf[0] == 'R')) + { + SSL_renegotiate(con); + read_tty=0; + write_ssl=1; + } + else + { + cbuf_len=i; + cbuf_off=0; + } + + read_tty=0; + write_ssl=1; + } +#endif + } +shut: + SSL_shutdown(con); + SHUTDOWN(SSL_get_fd(con)); + ret=0; +end: + if (con != NULL) SSL_free(con); + if (con2 != NULL) SSL_free(con2); + if (ctx != NULL) SSL_CTX_free(ctx); + if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } + if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } + if (bio_c_out != NULL) + { + BIO_free(bio_c_out); + bio_c_out=NULL; + } + EXIT(ret); + } + + +static void print_stuff(bio,s,full) +BIO *bio; +SSL *s; +int full; + { + X509 *peer; + char *p; + static char *space=" "; + char buf[BUFSIZ]; + STACK *sk; + SSL_CIPHER *c; + X509_NAME *xn; + int j,i; + + if (full) + { + sk=SSL_get_peer_cert_chain(s); + if (sk != NULL) + { + BIO_printf(bio,"---\nCertficate chain\n"); + for (i=0; i 0)) + { + BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); + for (i=0; ihit)?"---\nReused, ":"---\nNew, ")); + c=SSL_get_current_cipher(s); + BIO_printf(bio,"%s, Cipher is %s\n", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); + SSL_SESSION_print(bio,SSL_get_session(s)); + BIO_printf(bio,"---\n"); + } + diff --git a/apps/s_server.c b/apps/s_server.c new file mode 100644 index 0000000000000000000000000000000000000000..d1e406c7b47e2501bbb8cc270337c113fd2ee48a --- /dev/null +++ b/apps/s_server.c @@ -0,0 +1,1112 @@ +/* apps/s_server.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include +#ifdef WIN16 +#define APPS_WIN16 +#endif +#include "lhash.h" +#include "bn.h" +#define USE_SOCKETS +#include "apps.h" +#include "err.h" +#include "pem.h" +#include "x509.h" +#include "ssl.h" +#include "s_apps.h" + +#ifndef NOPROTO +static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export); +static int sv_body(char *hostname, int s); +static int www_body(char *hostname, int s); +static void close_accept_socket(void ); +static void sv_usage(void); +static int init_ssl_connection(SSL *s); +static void print_stats(BIO *bp,SSL_CTX *ctx); +static DH *load_dh_param(void ); +static DH *get_dh512(void); +#else +static RSA MS_CALLBACK *tmp_rsa_cb(); +static int sv_body(); +static int www_body(); +static void close_accept_socket(); +static void sv_usage(); +static int init_ssl_connection(); +static void print_stats(); +static DH *load_dh_param(); +static DH *get_dh512(); +#endif + + +#ifndef S_ISDIR +#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +#endif + +static unsigned char dh512_p[]={ + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, + }; +static unsigned char dh512_g[]={ + 0x02, + }; + +static DH *get_dh512() + { + DH *dh=NULL; + +#ifndef NO_DH + if ((dh=DH_new()) == NULL) return(NULL); + dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); + dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + return(NULL); +#endif + return(dh); + } + +/* static int load_CA(SSL_CTX *ctx, char *file);*/ + +#undef BUFSIZZ +#define BUFSIZZ 8*1024 +static int accept_socket= -1; + +#define TEST_CERT "server.pem" +#undef PROG +#define PROG s_server_main + +#define DH_PARAM "server.pem" + +extern int verify_depth; + +static char *cipher=NULL; +int verify=SSL_VERIFY_NONE; +char *s_cert_file=TEST_CERT,*s_key_file=NULL; +#ifdef FIONBIO +static int s_nbio=0; +#endif +static int s_nbio_test=0; +static SSL_CTX *ctx=NULL; +static int www=0; + +static BIO *bio_s_out=NULL; +static int s_debug=0; +static int s_quiet=0; + +static void sv_usage() + { + BIO_printf(bio_err,"usage: s_server [args ...]\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -accpet arg - port to accept on (default is %d\n",PORT); + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); + BIO_printf(bio_err," -debug - Print more output\n"); + BIO_printf(bio_err," -state - Print the SSL states\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); + BIO_printf(bio_err," -cipher arg - play with 'ssleay ciphers' to see what goes here\n"); + BIO_printf(bio_err," -quiet - No server output\n"); + BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); + BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); + BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); + BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); + BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); + BIO_printf(bio_err," -WWW - Returns requested page from to a 'GET HTTP/1.0'\n"); + } + +static int local_argc; +static char **local_argv; +static int hack; + +int MAIN(argc, argv) +int argc; +char *argv[]; + { + short port=PORT; + char *CApath=NULL,*CAfile=NULL; + int badop=0,bugs=0; + int ret=1; + int no_tmp_rsa=0,nocert=0; + int state=0; + SSL_METHOD *meth=NULL; + DH *dh=NULL; + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_server_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_server_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_server_method(); +#endif + + local_argc=argc; + local_argv=argv; + + apps_startup(); + s_quiet=0; + s_debug=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + verify_depth=0; +#ifdef FIONBIO + s_nbio=0; +#endif + s_nbio_test=0; + + argc--; + argv++; + + while (argc >= 1) + { + if ((strcmp(*argv,"-port") == 0) || + (strcmp(*argv,"-accept") == 0)) + { + if (--argc < 1) goto bad; + if (!extract_port(*(++argv),&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-Verify") == 0) + { + verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| + SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + s_cert_file= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + s_key_file= *(++argv); + } + else if (strcmp(*argv,"-nocert") == 0) + { + nocert=1; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { s_nbio=1; } +#endif + else if (strcmp(*argv,"-nbio_test") == 0) + { +#ifdef FIONBIO + s_nbio=1; +#endif + s_nbio_test=1; + } + else if (strcmp(*argv,"-debug") == 0) + { s_debug=1; } + else if (strcmp(*argv,"-hack") == 0) + { hack=1; } + else if (strcmp(*argv,"-state") == 0) + { state=1; } + else if (strcmp(*argv,"-quiet") == 0) + { s_quiet=1; } + else if (strcmp(*argv,"-bugs") == 0) + { bugs=1; } + else if (strcmp(*argv,"-no_tmp_rsa") == 0) + { no_tmp_rsa=1; } + else if (strcmp(*argv,"-www") == 0) + { www=1; } + else if (strcmp(*argv,"-WWW") == 0) + { www=2; } +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + { meth=SSLv2_server_method(); } +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + { meth=SSLv3_server_method(); } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sv_usage(); + goto end; + } + + if (bio_s_out == NULL) + { + if (s_quiet && !s_debug) + { + bio_s_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_s_out == NULL) + bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + +#if !defined(NO_RSA) || !defined(NO_DSA) + if (nocert) +#endif + { + s_cert_file=NULL; + s_key_file=NULL; + } + + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); + if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); + if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + +#if 0 + if (cipher == NULL) cipher=getenv("SSL_CIPHER"); +#endif + +#if 0 + if (s_cert_file == NULL) + { + BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); + goto end; + } +#endif + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + BIO_printf(bio_err,"X509_load_verify_locations\n"); + ERR_print_errors(bio_err); + goto end; + } + +#ifndef NO_DH + /* EAY EAY EAY evil hack */ + dh=load_dh_param(); + if (dh != NULL) + { + BIO_printf(bio_s_out,"Setting temp DH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp DH parameters\n"); + dh=get_dh512(); + } + BIO_flush(bio_s_out); + + SSL_CTX_set_tmp_dh(ctx,dh); + DH_free(dh); +#endif + + if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) + goto end; + +#if 1 + SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); +#else + if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) + { + RSA *rsa; + + BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); + BIO_flush(bio_s_out); + + rsa=RSA_generate_key(512,RSA_F4,NULL); + + if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) + { + ERR_print_errors(bio_err); + goto end; + } + RSA_free(rsa); + BIO_printf(bio_s_out,"\n"); + } +#endif + + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); + SSL_CTX_set_verify(ctx,verify,verify_callback); + + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + BIO_printf(bio_s_out,"ACCEPT\n"); + if (www) + do_server(port,&accept_socket,www_body); + else + do_server(port,&accept_socket,sv_body); + print_stats(bio_s_out,ctx); + ret=0; +end: + if (ctx != NULL) SSL_CTX_free(ctx); + if (bio_s_out != NULL) + { + BIO_free(bio_s_out); + bio_s_out=NULL; + } + EXIT(ret); + } + +static void print_stats(bio,ssl_ctx) +BIO *bio; +SSL_CTX *ssl_ctx; + { + BIO_printf(bio,"%4ld items in the session cache\n", + SSL_CTX_sess_number(ssl_ctx)); + BIO_printf(bio,"%4d client connects (SSL_connect())\n", + SSL_CTX_sess_connect(ssl_ctx)); + BIO_printf(bio,"%4d client connects that finished\n", + SSL_CTX_sess_connect_good(ssl_ctx)); + BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + SSL_CTX_sess_accept(ssl_ctx)); + BIO_printf(bio,"%4d server accepts that finished\n", + SSL_CTX_sess_accept_good(ssl_ctx)); + BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + } + +static int sv_body(hostname, s) +char *hostname; +int s; + { + char *buf=NULL; + fd_set readfds; + int ret=1,width; + int k,i; + unsigned long l; + SSL *con=NULL; + BIO *sbio; + + if ((buf=Malloc(BUFSIZZ)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto err; + } +#ifdef FIONBIO + if (s_nbio) + { + unsigned long sl=1; + + if (!s_quiet) + BIO_printf(bio_err,"turning on non blocking io\n"); + socket_ioctl(s,FIONBIO,&sl); + } +#endif + + if (con == NULL) + con=(SSL *)SSL_new(ctx); + SSL_clear(con); + + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + SSL_set_bio(con,sbio,sbio); + SSL_set_accept_state(con); + /* SSL_set_fd(con,s); */ + + if (s_debug) + { + con->debug=1; + BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); + } + + width=s+1; + for (;;) + { + FD_ZERO(&readfds); +#ifndef WINDOWS + FD_SET(fileno(stdin),&readfds); +#endif + FD_SET(s,&readfds); + i=select(width,&readfds,NULL,NULL,NULL); + if (i <= 0) continue; + if (FD_ISSET(fileno(stdin),&readfds)) + { + i=read(fileno(stdin),buf,BUFSIZZ); + if (!s_quiet) + { + if ((i <= 0) || (buf[0] == 'Q')) + { + BIO_printf(bio_s_out,"DONE\n"); + SHUTDOWN(s); + close_accept_socket(); + ret= -11; + goto err; + } + if ((i <= 0) || (buf[0] == 'q')) + { + BIO_printf(bio_s_out,"DONE\n"); + SHUTDOWN(s); + /* close_accept_socket(); + ret= -11;*/ + goto err; + } + if (buf[0] == 'r') + { + SSL_renegotiate(con); + i=0; /*13; */ + continue; + strcpy(buf,"server side RE-NEGOTIATE\n"); + } + if (buf[0] == 'R') + { + SSL_set_verify(con, + SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); + SSL_renegotiate(con); + i=0; /* 13; */ + continue; + strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); + } + if (buf[0] == 'P') + { + static char *str="Lets print some clear text\n"; + BIO_write(SSL_get_wbio(con),str,strlen(str)); + } + if (buf[0] == 'S') + { + print_stats(bio_s_out,SSL_get_SSL_CTX(con)); + } + } + l=k=0; + for (;;) + { + /* should do a select for the write */ + k=SSL_write(con,&(buf[l]),(unsigned int)i); + if ( +#ifdef FIONBIO + s_nbio && +#endif + BIO_sock_should_retry(k)) + { + BIO_printf(bio_s_out,"Write BLOCK\n"); + continue; + } + if (k <= 0) + { + ERR_print_errors(bio_err); + BIO_printf(bio_s_out,"DONE\n"); + ret=1; + goto err; + } + l+=k; + i-=k; + if (i <= 0) break; + } + } + if (FD_ISSET(s,&readfds)) + { + if (!SSL_is_init_finished(con)) + { + i=init_ssl_connection(con); + + if (i < 0) + { + ret=0; + goto err; + } + else if (i == 0) + { + ret=1; + goto err; + } + } + else + { + i=SSL_read(con,(char *)buf,BUFSIZZ); + if ((i <= 0) && +#ifdef FIONBIO + s_nbio && +#endif + BIO_sock_should_retry(i)) + { + BIO_printf(bio_s_out,"Read BLOCK\n"); + } + else if (i <= 0) + { + ERR_print_errors(bio_err); + BIO_printf(bio_s_out,"DONE\n"); + ret=1; + goto err; + } + else + write(fileno(stdout),buf, + (unsigned int)i); + } + } + } +err: + BIO_printf(bio_s_out,"shutting down SSL\n"); +#if 1 + SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + SSL_shutdown(con); +#endif + if (con != NULL) SSL_free(con); + BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); + if (buf != NULL) + { + memset(buf,0,BUFSIZZ); + Free(buf); + } + if (ret >= 0) + BIO_printf(bio_s_out,"ACCEPT\n"); + return(ret); + } + +static void close_accept_socket() + { + BIO_printf(bio_err,"shutdown accept socket\n"); + if (accept_socket >= 0) + { + SHUTDOWN2(accept_socket); + } + } + +static int init_ssl_connection(con) +SSL *con; + { + int i; + char *str; + X509 *peer; + int verify_error; + MS_STATIC char buf[BUFSIZ]; + + if ((i=SSL_accept(con)) <= 0) + { + if (BIO_sock_should_retry(i)) + { + BIO_printf(bio_s_out,"DELAY\n"); + return(1); + } + + BIO_printf(bio_err,"ERROR\n"); + verify_error=SSL_get_verify_result(con); + if (verify_error != X509_V_OK) + { + BIO_printf(bio_err,"verify error:%s\n", + X509_verify_cert_error_string(verify_error)); + } + else + ERR_print_errors(bio_err); + return(0); + } + + PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); + + peer=SSL_get_peer_certificate(con); + if (peer != NULL) + { + BIO_printf(bio_s_out,"Client certificate\n"); + PEM_write_bio_X509(bio_s_out,peer); + X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); + BIO_printf(bio_s_out,"subject=%s\n",buf); + X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); + BIO_printf(bio_s_out,"issuer=%s\n",buf); + X509_free(peer); + } + + if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) + BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); + str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); + BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); + if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + return(1); + } + +static DH *load_dh_param() + { + DH *ret=NULL; + BIO *bio; + +#ifndef NO_DH + if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) + goto err; + ret=PEM_read_bio_DHparams(bio,NULL,NULL); +err: + if (bio != NULL) BIO_free(bio); +#endif + return(ret); + } + +#if 0 +static int load_CA(ctx,file) +SSL_CTX *ctx; +char *file; + { + FILE *in; + X509 *x=NULL; + + if ((in=fopen(file,"r")) == NULL) + return(0); + + for (;;) + { + if (PEM_read_X509(in,&x,NULL) == NULL) + break; + SSL_CTX_add_client_CA(ctx,x); + } + if (x != NULL) X509_free(x); + fclose(in); + return(1); + } +#endif + +static int www_body(hostname, s) +char *hostname; +int s; + { + char buf[1024]; + int ret=1; + int i,j,k,blank,dot; + struct stat st_buf; + SSL *con; + SSL_CIPHER *c; + BIO *io,*ssl_bio,*sbio; + + io=BIO_new(BIO_f_buffer()); + ssl_bio=BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) goto err; + +#ifdef FIONBIO + if (s_nbio) + { + unsigned int long sl=1; + + if (!s_quiet) + BIO_printf(bio_err,"turning on non blocking io\n"); + socket_ioctl(s,FIONBIO,&sl); + } +#endif + + /* lets make the output buffer a reasonable size */ + if (!BIO_set_write_buffer_size(io,16*1024)) goto err; + + if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; + + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + SSL_set_bio(con,sbio,sbio); + SSL_set_accept_state(con); + + /* SSL_set_fd(con,s); */ + BIO_set_ssl(ssl_bio,con,BIO_CLOSE); + BIO_push(io,ssl_bio); + + if (s_debug) + { + con->debug=1; + BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); + } + + blank=0; + for (;;) + { + if (hack) + { + i=SSL_accept(con); + + switch (SSL_get_error(con,i)) + { + case SSL_ERROR_NONE: + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + continue; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + case SSL_ERROR_ZERO_RETURN: + ret=1; + goto err; + break; + } + + SSL_renegotiate(con); + SSL_write(con,NULL,0); + } + + i=BIO_gets(io,buf,sizeof(buf)-1); + if (i < 0) /* error */ + { + if (!BIO_should_retry(io)) + { + if (!s_quiet) + ERR_print_errors(bio_err); + goto err; + } + else + { + BIO_printf(bio_s_out,"read R BLOCK\n"); +#ifndef MSDOS + sleep(1); +#endif + continue; + } + } + else if (i == 0) /* end of input */ + { + ret=1; + goto end; + } + + /* else we have data */ + if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || + ((www == 2) && (strncmp("GET stats ",buf,10) == 0))) + { + char *p; + X509 *peer; + STACK *sk; + static char *space=" "; + + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + BIO_puts(io,"
\n");
+/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+			BIO_puts(io,"\n");
+			for (i=0; ihit)
+				?"---\nReused, "
+				:"---\nNew, "));
+			c=SSL_get_current_cipher(con);
+			BIO_printf(io,"SSLv%d, Cipher is %s\n",
+				SSL_CIPHER_get_version(c),
+				SSL_CIPHER_get_name(c));
+			SSL_SESSION_print(io,SSL_get_session(con));
+			BIO_printf(io,"---\n");
+			print_stats(io,SSL_get_SSL_CTX(con));
+			BIO_printf(io,"---\n");
+			peer=SSL_get_peer_certificate(con);
+			if (peer != NULL)
+				{
+				BIO_printf(io,"Client certificate\n");
+				X509_print(io,peer);
+				PEM_write_bio_X509(io,peer);
+				}
+			else
+				BIO_puts(io,"no client certificate available\n");
+			break;
+			}
+		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
+			{
+			BIO *file;
+			char *p,*e;
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+			/* skip the '/' */
+			p= &(buf[5]);
+			dot=0;
+			for (e=p; *e != '\0'; e++)
+				{
+				if (e[0] == ' ') break;
+				if (	(e[0] == '.') &&
+					(strncmp(&(e[-1]),"/../",4) == 0))
+					dot=1;
+				}
+
+			if (*e == '\0')
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+				break;
+				}
+			*e='\0';
+
+			if (dot)
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+				break;
+				}
+
+			if (*p == '/')
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is an invalid path\r\n",p);
+				break;
+				}
+
+			/* append if a directory lookup */
+			if (e[-1] == '/')
+				strcat(p,"index.html");
+
+			/* if a directory, do the index thang */
+			if (stat(p,&st_buf) < 0)
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"Error accessing '%s'\r\n",p);
+				ERR_print_errors(io);
+				break;
+				}
+			if (S_ISDIR(st_buf.st_mode))
+				{
+				strcat(p,"/index.html");
+				}
+
+			if ((file=BIO_new_file(p,"r")) == NULL)
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"Error opening '%s'\r\n",p);
+				ERR_print_errors(io);
+				break;
+				}
+
+			if (!s_quiet)
+				BIO_printf(bio_err,"FILE:%s\n",p);
+
+			i=strlen(p);
+			if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+				((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+				((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+			else
+				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+			/* send the file */
+			for (;;)
+				{
+				i=BIO_read(file,buf,1024);
+				if (i <= 0) break;
+
+				for (j=0; j= 0)
+		BIO_printf(bio_s_out,"ACCEPT\n");
+
+	if (io != NULL) BIO_free_all(io);
+/*	if (ssl_bio != NULL) BIO_free(ssl_bio); */
+	return(ret);
+	}
+
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+SSL *s;
+int export;
+	{
+	static RSA *rsa_tmp=NULL;
+
+	if (rsa_tmp == NULL)
+		{
+		if (!s_quiet)
+			{
+			BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+			BIO_flush(bio_err);
+			}
+#ifndef NO_RSA
+		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL);
+#endif
+		if (!s_quiet)
+			{
+			BIO_printf(bio_err,"\n");
+			BIO_flush(bio_err);
+			}
+		}
+	return(rsa_tmp);
+	}
diff --git a/apps/s_socket.c b/apps/s_socket.c
new file mode 100644
index 0000000000000000000000000000000000000000..810061e29fb1e537b9cecc15890244fefc9f7393
--- /dev/null
+++ b/apps/s_socket.c
@@ -0,0 +1,684 @@
+/* apps/s_socket.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef USE_SOCKETS
+#undef NON_MAIN
+#include "s_apps.h"
+#include "ssl.h"
+
+#ifndef NOPROTO
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
+#else
+static struct hostent *GetHostByName();
+int sock_init();
+#endif
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL	IPPROTO_TCP
+#endif
+
+#ifdef WINDOWS
+static struct WSAData wsa_state;
+static int wsa_init_done=0;
+
+#ifdef WIN16
+static HWND topWnd=0;
+static FARPROC lpTopWndProc=NULL;
+static FARPROC lpTopHookProc=NULL;
+extern HINSTANCE _hInstance;  /* nice global CRT provides */
+
+static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
+HWND hwnd;
+UINT message;
+WPARAM wParam;
+LPARAM lParam;
+	{
+	if (hwnd == topWnd)
+		{
+		switch(message)
+			{
+		case WM_DESTROY:
+		case WM_CLOSE:
+			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
+			sock_cleanup();
+			break;
+			}
+		}
+	return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
+	}
+
+static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
+	{
+	topWnd=hwnd;
+	return(FALSE);
+	}
+
+#endif /* WIN32 */
+#endif /* WINDOWS */
+
+void sock_cleanup()
+	{
+#ifdef WINDOWS
+	if (wsa_init_done)
+		{
+		wsa_init_done=0;
+		WSACancelBlockingCall();
+		WSACleanup();
+		}
+#endif
+	}
+
+int sock_init()
+	{
+#ifdef WINDOWS
+	if (!wsa_init_done)
+		{
+		int err;
+	  
+#ifdef SIGINT
+		signal(SIGINT,(void (*)(int))sock_cleanup);
+#endif
+		wsa_init_done=1;
+		memset(&wsa_state,0,sizeof(wsa_state));
+		if (WSAStartup(0x0101,&wsa_state)!=0)
+			{
+			err=WSAGetLastError();
+			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
+			return(0);
+			}
+
+#ifdef WIN16
+		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
+		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
+		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
+
+		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
+#endif /* WIN16 */
+		}
+#endif /* WINDOWS */
+	return(1);
+	}
+
+int init_client(sock, host, port)
+int *sock;
+char *host;
+int port;
+	{
+	unsigned char ip[4];
+	short p=0;
+
+	if (!host_ip(host,&(ip[0])))
+		{
+		return(0);
+		}
+	if (p != 0) port=p;
+	return(init_client_ip(sock,ip,port));
+	}
+
+int init_client_ip(sock, ip, port)
+int *sock;
+unsigned char ip[4];
+int port;
+	{
+	unsigned long addr;
+	struct sockaddr_in them;
+	int s,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&them,0,sizeof(them));
+	them.sin_family=AF_INET;
+	them.sin_port=htons((unsigned short)port);
+	addr=(unsigned long)
+		((unsigned long)ip[0]<<24L)|
+		((unsigned long)ip[1]<<16L)|
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
+	them.sin_addr.s_addr=htonl(addr);
+
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+	i=0;
+	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+	if (i < 0) { perror("keepalive"); return(0); }
+
+	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+		{ close(s); perror("connect"); return(0); }
+	*sock=s;
+	return(1);
+	}
+
+int nbio_sock_error(sock)
+int sock;
+	{
+	int j,i,size;
+
+	size=sizeof(int);
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	if (i < 0)
+		return(1);
+	else
+		return(j);
+	}
+
+int nbio_init_client_ip(sock, ip, port)
+int *sock;
+unsigned char ip[4];
+int port;
+	{
+	unsigned long addr;
+	struct sockaddr_in them;
+	int s,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&them,0,sizeof(them));
+	them.sin_family=AF_INET;
+	them.sin_port=htons((unsigned short)port);
+	addr=	(unsigned long)
+		((unsigned long)ip[0]<<24L)|
+		((unsigned long)ip[1]<<16L)|
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
+	them.sin_addr.s_addr=htonl(addr);
+
+	if (*sock <= 0)
+		{
+		unsigned long l=1;
+
+		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+		i=0;
+		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+		if (i < 0) { perror("keepalive"); return(0); }
+		*sock=s;
+
+#ifdef FIONBIO
+		socket_ioctl(s,FIONBIO,&l);
+#endif
+		}
+	else
+		s= *sock;
+
+	i=connect(s,(struct sockaddr *)&them,sizeof(them));
+	if (i == INVALID_SOCKET)
+		{
+		if (BIO_sock_should_retry(i))
+			return(-1);
+		else
+			return(0);
+		}
+	else
+		return(1);
+	}
+
+int do_server(port, ret, cb)
+int port;
+int *ret;
+int (*cb)();
+	{
+	int sock;
+	char *name;
+	int accept_socket;
+	int i;
+
+	if (!init_server(&accept_socket,port)) return(0);
+
+	if (ret != NULL)
+		{
+		*ret=accept_socket;
+		/* return(1);*/
+		}
+	for (;;)
+		{
+		if (do_accept(accept_socket,&sock,&name) == 0)
+			{
+			SHUTDOWN(accept_socket);
+			return(0);
+			}
+		i=(*cb)(name,sock);
+		if (name != NULL) Free(name);
+		SHUTDOWN(sock);
+		if (i < 0)
+			{
+			SHUTDOWN(accept_socket);
+			return(i);
+			}
+		}
+	}
+
+int init_server(sock, port)
+int *sock;
+int port;
+	{
+	int ret=0;
+	struct sockaddr_in server;
+	int s= -1,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&server,0,sizeof(server));
+	server.sin_family=AF_INET;
+	server.sin_port=htons((unsigned short)port);
+	server.sin_addr.s_addr=INADDR_ANY;
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+
+	if (s == INVALID_SOCKET) goto err;
+	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+		{
+#ifndef WINDOWS
+		perror("bind");
+#endif
+		goto err;
+		}
+	if (listen(s,5) == -1) goto err;
+	i=0;
+	*sock=s;
+	ret=1;
+err:
+	if ((ret == 0) && (s != -1))
+		{
+		SHUTDOWN(s);
+		}
+	return(ret);
+	}
+
+int do_accept(acc_sock, sock, host)
+int acc_sock;
+int *sock;
+char **host;
+	{
+	int ret,i;
+	struct hostent *h1,*h2;
+	static struct sockaddr_in from;
+	int len;
+/*	struct linger ling; */
+
+	if (!sock_init()) return(0);
+
+#ifndef WINDOWS
+redoit:
+#endif
+
+	memset((char *)&from,0,sizeof(from));
+	len=sizeof(from);
+	ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+	if (ret == INVALID_SOCKET)
+		{
+#ifdef WINDOWS
+		i=WSAGetLastError();
+		BIO_printf(bio_err,"accept error %d\n",i);
+#else
+		if (errno == EINTR)
+			{
+			/*check_timeout(); */
+			goto redoit;
+			}
+		fprintf(stderr,"errno=%d ",errno);
+		perror("accept");
+#endif
+		return(0);
+		}
+
+/*
+	ling.l_onoff=1;
+	ling.l_linger=0;
+	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+	if (i < 0) { perror("linger"); return(0); }
+	i=0;
+	i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+	if (i < 0) { perror("keepalive"); return(0); }
+*/
+
+	if (host == NULL) goto end;
+	/* I should use WSAAsyncGetHostByName() under windows */
+	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+		sizeof(from.sin_addr.s_addr),AF_INET);
+	if (h1 == NULL)
+		{
+		BIO_printf(bio_err,"bad gethostbyaddr\n");
+		*host=NULL;
+		/* return(0); */
+		}
+	else
+		{
+		if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
+			{
+			perror("Malloc");
+			return(0);
+			}
+		strcpy(*host,h1->h_name);
+
+		h2=GetHostByName(*host);
+		if (h2 == NULL)
+			{
+			BIO_printf(bio_err,"gethostbyname failure\n");
+			return(0);
+			}
+		i=0;
+		if (h2->h_addrtype != AF_INET)
+			{
+			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+			return(0);
+			}
+		}
+end:
+	*sock=ret;
+	return(1);
+	}
+
+int socket_ioctl(fd,type,arg)
+int fd;
+long type;
+unsigned long *arg;
+	{
+	int i,err;
+#ifdef WINDOWS
+	i=ioctlsocket(fd,type,arg);
+#else
+	i=ioctl(fd,type,arg);
+#endif
+	if (i < 0)
+		{
+#ifdef WINDOWS
+		err=WSAGetLastError();
+#else
+		err=errno;
+#endif
+		BIO_printf(bio_err,"ioctl on socket failed:error %d\n",err);
+		}
+	return(i);
+	}
+
+int sock_err()
+	{
+#ifdef WINDOWS
+	return(WSAGetLastError());
+#else
+	return(errno);
+#endif
+	}
+
+int extract_host_port(str,host_ptr,ip,port_ptr)
+char *str;
+char **host_ptr;
+unsigned char *ip;
+short *port_ptr;
+	{
+	char *h,*p;
+
+	h=str;
+	p=strchr(str,':');
+	if (p == NULL)
+		{
+		BIO_printf(bio_err,"no port defined\n");
+		return(0);
+		}
+	*(p++)='\0';
+
+	if ((ip != NULL) && !host_ip(str,ip))
+		goto err;
+	if (host_ptr != NULL) *host_ptr=h;
+
+	if (!extract_port(p,port_ptr))
+		goto err;
+	return(1);
+err:
+	return(0);
+	}
+
+int host_ip(str,ip)
+char *str;
+unsigned char ip[4];
+	{
+	unsigned int in[4]; 
+	int i;
+
+	if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+		{
+		for (i=0; i<4; i++)
+			if (in[i] > 255)
+				{
+				BIO_printf(bio_err,"invalid IP address\n");
+				goto err;
+				}
+		ip[0]=in[0];
+		ip[1]=in[1];
+		ip[2]=in[2];
+		ip[3]=in[3];
+		}
+	else
+		{ /* do a gethostbyname */
+		struct hostent *he;
+
+		if (!sock_init()) return(0);
+
+		he=GetHostByName(str);
+		if (he == NULL)
+			{
+			BIO_printf(bio_err,"gethostbyname failure\n");
+			goto err;
+			}
+		/* cast to short because of win16 winsock definition */
+		if ((short)he->h_addrtype != AF_INET)
+			{
+			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+			return(0);
+			}
+		ip[0]=he->h_addr_list[0][0];
+		ip[1]=he->h_addr_list[0][1];
+		ip[2]=he->h_addr_list[0][2];
+		ip[3]=he->h_addr_list[0][3];
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+int extract_port(str,port_ptr)
+char *str;
+short *port_ptr;
+	{
+	int i;
+	struct servent *s;
+
+	i=atoi(str);
+	if (i != 0)
+		*port_ptr=(unsigned short)i;
+	else
+		{
+		s=getservbyname(str,"tcp");
+		if (s == NULL)
+			{
+			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+			return(0);
+			}
+		*port_ptr=ntohs((unsigned short)s->s_port);
+		}
+	return(1);
+	}
+
+#define GHBN_NUM	4
+static struct ghbn_cache_st
+	{
+	char name[128];
+	struct hostent ent;
+	unsigned long order;
+	} ghbn_cache[GHBN_NUM];
+
+static unsigned long ghbn_hits=0L;
+static unsigned long ghbn_miss=0L;
+
+static struct hostent *GetHostByName(name)
+char *name;
+	{
+	struct hostent *ret;
+	int i,lowi=0;
+	unsigned long low= (unsigned long)-1;
+
+	for (i=0; i ghbn_cache[i].order)
+			{
+			low=ghbn_cache[i].order;
+			lowi=i;
+			}
+		if (ghbn_cache[i].order > 0)
+			{
+			if (strncmp(name,ghbn_cache[i].name,128) == 0)
+				break;
+			}
+		}
+	if (i == GHBN_NUM) /* no hit*/
+		{
+		ghbn_miss++;
+		ret=gethostbyname(name);
+		if (ret == NULL) return(NULL);
+		/* else add to cache */
+		strncpy(ghbn_cache[lowi].name,name,128);
+		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+		ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+		return(ret);
+		}
+	else
+		{
+		ghbn_hits++;
+		ret= &(ghbn_cache[i].ent);
+		ghbn_cache[i].order=ghbn_miss+ghbn_hits;
+		return(ret);
+		}
+	}
+
+#ifndef MSDOS
+int spawn(argc, argv, in, out)
+int argc;
+char **argv;
+int *in;
+int *out;
+	{
+	int pid;
+#define CHILD_READ	p1[0]
+#define CHILD_WRITE	p2[1]
+#define PARENT_READ	p2[0]
+#define PARENT_WRITE	p1[1]
+	int p1[2],p2[2];
+
+	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
+
+	if ((pid=fork()) == 0)
+		{ /* child */
+		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_READ,fileno(stdin)) < 0)
+			perror("dup2");
+		close(CHILD_READ); 
+		close(CHILD_WRITE);
+
+		close(PARENT_READ);
+		close(PARENT_WRITE);
+		execvp(argv[0],argv);
+		perror("child");
+		exit(1);
+		}
+
+	/* parent */
+	*in= PARENT_READ;
+	*out=PARENT_WRITE;
+	close(CHILD_READ);
+	close(CHILD_WRITE);
+	return(pid);
+	}
+#endif /* MSDOS */
+
+
+#ifdef undef
+	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
+	 * on sockets */
+	{
+	SOCKET s;
+	int optionValue = SO_SYNCHRONOUS_NONALERT;
+	int err;
+
+	err = setsockopt( 
+	    INVALID_SOCKET, 
+	    SOL_SOCKET, 
+	    SO_OPENTYPE, 
+	    (char *)&optionValue, 
+	    sizeof(optionValue));
+	if (err != NO_ERROR) {
+	/* failed for some reason... */
+		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
+			WSAGetLastError());
+		}
+	}
+#endif
diff --git a/apps/s_time.c b/apps/s_time.c
new file mode 100644
index 0000000000000000000000000000000000000000..853a9dcc42274e96f11e921ece5180eec6a747f4
--- /dev/null
+++ b/apps/s_time.c
@@ -0,0 +1,648 @@
+/* apps/s_time.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef NO_SHUTDOWN
+
+/*-----------------------------------------
+   cntime - SSL client connection timer program
+   Written and donated by Larry Streepy 
+  -----------------------------------------*/
+
+#include 
+#include 
+#include 
+
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "x509.h"
+#include "ssl.h"
+#include "pem.h"
+#define USE_SOCKETS
+#include "apps.h"
+#include "s_apps.h"
+#include "err.h"
+#ifdef WIN32_STUFF
+#include "winmain.h"
+#include "wintext.h"
+#endif
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#ifndef VMS
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+#else /* VMS */
+#include 
+struct tms {
+	time_t tms_utime;
+	time_t tms_stime;
+	time_t tms_uchild;	/* I dunno...  */
+	time_t tms_uchildsys;	/* so these names are a guess :-) */
+	}
+#endif
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef _AIX
+#include 
+#endif
+
+#ifdef sun
+#include 
+#include 
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed
+*/
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ      100.0
+#else /* VMS */
+#define HZ      100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#undef PROG
+#define PROG s_time_main
+
+#define ioctl ioctlsocket
+
+#define SSL_CONNECT_NAME	"localhost:4433"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*10
+
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#define max(a,b) (((a) > (b)) ? (a) : (b))
+
+#undef SECONDS
+#define SECONDS	30
+extern int verify_depth;
+extern int verify_error;
+
+#ifndef NOPROTO
+static void s_time_usage(void);
+static int parseArgs( int argc, char **argv );
+static SSL *doConnection( SSL *scon );
+#else
+static void s_time_usage();
+static int parseArgs();
+static SSL *doConnection();
+#endif
+
+
+/***********************************************************************
+ * Static data declarations
+ */
+
+/* static char *port=PORT_STR;*/
+static char *host=SSL_CONNECT_NAME;
+static char *t_cert_file=NULL;
+static char *t_key_file=NULL;
+static char *CApath=NULL;
+static char *CAfile=NULL;
+static char *tm_cipher=NULL;
+static int tm_verify = SSL_VERIFY_NONE;
+static int maxTime = SECONDS;
+static SSL_CTX *tm_ctx=NULL;
+static SSL_METHOD *s_time_meth=NULL;
+static char *s_www_path=NULL;
+static long bytes_read=0; 
+static int st_bugs=0;
+static int perform=0;
+
+#ifdef FIONBIO
+static int t_nbio=0;
+#endif
+
+#ifdef WIN32
+static int exitNow = 0;		/* Set when it's time to exit main */
+#endif
+
+/***********************************************************************
+ * usage - display usage message
+ */
+static void s_time_usage()
+{
+	static char umsg[] = "\
+-time arg     - max number of seconds to collect data, default %d\n\
+-verify arg   - turn on peer certificate verification, arg == depth\n\
+-cert arg     - certificate file to use, PEM format assumed\n\
+-key arg      - RSA file to use, PEM format assumed, in cert file if\n\
+                not specified but cert fill is.\n\
+-CApath arg   - PEM format directory of CA's\n\
+-CAfile arg   - PEM format file of CA's\n\
+-cipher       - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+
+	printf( "usage: client \n\n" );
+
+	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+#ifdef FIONBIO
+	printf("-nbio         - Run with non-blocking IO\n");
+	printf("-ssl2         - Just use SSLv2\n");
+	printf("-ssl3         - Just use SSLv3\n");
+	printf("-bugs         - Turn on SSL bug compatability\n");
+	printf("-new          - Just time new connections\n");
+	printf("-reuse        - Just time connection reuse\n");
+	printf("-www page     - Retrieve 'page' from the site\n");
+#endif
+	printf( umsg,SECONDS );
+}
+
+/***********************************************************************
+ * parseArgs - Parse command line arguments and initialize data
+ *
+ * Returns 0 if ok, -1 on bad args
+ */
+static int parseArgs(argc,argv)
+int argc;
+char **argv;
+{
+    int badop = 0;
+
+    verify_depth=0;
+    verify_error=X509_V_OK;
+#ifdef FIONBIO
+    t_nbio=0;
+#endif
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+    argc--;
+    argv++;
+
+    while (argc >= 1) {
+	if (strcmp(*argv,"-connect") == 0)
+		{
+		if (--argc < 1) goto bad;
+		host= *(++argv);
+		}
+#if 0
+	else if( strcmp(*argv,"-host") == 0)
+		{
+		if (--argc < 1) goto bad;
+		host= *(++argv);
+		}
+	else if( strcmp(*argv,"-port") == 0)
+		{
+		if (--argc < 1) goto bad;
+		port= *(++argv);
+		}
+#endif
+	else if (strcmp(*argv,"-reuse") == 0)
+		perform=2;
+	else if (strcmp(*argv,"-new") == 0)
+		perform=1;
+	else if( strcmp(*argv,"-verify") == 0) {
+
+	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+	    if (--argc < 1) goto bad;
+	    verify_depth=atoi(*(++argv));
+	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+
+	} else if( strcmp(*argv,"-cert") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    t_cert_file= *(++argv);
+
+	} else if( strcmp(*argv,"-key") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    t_key_file= *(++argv);
+
+	} else if( strcmp(*argv,"-CApath") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    CApath= *(++argv);
+
+	} else if( strcmp(*argv,"-CAfile") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    CAfile= *(++argv);
+
+	} else if( strcmp(*argv,"-cipher") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    tm_cipher= *(++argv);
+	}
+#ifdef FIONBIO
+	else if(strcmp(*argv,"-nbio") == 0) {
+	    t_nbio=1;
+	}
+#endif
+	else if(strcmp(*argv,"-www") == 0)
+		{
+		if (--argc < 1) goto bad;
+		s_www_path= *(++argv);
+		}
+	else if(strcmp(*argv,"-bugs") == 0)
+	    st_bugs=1;
+#ifndef NO_SSL2
+	else if(strcmp(*argv,"-ssl2") == 0)
+	    s_time_meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+	else if(strcmp(*argv,"-ssl3") == 0)
+	    s_time_meth=SSLv3_client_method();
+#endif
+	else if( strcmp(*argv,"-time") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    maxTime= atoi(*(++argv));
+	}
+	else {
+	    BIO_printf(bio_err,"unknown option %s\n",*argv);
+	    badop=1;
+	    break;
+	}
+
+	argc--;
+	argv++;
+    }
+
+    if (perform == 0) perform=3;
+
+    if(badop) {
+bad:
+		s_time_usage();
+		return -1;
+    }
+
+	return 0;			/* Valid args */
+}
+
+/***********************************************************************
+ * TIME - time functions
+ */
+#define START	0
+#define STOP	1
+
+static double tm_Time_F(s)
+int s;
+	{
+	static double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if(s == START) {
+		times(&tstart);
+		return(0);
+	} else {
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+	}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if(s == START) {
+		ftime(&tstart);
+		return(0);
+	} else {
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+	}
+#endif
+}
+
+/***********************************************************************
+ * MAIN - main processing area for client
+ *			real name depends on MONOLITH
+ */
+int
+MAIN(argc,argv)
+int argc;
+char **argv;
+	{
+	double totalTime = 0.0;
+	int nConn = 0;
+	SSL *scon=NULL;
+	long finishtime=0;
+	int ret=1,i;
+	MS_STATIC char buf[1024*8];
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	s_time_meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+	s_time_meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+	s_time_meth=SSLv2_client_method();
+#endif
+
+	/* parse the command line arguments */
+	if( parseArgs( argc, argv ) < 0 )
+		goto end;
+
+	SSLeay_add_ssl_algorithms();
+	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+
+	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
+	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
+	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
+		goto end;
+
+	SSL_load_error_strings();
+
+	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
+		{
+		BIO_printf(bio_err,"error seting default verify locations\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (tm_cipher == NULL)
+		tm_cipher = getenv("SSL_CIPHER");
+
+	if (tm_cipher == NULL ) {
+		fprintf( stderr, "No CIPHER specified\n" );
+/*		EXIT(1); */
+	}
+
+	if (!(perform & 1)) goto next;
+	printf( "Collecting connection statistics for %d seconds\n", maxTime );
+
+	/* Loop and time how long it takes to make connections */
+
+	bytes_read=0;
+	finishtime=(long)time(NULL)+maxTime;
+	tm_Time_F(START);
+	for (;;)
+		{
+		if (finishtime < time(NULL)) break;
+#ifdef WIN32_STUFF
+
+		if( flushWinMsgs(0) == -1 )
+			goto end;
+
+		if( waitingToDie || exitNow )		/* we're dead */
+			goto end;
+#endif
+
+		if( (scon = doConnection( NULL )) == NULL )
+			goto end;
+
+		if (s_www_path != NULL)
+			{
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			SSL_write(scon,buf,strlen(buf));
+			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+				bytes_read+=i;
+			}
+
+#ifdef NO_SHUTDOWN
+		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+		SSL_shutdown(scon);
+#endif
+		SHUTDOWN(SSL_get_fd(scon));
+
+		nConn += 1;
+		fputc(SSL_session_reused(scon)?'r':
+			(SSL_version(scon))+'0', stdout );
+		fflush(stdout);
+
+		SSL_free( scon );
+		scon=NULL;
+		}
+	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+	i=(int)(time(NULL)-finishtime+maxTime);
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+	/* Now loop and time connections using the same session id over and over */
+
+next:
+	if (!(perform & 2)) goto end;
+	printf( "\n\nNow timing with session id reuse.\n" );
+
+	/* Get an SSL object so we can reuse the session id */
+	if( (scon = doConnection( NULL )) == NULL )
+		{
+		fprintf( stderr, "Unable to get connection\n" );
+		goto end;
+		}
+
+	if (s_www_path != NULL)
+		{
+		sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+		SSL_write(scon,buf,strlen(buf));
+		while (SSL_read(scon,buf,sizeof(buf)) > 0)
+			;
+		}
+#ifdef NO_SHUTDOWN
+	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+	SSL_shutdown(scon);
+#endif
+	SHUTDOWN(SSL_get_fd(scon));
+
+	nConn = 0;
+	totalTime = 0.0;
+
+	finishtime=time(NULL)+maxTime;
+
+	printf( "starting\n" );
+	bytes_read=0;
+	tm_Time_F(START);
+		
+	for (;;)
+		{
+		if (finishtime < time(NULL)) break;
+
+#ifdef WIN32_STUFF
+		if( flushWinMsgs(0) == -1 )
+			goto end;
+
+		if( waitingToDie || exitNow )	/* we're dead */
+			goto end;
+#endif
+
+	 	if( (doConnection( scon )) == NULL )
+			goto end;
+
+		if (s_www_path)
+			{
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			SSL_write(scon,buf,strlen(buf));
+			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+				bytes_read+=i;
+			}
+
+#ifdef NO_SHUTDOWN
+		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+		SSL_shutdown(scon);
+#endif
+		SHUTDOWN(SSL_get_fd(scon));
+	
+		nConn += 1;
+		fputc(SSL_session_reused(scon)?'r':
+			(SSL_version(scon))+'0', stdout );
+		fflush(stdout);
+		}
+	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+
+
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+	ret=0;
+end:
+	if (scon != NULL) SSL_free(scon);
+
+	if (tm_ctx != NULL)
+		{
+		SSL_CTX_free(tm_ctx);
+		tm_ctx=NULL;
+		}
+	EXIT(ret);
+	}
+
+/***********************************************************************
+ * doConnection - make a connection
+ * Args:
+ *		scon	= earlier ssl connection for session id, or NULL
+ * Returns:
+ *		SSL *	= the connection pointer.
+ */
+static SSL *
+doConnection(scon)
+SSL *scon;
+	{
+	BIO *conn;
+	SSL *serverCon;
+	int width, i;
+	fd_set readfds;
+
+	if ((conn=BIO_new(BIO_s_connect())) == NULL)
+		return(NULL);
+
+/*	BIO_set_port(conn,port);*/
+	BIO_set_hostname(conn,host);
+
+	if (scon == NULL)
+		serverCon=(SSL *)SSL_new(tm_ctx);
+	else
+		{
+		serverCon=scon;
+		SSL_set_connect_state(serverCon);
+		}
+
+	SSL_set_bio(serverCon,conn,conn);
+
+#if 0
+	if( scon != NULL )
+		SSL_set_session(serverCon,SSL_get_session(scon));
+#endif
+
+	/* ok, lets connect */
+	for(;;) {
+		i=SSL_connect(serverCon);
+		if (BIO_sock_should_retry(i))
+			{
+			BIO_printf(bio_err,"DELAY\n");
+
+			i=SSL_get_fd(serverCon);
+			width=i+1;
+			FD_ZERO(&readfds);
+			FD_SET(i,&readfds);
+			select(width,&readfds,NULL,NULL,NULL);
+			continue;
+			}
+		break;
+		}
+	if(i <= 0)
+		{
+		BIO_printf(bio_err,"ERROR\n");
+		if (verify_error != X509_V_OK)
+			BIO_printf(bio_err,"verify error:%s\n",
+				X509_verify_cert_error_string(verify_error));
+		else
+			ERR_print_errors(bio_err);
+		if (scon == NULL)
+			SSL_free(serverCon);
+		return NULL;
+		}
+
+	return serverCon;
+	}
+
+
diff --git a/apps/server.pem b/apps/server.pem
new file mode 100644
index 0000000000000000000000000000000000000000..eabb927036f0ccdedb5ccb9e5ad7e9d7969fd415
--- /dev/null
+++ b/apps/server.pem
@@ -0,0 +1,369 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/apps/server2.pem b/apps/server2.pem
new file mode 100644
index 0000000000000000000000000000000000000000..8bb664194edc81366660ab28f0c796431466b37b
--- /dev/null
+++ b/apps/server2.pem
@@ -0,0 +1,376 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
+MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
+cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
+RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
+6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
+JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
+gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
+dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
+8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/apps/sess_id.c b/apps/sess_id.c
new file mode 100644
index 0000000000000000000000000000000000000000..03a8f46dfb3355d4310e769e479145a20b9d21c5
--- /dev/null
+++ b/apps/sess_id.c
@@ -0,0 +1,305 @@
+/* apps/sess_id.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+
+#undef PROG
+#define PROG	sess_id_main
+
+#define FORMAT_UNDEF	0
+#define FORMAT_ASN1	1
+#define FORMAT_TEXT	2
+#define FORMAT_PEM	3
+
+static char *sess_id_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg    - output format - default PEM\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -text           - print ssl session id details\n",
+" -cert           - output certificaet \n",
+" -noout          - no CRL output\n",
+NULL
+};
+
+#ifndef NOPROTO
+static SSL_SESSION *load_sess_id(char *file, int format);
+#else
+static SSL_SESSION *load_sess_id();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	SSL_SESSION *x=NULL;
+	int ret=1,i,num,badops=0;
+	BIO *out=NULL;
+	int informat,outformat;
+	char *infile=NULL,*outfile=NULL;
+	int cert=0,noout=0,text=0;
+	char **pp;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	argc--;
+	argv++;
+	num=0;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-text") == 0)
+			text= ++num;
+		else if (strcmp(*argv,"-cert") == 0)
+			cert= ++num;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout= ++num;
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		for (pp=sess_id_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,*pp);
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+	x=load_sess_id(infile,informat);
+	if (x == NULL) { goto end; }
+
+#ifdef undef
+	/* just testing for memory leaks :-) */
+	{
+	SSL_SESSION *s;
+	char buf[1024*10],*p;
+	int i;
+
+	s=SSL_SESSION_new();
+
+	p= &buf;
+	i=i2d_SSL_SESSION(x,&p);
+	p= &buf;
+	d2i_SSL_SESSION(&s,&p,(long)i);
+	p= &buf;
+	d2i_SSL_SESSION(&s,&p,(long)i);
+	p= &buf;
+	d2i_SSL_SESSION(&s,&p,(long)i);
+	SSL_SESSION_free(s);
+	}
+#endif
+
+	if (!noout || text)
+		{
+		out=BIO_new(BIO_s_file());
+		if (out == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
+		if (outfile == NULL)
+			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_write_filename(out,outfile) <= 0)
+				{
+				perror(outfile);
+				goto end;
+				}
+			}
+		}
+
+	if (text)
+		{
+		SSL_SESSION_print(out,x);
+
+		if (cert)
+			{
+			if (x->peer == NULL)
+				BIO_puts(out,"No certificate present\n");
+			else
+				X509_print(out,x->peer);
+			}
+		}
+
+	if (!noout && !cert)
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=(int)i2d_SSL_SESSION_bio(out,x);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_SSL_SESSION(out,x);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i) {
+			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+			goto end;
+			}
+		}
+	else if (!noout && (x->peer != NULL)) /* just print the certificate */
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=(int)i2d_X509_bio(out,x->peer);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_X509(out,x->peer);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i) {
+			BIO_printf(bio_err,"unable to write X509\n");
+			goto end;
+			}
+		}
+	ret=0;
+end:
+	if (out != NULL) BIO_free(out);
+	if (x != NULL) SSL_SESSION_free(x);
+	EXIT(ret);
+	}
+
+static SSL_SESSION *load_sess_id(infile, format)
+char *infile;
+int format;
+	{
+	SSL_SESSION *x=NULL;
+	BIO *in=NULL;
+
+	in=BIO_new(BIO_s_file());
+	if (in == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_SSL_SESSION_bio(in,NULL);
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input crl\n");
+		goto end;
+		}
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+end:
+	if (in != NULL) BIO_free(in);
+	return(x);
+	}
+
diff --git a/apps/set/set-g-ca.pem b/apps/set/set-g-ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..78499f05706c22b2a06a4a0f188087fab61e474a
--- /dev/null
+++ b/apps/set/set-g-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
+Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
+6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
+vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
+SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
+AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
+9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
+a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
+-----END CERTIFICATE-----
diff --git a/apps/set/set-m-ca.pem b/apps/set/set-m-ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0e74caff67b80c3bdfa79123cbc305c8e6db8314
--- /dev/null
+++ b/apps/set/set-m-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
+Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
+7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
+FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
+SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
+GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
+EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
+x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
+-----END CERTIFICATE-----
diff --git a/apps/set/set_b_ca.pem b/apps/set/set_b_ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..eba7d5cf54bdfbc3980c1afc58a3edd553d1f463
--- /dev/null
+++ b/apps/set/set_b_ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
+b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
+9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
+ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
+3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
+J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
+mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
+EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
+IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
+jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
+NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
+ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
+DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
+43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
+9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
+VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
+WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
+lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
+-----END CERTIFICATE-----
diff --git a/apps/set/set_c_ca.pem b/apps/set/set_c_ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..48b2cbdc7cd5a2f3dfebc372604887c808580829
--- /dev/null
+++ b/apps/set/set_c_ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
+Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
+Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
+pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
+RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
+u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
+XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
++IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
+-----END CERTIFICATE-----
diff --git a/apps/set/set_d_ct.pem b/apps/set/set_d_ct.pem
new file mode 100644
index 0000000000000000000000000000000000000000..9f8c7d8b086a9a0acf0811858b9148d9a92a045b
--- /dev/null
+++ b/apps/set/set_d_ct.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
+NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
+MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
+cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
+MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
+/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
+HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
+IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
+NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
+IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
+BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
+ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
+MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
+c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
+mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
+ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
+UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
+-----END CERTIFICATE-----
diff --git a/apps/set/set_root.pem b/apps/set/set_root.pem
new file mode 100644
index 0000000000000000000000000000000000000000..8dd104f058d3e265476ea995b7b29d06b035349a
--- /dev/null
+++ b/apps/set/set_root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
+zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
+rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
+/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
+g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
+ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
+AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
+OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
+Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
+y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
+vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
+O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
+DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
+vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
+bxCrVJLd8tu9WgA=
+-----END CERTIFICATE-----
diff --git a/apps/speed.c b/apps/speed.c
new file mode 100644
index 0000000000000000000000000000000000000000..e0aff278f5641dbb756ec9b216ddf91a31f8c645
--- /dev/null
+++ b/apps/speed.c
@@ -0,0 +1,1068 @@
+/* apps/speed.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#undef SECONDS
+#define SECONDS		3	
+#define RSA_SECONDS	10	
+#define DSA_SECONDS	10	
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#undef PROG
+#define PROG speed_main
+
+#include 
+#include 
+#include 
+#include 
+#include "apps.h"
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "crypto.h"
+#include "rand.h"
+#include "err.h"
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#ifndef VMS
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+#else /* VMS */
+#include 
+struct tms {
+	time_t tms_utime;
+	time_t tms_stime;
+	time_t tms_uchild;	/* I dunno...  */
+	time_t tms_uchildsys;	/* so these names are a guess :-) */
+	}
+#endif
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef sun
+#include 
+#include 
+#endif
+
+#ifndef NO_DES
+#include "des.h"
+#endif
+#ifndef NO_MD2
+#include "md2.h"
+#endif
+#ifndef NO_MDC2
+#include "mdc2.h"
+#endif
+#ifndef NO_MD5
+#include "md5.h"
+#endif
+#if !defined(NO_SHA) && !defined(NO_SHA1)
+#include "sha.h"
+#endif
+#ifndef NO_RC4
+#include "rc4.h"
+#endif
+#ifndef NO_RC2
+#include "rc2.h"
+#endif
+#ifndef NO_IDEA
+#include "idea.h"
+#endif
+#ifndef NO_BLOWFISH
+#include "blowfish.h"
+#endif
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#include "x509.h"
+#include "./testrsa.h"
+#ifndef NO_DSA
+#include "./testdsa.h"
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ	100.0
+#   else /* VMS */
+#    define HZ	100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE	((long)1024*8)
+int run=0;
+
+#ifndef NOPROTO
+static double Time_F(int s);
+static void print_message(char *s,long num,int length);
+static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+#else
+static double Time_F();
+static void print_message();
+static void pkey_print_message();
+#endif
+
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif 
+
+#ifndef NOPROTO
+static SIGRETTYPE sig_done(int sig);
+#else
+static SIGRETTYPE sig_done();
+#endif
+
+static SIGRETTYPE sig_done(sig)
+int sig;
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+static double Time_F(s)
+int s;
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret < 1e-3)?1e-3:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret < 0.001)?0.001:ret);
+		}
+#endif
+	}
+
+int MAIN(argc,argv)
+int argc;
+char **argv;
+	{
+	unsigned char *buf=NULL,*buf2=NULL;
+	int ret=1;
+#define ALGOR_NUM	11
+#define SIZE_NUM	5
+#define RSA_NUM		4
+#define DSA_NUM		3
+	long count,rsa_count;
+	int i,j,k,rsa_num,rsa_num2;
+	unsigned int kk;
+#ifndef NO_MD2
+	unsigned char md2[MD2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MDC2
+	unsigned char mdc2[MDC2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MD5
+	unsigned char md5[MD5_DIGEST_LENGTH];
+#endif
+#if !defined(NO_SHA) || !defined(NO_SHA1)
+	unsigned char sha[SHA_DIGEST_LENGTH];
+#endif
+#ifndef NO_RC4
+	RC4_KEY rc4_ks;
+#endif
+#ifndef NO_RC2
+	RC2_KEY rc2_ks;
+#endif
+#ifndef NO_IDEA
+	IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef NO_BLOWFISH
+	BF_KEY bf_ks;
+#endif
+	static unsigned char key16[16]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	unsigned char iv[8];
+#ifndef NO_DES
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+#endif
+#define	D_MD2		0
+#define	D_MDC2		1
+#define	D_MD5		2
+#define	D_SHA		3
+#define	D_SHA1		4
+#define	D_RC4		5
+#define	D_CBC_DES	6
+#define	D_EDE3_DES	7
+#define	D_CBC_IDEA	8
+#define	D_CBC_RC2	9
+#define	D_CBC_BF	10
+	double d,results[ALGOR_NUM][SIZE_NUM];
+	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+	long c[ALGOR_NUM][SIZE_NUM];
+	static char *names[ALGOR_NUM]={
+		"md2","mdc2","md5","sha","sha1","rc4",
+		"des cbc","des ede3","idea cbc",
+		"rc2 cbc","blowfish cbc"};
+#define	R_DSA_512	0
+#define	R_DSA_1024	1
+#define	R_DSA_2048	2
+#define	R_RSA_512	0
+#define	R_RSA_1024	1
+#define	R_RSA_2048	2
+#define	R_RSA_4096	3
+	RSA *rsa_key[RSA_NUM];
+	DSA *dsa_key[DSA_NUM];
+	long rsa_c[RSA_NUM][2];
+	long dsa_c[DSA_NUM][2];
+#ifndef NO_RSA
+	double rsa_results[RSA_NUM][2];
+#endif
+#ifndef NO_DSA
+	double dsa_results[DSA_NUM][2];
+#endif
+	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
+	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+	static unsigned char *rsa_data[RSA_NUM]=
+		{test512,test1024,test2048,test4096};
+	static int rsa_data_length[RSA_NUM]={
+		sizeof(test512),sizeof(test1024),
+		sizeof(test2048),sizeof(test4096)};
+	int doit[ALGOR_NUM];
+	int rsa_doit[RSA_NUM];
+	int dsa_doit[DSA_NUM];
+	int pr_header=0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	for (i=0; i 10000)
+				fprintf(stdout," %11.2fk",results[k][j]/1e3);
+			else
+				fprintf(stdout," %11.2f ",results[k][j]);
+			}
+		fprintf(stdout,"\n");
+		}
+#ifndef NO_RSA
+	j=1;
+	for (k=0; k
+#include 
+#include 
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "bio.h"
+#include "crypto.h"
+#include "lhash.h"
+#include "conf.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#define SSLEAY	/* turn off a few special case MONOLITH macros */
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#define SSLEAY_SRC
+#include "apps.h"
+#include "s_apps.h"
+#include "err.h"
+
+
+#ifndef NOPROTO
+static unsigned long MS_CALLBACK hash(FUNCTION *a);
+static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+static LHASH *prog_init(void );
+static int do_cmd(LHASH *prog,int argc,char *argv[]);
+static void sig_stop(int i);
+#else
+static unsigned long MS_CALLBACK hash();
+static int MS_CALLBACK cmp();
+static LHASH *prog_init();
+static int do_cmd();
+static void sig_stop();
+#endif
+
+LHASH *config=NULL;
+char *default_config_file=NULL;
+
+#ifdef DEBUG
+static void sig_stop(i)
+int i;
+	{
+	char *a=NULL;
+
+	*a='\0';
+	}
+#endif
+
+/* Make sure there is only one when MONOLITH is defined */
+#ifdef MONOLITH
+BIO *bio_err=NULL;
+#endif
+
+int main(Argc,Argv)
+int Argc;
+char *Argv[];
+	{
+	ARGS arg;
+#define PROG_NAME_SIZE	16
+	char pname[PROG_NAME_SIZE];
+	FUNCTION f,*fp;
+	MS_STATIC char *prompt,buf[1024],config_name[256];
+	int n,i,ret=0;
+	int argc;
+	char **argv,*p;
+	LHASH *prog=NULL;
+	long errline;
+ 
+	arg.data=NULL;
+	arg.count=0;
+
+	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
+	apps_startup();
+
+#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
+#ifdef SIGBUS
+	signal(SIGBUS,sig_stop);
+#endif
+#ifdef SIGSEGV
+	signal(SIGSEGV,sig_stop);
+#endif
+#endif
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	ERR_load_crypto_strings();
+
+	/* Lets load up our environment a little */
+	p=getenv("SSLEAY_CONF");
+	if (p == NULL)
+		{
+		strcpy(config_name,X509_get_default_cert_area());
+		strcat(config_name,"/lib/");
+		strcat(config_name,SSLEAY_CONF);
+		p=config_name;
+		}
+
+	default_config_file=p;
+
+	config=CONF_load(config,p,&errline);
+	if (config == NULL) ERR_clear_error();
+
+	prog=prog_init();
+
+	/* first check the program name */
+	program_name(Argv[0],pname,PROG_NAME_SIZE);
+
+	f.name=pname;
+	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+	if (fp != NULL)
+		{
+		Argv[0]=pname;
+		ret=fp->func(Argc,Argv);
+		goto end;
+		}
+
+	/* ok, now check that there are not arguments, if there are,
+	 * run with them, shifting the ssleay off the front */
+	if (Argc != 1)
+		{
+		Argc--;
+		Argv++;
+		ret=do_cmd(prog,Argc,Argv);
+		if (ret < 0) ret=0;
+		goto end;
+		}
+
+	/* ok, lets enter the old 'SSLeay>' mode */
+	
+	for (;;)
+		{
+		ret=0;
+		p=buf;
+		n=1024;
+		i=0;
+		for (;;)
+			{
+			p[0]='\0';
+			if (i++)
+				prompt=">";
+			else	prompt="SSLeay>";
+			fputs(prompt,stdout);
+			fflush(stdout);
+			fgets(p,n,stdin);
+			if (p[0] == '\0') goto end;
+			i=strlen(p);
+			if (i <= 1) break;
+			if (p[i-2] != '\\') break;
+			i-=2;
+			p+=i;
+			n-=i;
+			}
+		if (!chopup_args(&arg,buf,&argc,&argv)) break;
+
+		ret=do_cmd(prog,argc,argv);
+		if (ret < 0)
+			{
+			ret=0;
+			goto end;
+			}
+		if (ret != 0)
+			BIO_printf(bio_err,"error in %s\n",argv[0]);
+		}
+	BIO_printf(bio_err,"bad exit\n");
+	ret=1;
+end:
+	if (config != NULL)
+		{
+		CONF_free(config);
+		config=NULL;
+		}
+	if (prog != NULL) lh_free(prog);
+	if (arg.data != NULL) Free(arg.data);
+	ERR_remove_state(0);
+
+	EVP_cleanup();
+
+	CRYPTO_mem_leaks(bio_err);
+	if (bio_err != NULL)
+		{
+		BIO_free(bio_err);
+		bio_err=NULL;
+		}
+	EXIT(ret);
+	}
+
+static int do_cmd(prog,argc,argv)
+LHASH *prog;
+int argc;
+char *argv[];
+	{
+	FUNCTION f,*fp;
+	int i,ret=1,tp,nl;
+
+	if ((argc <= 0) || (argv[0] == NULL))
+		{ ret=0; goto end; }
+	f.name=argv[0];
+	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+	if (fp != NULL)
+		{
+		ret=fp->func(argc,argv);
+		}
+	else if ((strcmp(argv[0],"quit") == 0) ||
+		(strcmp(argv[0],"q") == 0) ||
+		(strcmp(argv[0],"exit") == 0) ||
+		(strcmp(argv[0],"bye") == 0))
+		{
+		ret= -1;
+		goto end;
+		}
+	else
+		{
+		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+			argv[0]);
+		i=0;
+		fp=functions;
+		tp=0;
+		for (fp=functions; fp->name != NULL; fp++)
+			{
+			nl=0;
+			if (((i++) % 5) == 0)
+				{
+				BIO_printf(bio_err,"\n");
+				nl=1;
+				}
+			if (fp->type != tp)
+				{
+				tp=fp->type;
+				if (!nl) BIO_printf(bio_err,"\n");
+				if (tp == FUNC_TYPE_MD)
+					{
+					i=1;
+					BIO_printf(bio_err,
+						"Message Digest commands - see the dgst command for more details\n");
+					}
+				else if (tp == FUNC_TYPE_CIPHER)
+					{
+					i=1;
+					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+					}
+				}
+			BIO_printf(bio_err,"%-15s",fp->name);
+			}
+		BIO_printf(bio_err,"\nquit\n");
+		ret=0;
+		}
+end:
+	return(ret);
+	}
+
+static LHASH *prog_init()
+	{
+	LHASH *ret;
+	FUNCTION *f;
+
+	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
+
+	for (f=functions; f->name != NULL; f++)
+		lh_insert(ret,(char *)f);
+	return(ret);
+	}
+
+static int MS_CALLBACK cmp(a,b)
+FUNCTION *a,*b;
+	{
+	return(strncmp(a->name,b->name,8));
+	}
+
+static unsigned long MS_CALLBACK hash(a)
+FUNCTION *a;
+	{
+	return(lh_strhash(a->name));
+	}
+
+#undef SSLEAY
diff --git a/apps/ssleay.cnf b/apps/ssleay.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..0b3bfa64f861487d30786b04d40cb6a9d8effc7f
--- /dev/null
+++ b/apps/ssleay.cnf
@@ -0,0 +1,116 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $ENV::HOME/.rnd
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= x509v3_extensions	# The extentions to add to the cert
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= CryptSoft Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
+nsComment			= "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType			= 0x40
+
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+#nsCertSequence
+#nsCertExt
+#nsDataType
+
diff --git a/apps/stuff/pkcs12.der b/apps/stuff/pkcs12.der
new file mode 100644
index 0000000000000000000000000000000000000000..49c28b4785b1cbe55b550e031ed56ba4de16afd8
Binary files /dev/null and b/apps/stuff/pkcs12.der differ
diff --git a/apps/stuff/pkcs7.ex1 b/apps/stuff/pkcs7.ex1
new file mode 100644
index 0000000000000000000000000000000000000000..0eed41b6dcd65d854fab3af86a6d4183abd89f6f
--- /dev/null
+++ b/apps/stuff/pkcs7.ex1
@@ -0,0 +1,25 @@
+-----BEGIN xxx-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIB
+rTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMT
+UGVyc29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4
+MDIxODM4NTdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZp
+Y2F0ZTEYMBYGA1UEAxMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAMy8QcW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamI
+DElX/qw9mIQu4xNj1FfepfJNxzPvA0OtMKhy6+bkrlyMEU8CAwEAATAN
+BgkqhkiG9w0BAQIFAANPAAYn7jDgirhiIL4wnP8nGzUisGSpsFsF4/7z
+2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d82H5+Ndfhi2mRp4YHiGHz0Hl
+K6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANBgkqhkiG9w0BAQIFADBf
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHks
+IEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3MjM1OTU5
+WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJp
+dHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTAN
+BgkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1F
+pI9tXQ1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8
+nOkkuBi+AQvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7x
+Ddp49oZm9GoNcPhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6
+Wqf430Xe9Et5+jgnMTiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFc
+miin80RB8AAAMYAAAAAAAAAAAA==
+-----END xxx-----
diff --git a/apps/stuff/pkcs7.ex2 b/apps/stuff/pkcs7.ex2
new file mode 100644
index 0000000000000000000000000000000000000000..2b21a67ca5bf34f007581627b9943713ac2961eb
--- /dev/null
+++ b/apps/stuff/pkcs7.ex2
@@ -0,0 +1,11 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+MIAGCSqGSIb3DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMBEGBSsOAwIHBAifqtdy
+x6uIMYCCARgvFzJtOZBn773DtmXlx037ck3giqnV0WC0QAx5f+fesAiGaxMqWcir
+r9XvT0nT0LgSQ/8tiLCDBEKdyCNgdcJAduy3D0r2sb5sNTT0TyL9uydG3w55vTnW
+aPbCPCWLudArI1UHDZbnoJICrVehxG/sYX069M8v6VO8PsJS7//hh1yM+0nekzQ5
+l1p0j7uWKu4W0csrlGqhLvEJanj6dQAGSTNCOoH3jzEXGQXntgesk8poFPfHdtj0
+5RH4MuJRajDmoEjlrNcnGl/BdHAd2JaCo6uZWGcnGAgVJ/TVfSVSwN5nlCK87tXl
+nL7DJwaPRYwxb3mnPKNq7ATiJPf5u162MbwxrddmiE7e3sST7naSN+GS0ateY5X7
+AAAAAAAAAAA=
+-----END PRIVACY-ENHANCED MESSAGE-----
+
diff --git a/apps/stuff/pkcs7.ex3 b/apps/stuff/pkcs7.ex3
new file mode 100644
index 0000000000000000000000000000000000000000..b2eabefc5b90f714903c785a35e595bd056aa51e
--- /dev/null
+++ b/apps/stuff/pkcs7.ex3
@@ -0,0 +1,12 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxgDCBqQIBADBTME0xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29u
+YSBDZXJ0aWZpY2F0ZQICALYwDQYJKoZIhvcNAQEBBQAEQCU/R+YCJSUsV6XLilHG
+cNVzwqKcWzmT/rZ+duOv8Ggb7oO/d8H3xUVGQ2LsX4kYGq2szwj8Q6eWhsmhf4oz
+lvMAADCABgkqhkiG9w0BBwEwEQYFKw4DAgcECFif7BadXlw3oIAEgZBNcMexKe16
++mNxx8YQPukBCL0bWqS86lvws/AgRkKPELmysBi5lco8MBCsWK/fCyrnxIRHs1oK
+BXBVlsAhKkkusk1kCf/GbXSAphdSgG+d6LxrNZwHbBFOX6A2hYS63Iczd5bOVDDW
+Op2gcgUtMJq6k2LFrs4L7HHqRPPlqNJ6j5mFP4xkzOCNIQynpD1rV6EECMIk/T7k
+1JLSAAAAAAAAAAAAAA==
+-----END PRIVACY-ENHANCED MESSAGE-----
+
diff --git a/apps/stuff/pkcs7.pem b/apps/stuff/pkcs7.pem
new file mode 100644
index 0000000000000000000000000000000000000000..eef654ca811d4611edd5d9b52cfdc0f2131234bf
--- /dev/null
+++ b/apps/stuff/pkcs7.pem
@@ -0,0 +1,46 @@
+-----BEGIN PKCS7-----
+MIIIEgYJKoZIhvcNAQcCMIIIAwIBATEAMAsGCSqGSIb3DQEHAaCCBDUwggIhMIIB
+jgIFAnIAAGcwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
+F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk1MDUxNzAwMDAwMFoXDTk1MTEx
+NjIzNTk1OVowdzELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5h
+MRIwEAYDVQQHEwlDaGFybG90dGUxIzAhBgNVBAoTGlZuZXQgSW50ZXJuZXQgQWNj
+ZXNzLCBJbmMuMRYwFAYDVQQDFA13d3cqLnZuZXQubmV0MHwwDQYJKoZIhvcNAQEB
+BQADawAwaAJhAOngW+io4W1lAp1b2k4+KqICaLHatp6AWkPLpa3Li2mwmggSGeRD
+AmTI4FQB0EFrDMfKLOteHgGoDJ0vifmV5cKvevRt5Gn+xPn54Halu7i145iUldyv
+oViUNpWmLJhKTQIDAQABMA0GCSqGSIb3DQEBAgUAA34AQkyfJje6H8fxtN68TvXV
+RibnPpQol2jMbh0VnK9cP9ePvsXy+7JoGuWxj6zlgjZGwia49xITggZ+0b+wP51l
+5e8xEEc2K7eC5QVD0qh/NSqdPcVP+UG6UK/LT25w/yLuZgqJ3g87kGbOo9myLhkZ
+3jr3kXnsriBmwmqcjgUwggIMMIIBlgIFAkAAAEUwDQYJKoZIhvcNAQECBQAwXzEL
+MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4w
+LAYDVQQLEyVMb3cgQXNzdXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
+DTk0MTEwOTIzMTk0NFoXDTk5MTIzMTIzMTk0NFowXzELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
+A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwji
+ioII0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJ
+VphIuR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJ
+KoZIhvcNAQECBQADYQAjOCnuhWTdRq+8PhUBSzKbOhmafQQPQ8Ltw+49U8N1zgq9
+1ROaW46znUQykAPUdaAIflEfV2e0ULuyOWCwDJ2ME7NUmWL86SLkk6QLC9iItjva
+h+tdpLV/+TerjmrxCWChggOyMIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1
+MDIwMjEyMjZaFw05NTA2MDEwMDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcy
+NDI2WjAWAgUCQQAACRcNOTUwMjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAx
+MjQ5WjAWAgUCQQAADBcNOTUwMjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0
+MDQ5WjAWAgUCQQAAFhcNOTUwMzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0
+MDQxWjAWAgUCQQAAHxcNOTUwMzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAw
+NzExWjAWAgUCcgAAERcNOTUwMzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDEx
+MzIxWjAWAgUCcgAAHhcNOTUwNDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcx
+NzI0WjAWAgUCcgAAOBcNOTUwNDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIx
+MjI2WjANBgkqhkiG9w0BAQIFAAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6q
+QmK92W0hW158wpJg+ovV3+wQwvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3M
+rJBnZ4GaZDu4FutZh72MR3GtJaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFA
+yp0vMIIBHTCBqDANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UE
+ChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFu
+Y2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTk1MDUwMTE5MjcyOVoXDTk1MDYw
+MTA4MDAwMFowGDAWAgUCQAAAXhcNOTUwMjA4MDE0NjIyWjANBgkqhkiG9w0BAQIF
+AANhAF70VxEAKgGlS2otYkWSqYJ286MMDbdAIoEGCDTtVuLCOP3YKHOSTjFhbIhL
+5mBd+Q/W+lKSqdoyYhdObaBk4I4Wk+/BE2QK1x4QhtYG144spESXIRIKAbhffg1g
+rRe/ETEA
+-----END PKCS7-----
diff --git a/apps/test.ssl b/apps/test.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..d0566e0d0509a257c116649e28d41105b0a38df6
--- /dev/null
+++ b/apps/test.ssl
@@ -0,0 +1,16 @@
+www.microsoft.com:443
+sectest.microsoft.com:443
+https://sectest.microsoft.com/ClientAuth/test.asp
+ssl3.netscape.com:443
+ssl3.netscape.com:444
+www.openmarket.com:443 - no session ID caching. - no swap
+
+Servers
+bad  www.openmarket.com	Open-Market-Secure-WebServer/V2.1
+bad  www.microsoft.com	Server: Microsoft-IIS/3.0
+good transact.netscape.com	Netscape-Enterprise/2.01
+
+clients
+good netscape
+hmm  MSIE
+
diff --git a/apps/testCA.pem b/apps/testCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..dcb710aa9d1293849dac6f015ab0e380f8e96c46
--- /dev/null
+++ b/apps/testCA.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
+MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
+VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
+hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
+uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/testdsa.h b/apps/testdsa.h
new file mode 100644
index 0000000000000000000000000000000000000000..8e8aea617a226972668b391f4f6cc46828fff364
--- /dev/null
+++ b/apps/testdsa.h
@@ -0,0 +1,155 @@
+/* NOCW */
+#ifndef NOPROTO
+DSA *get_dsa512(void );
+DSA *get_dsa1024(void );
+DSA *get_dsa2048(void );
+#else
+DSA *get_dsa512();
+DSA *get_dsa1024();
+DSA *get_dsa2048();
+#endif
+
+static unsigned char dsa512_p[]={
+	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
+	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
+	0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
+	0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
+	0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
+	0xA2,0x76,0x7D,0x31,
+	};
+static unsigned char dsa512_q[]={
+	0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
+	0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
+	};
+static unsigned char dsa512_g[]={
+	0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
+	0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
+	0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
+	0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
+	0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
+	0xA2,0x03,0x9D,0x20,
+	};
+
+DSA *get_dsa512()
+	{
+	DSA *dsa;
+
+	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
+	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
+	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
+	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+		return(NULL);
+	return(dsa);
+	}
+
+static unsigned char dsa1024_p[]={
+	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
+	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
+	0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
+	0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
+	0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
+	0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
+	0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
+	0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
+	0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
+	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
+	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
+	};
+static unsigned char dsa1024_q[]={
+	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
+	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
+	};
+static unsigned char dsa1024_g[]={
+	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
+	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
+	0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
+	0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
+	0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
+	0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
+	0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
+	0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
+	0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
+	0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
+	0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
+	};
+
+DSA *get_dsa1024()
+	{
+	DSA *dsa;
+
+	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
+	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
+	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
+	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+		return(NULL);
+	return(dsa);
+	}
+
+static unsigned char dsa2048_p[]={
+	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
+	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
+	0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
+	0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
+	0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
+	0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
+	0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
+	0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
+	0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
+	0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
+	0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
+	0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
+	0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
+	0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
+	0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
+	0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
+	0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
+	0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
+	0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
+	0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
+	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
+	0xF8,0x68,0xCF,0x9B,
+	};
+static unsigned char dsa2048_q[]={
+	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
+	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
+	};
+static unsigned char dsa2048_g[]={
+	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
+	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
+	0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
+	0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
+	0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
+	0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
+	0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
+	0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
+	0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
+	0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
+	0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
+	0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
+	0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
+	0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
+	0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
+	0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
+	0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
+	0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
+	0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
+	0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
+	0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
+	0xF8,0xB2,0xE5,0x38,
+	};
+ 
+DSA *get_dsa2048()
+	{
+	DSA *dsa;
+ 
+	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
+	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
+	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
+	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+		return(NULL);
+	return(dsa);
+	}
+
diff --git a/apps/testrsa.h b/apps/testrsa.h
new file mode 100644
index 0000000000000000000000000000000000000000..5f838782365e1c908ca0b6dbd6a3bc48e2fbfede
--- /dev/null
+++ b/apps/testrsa.h
@@ -0,0 +1,531 @@
+/* apps/testrsa.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static unsigned char test512[]={
+	0x30,0x82,0x01,0x39,0x02,0x01,0x00,0x02,0x40,0x48,
+	0xd3,0xa9,0x8f,0x3b,0x92,0xce,0x20,0xcc,0xc7,0xe8,
+	0x1f,0x28,0x67,0xdb,0xd1,0xb3,0x06,0x94,0x7d,0x9b,
+	0x88,0x05,0x9d,0xf5,0xab,0x36,0xaa,0x3f,0x15,0xcd,
+	0x40,0x0a,0x76,0xfd,0xab,0x33,0xfa,0x07,0x31,0xc8,
+	0x0d,0xa8,0x23,0x60,0x4e,0xd4,0xda,0x2e,0xed,0xbc,
+	0x43,0x8a,0xc0,0xd8,0xd9,0xf4,0xcb,0xfa,0x12,0xa2,
+	0xec,0x49,0x31,0x02,0x03,0x01,0x00,0x01,0x02,0x40,
+	0x02,0x5e,0x80,0x61,0x9c,0x7a,0x86,0x22,0x23,0x07,
+	0x4d,0xd1,0xd5,0xaa,0xab,0x48,0x03,0x1e,0xef,0xad,
+	0xb6,0x65,0x92,0x69,0x35,0x18,0xc0,0xca,0x81,0x0a,
+	0xe0,0x86,0x6f,0xec,0x00,0x0f,0x1d,0x08,0x43,0xc8,
+	0x82,0x7d,0x89,0xc4,0x3a,0xc4,0x44,0x6a,0x10,0xc6,
+	0xdd,0xd0,0x63,0x1c,0x65,0xd6,0x09,0xc5,0x00,0x51,
+	0x2b,0xc3,0x7c,0xc1,0x02,0x21,0x00,0x8f,0x03,0xfc,
+	0x35,0x08,0xae,0x85,0x41,0x35,0x30,0x02,0xbd,0x96,
+	0xaa,0x84,0x60,0x75,0xb5,0x0c,0x2b,0x64,0xbf,0x28,
+	0x26,0xe2,0x76,0xfd,0xec,0xdc,0x94,0x36,0xcd,0x02,
+	0x21,0x00,0x82,0x5c,0x6f,0x13,0x93,0x98,0x41,0xf7,
+	0x81,0x54,0x3f,0xd7,0x8e,0x06,0x64,0xd9,0x29,0x04,
+	0xfc,0x12,0x46,0x17,0xab,0x9a,0x9f,0xa7,0xd3,0x8a,
+	0xa0,0xcd,0x33,0xf5,0x02,0x21,0x00,0x8a,0xf4,0xe7,
+	0x4f,0xac,0x40,0xcd,0xae,0xbe,0xfc,0x08,0x1d,0xa7,
+	0xcf,0xc4,0x51,0x68,0xec,0xe1,0x87,0x24,0x1b,0x6b,
+	0xea,0xe4,0x2d,0x93,0xa9,0x59,0xe5,0x14,0x9d,0x02,
+	0x20,0x70,0x6b,0xd2,0x86,0xe9,0x74,0x16,0xff,0xa1,
+	0x92,0xcc,0x73,0xd2,0x51,0x85,0x4b,0x19,0xea,0xe8,
+	0x8f,0xc1,0xce,0xcb,0xf8,0xce,0xd2,0xe6,0xc5,0xd8,
+	0xa2,0xde,0xb9,0x02,0x20,0x0f,0x73,0xf0,0xf0,0x91,
+	0x53,0xdf,0x4f,0x37,0xf8,0x3f,0x1f,0x82,0x59,0xe3,
+	0xe8,0xaa,0x04,0x64,0xd1,0x51,0x77,0xa8,0x36,0x65,
+	0x8c,0x6d,0x91,0xf8,0xb2,0xc3,0x03,
+	};
+
+static unsigned char test1024[]={
+	0x30,0x82,0x02,0x58,0x02,0x01,0x00,0x02,
+	0x81,0x80,0x53,0x66,0xb3,0x9b,0xd1,0xde,
+	0xb6,0x55,0x67,0xdc,0xe1,0x91,0xdb,0xc7,
+	0xf2,0xef,0xcc,0x98,0x48,0xbe,0x22,0xb2,
+	0xa5,0x92,0x88,0xa2,0xe7,0xf6,0x8a,0xea,
+	0xc1,0x5e,0xd8,0xb3,0xd6,0xb8,0x9a,0xb7,
+	0xf8,0xaa,0x9d,0x0a,0xa1,0x9e,0xb5,0x81,
+	0xd4,0xd9,0x86,0x92,0x49,0x1d,0x30,0x50,
+	0x18,0x4f,0x40,0x52,0x3c,0xf2,0xb7,0x14,
+	0x5f,0x06,0x4d,0x92,0xab,0x0d,0xe5,0x61,
+	0x9a,0xb3,0xdf,0xb0,0xaa,0x88,0x7d,0x47,
+	0x78,0xbf,0xd5,0x15,0x88,0x6b,0xe7,0x43,
+	0xd3,0x96,0x15,0xed,0x5b,0x33,0xff,0x9d,
+	0x06,0x88,0xb6,0xe1,0x21,0xcb,0xe8,0xb5,
+	0xe3,0x3c,0xef,0xb6,0xe7,0x89,0xc0,0x44,
+	0x71,0x6b,0x38,0xe2,0x7a,0xd4,0x92,0x49,
+	0x14,0xcf,0x36,0xc1,0x7d,0xa4,0x13,0x7a,
+	0xb7,0x3f,0x02,0x01,0x03,0x02,0x81,0x80,
+	0x37,0x99,0xcd,0x12,0x8b,0xe9,0xce,0xe3,
+	0x9a,0x93,0x41,0x0b,0xe7,0xda,0xa1,0xf5,
+	0x33,0x10,0x30,0x7e,0xc1,0xcc,0x6e,0x61,
+	0xb0,0x6c,0x9a,0xa4,0x5c,0x9c,0x80,0xe9,
+	0xe5,0xcd,0x39,0xd0,0x67,0x25,0x50,0x71,
+	0xbe,0x07,0x16,0x69,0xce,0x56,0x8d,0xe6,
+	0x59,0xb6,0xdb,0x68,0xca,0xe0,0x10,0x34,
+	0xd5,0x8c,0x28,0xa1,0xcf,0x62,0xea,0x03,
+	0x70,0xc5,0x5e,0x5e,0x08,0x04,0xb3,0x37,
+	0x06,0x45,0x20,0xe5,0x69,0x8a,0x49,0x7d,
+	0x05,0x47,0x1a,0x33,0x0d,0xfd,0x7f,0xf7,
+	0x7b,0xac,0x2a,0x07,0xc3,0x04,0xbf,0xb2,
+	0x41,0x26,0xfa,0xf8,0xf1,0x88,0x06,0x25,
+	0xb7,0xe7,0x57,0xe4,0x4c,0xc6,0x57,0xd1,
+	0x6a,0xbb,0x9a,0xdc,0x45,0x5f,0x48,0x6f,
+	0x8d,0x75,0xb5,0x7d,0xd6,0x6a,0x03,0x2b,
+	0x02,0x41,0x00,0x97,0x52,0x4f,0x91,0xe0,
+	0xc1,0x67,0x42,0xb0,0x41,0xf2,0xc5,0x56,
+	0x6f,0x66,0x5e,0x5c,0x4e,0x7f,0xc7,0xaf,
+	0xef,0x2d,0x60,0xbd,0x00,0x3b,0x07,0xed,
+	0xec,0xfa,0x12,0x14,0xd0,0xc1,0x32,0xd3,
+	0x47,0x50,0xb9,0x0f,0xd5,0xbd,0x0d,0xd1,
+	0xcf,0xef,0x71,0x1c,0x0c,0xa4,0x2c,0x74,
+	0x2a,0xed,0x5d,0x9b,0x00,0x68,0xec,0x51,
+	0x33,0x73,0xa1,0x02,0x41,0x00,0x8d,0x18,
+	0x4d,0xee,0xf8,0x99,0x26,0x9e,0xa6,0x07,
+	0x06,0x6b,0x08,0x88,0xa4,0x25,0xf0,0xdc,
+	0x61,0x57,0xa2,0x58,0x66,0x42,0x1f,0x6a,
+	0xe1,0x20,0x6d,0x28,0xec,0xeb,0x40,0x55,
+	0xe8,0x23,0xab,0x22,0x89,0x4b,0x4c,0x06,
+	0x26,0xa5,0x7b,0x4a,0xfe,0x3f,0xfc,0xbc,
+	0x6e,0x5d,0xb6,0x0f,0x3a,0xca,0x47,0x90,
+	0x84,0x7b,0x00,0xa8,0x3e,0xdf,0x02,0x40,
+	0x64,0xe1,0x8a,0x61,0x40,0x80,0xef,0x81,
+	0xca,0xd6,0xa1,0xd8,0xe4,0x4a,0x44,0x3e,
+	0xe8,0x34,0x55,0x2f,0xca,0x9f,0x73,0x95,
+	0xd3,0x55,0x7c,0xaf,0xf3,0xf3,0x51,0x61,
+	0x63,0x35,0xd6,0x21,0xe2,0x2f,0x8b,0x26,
+	0x0a,0x8e,0x7e,0x09,0x36,0x8a,0x9f,0xa0,
+	0xbd,0x5d,0xc2,0xc8,0x4d,0x71,0xf3,0x93,
+	0xbc,0xaa,0xf0,0x9d,0x8b,0x77,0xa2,0x6b,
+	0x02,0x40,0x5e,0x10,0x33,0xf4,0xa5,0xbb,
+	0x6f,0x14,0x6e,0xaf,0x59,0x9c,0xb0,0x5b,
+	0x18,0x19,0x4b,0x3d,0x96,0x3a,0x6c,0x3a,
+	0xee,0xd6,0xbf,0x9c,0x96,0x15,0x9e,0x1b,
+	0x48,0x9c,0xd5,0x8e,0x9a,0xc2,0x72,0x17,
+	0x06,0x32,0x32,0xae,0xc4,0x6e,0x52,0x31,
+	0xfe,0xd5,0x53,0x28,0x49,0x93,0xce,0xb4,
+	0xd1,0xdc,0x2f,0xb5,0xad,0xa7,0x55,0xc5,
+	0x7f,0x3f,0x02,0x40,0x37,0xa4,0xcc,0xd7,
+	0x63,0x63,0x6b,0x53,0xd6,0xf3,0xf2,0xfe,
+	0xeb,0x8d,0x4a,0x3d,0xab,0x97,0xfe,0xf8,
+	0x27,0xc5,0x87,0xc7,0xbf,0x2c,0xef,0xae,
+	0xcb,0x61,0x62,0x5e,0x30,0x86,0x8f,0xb5,
+	0x0e,0xeb,0x9a,0xa9,0x09,0x6a,0x4e,0x1c,
+	0xc7,0x1e,0xa2,0xce,0x8e,0xc2,0xc8,0x15,
+	0x13,0x06,0x47,0x9e,0x7c,0x2a,0x3c,0x62,
+	0x26,0xf0,0x9c,0x86,
+	};
+
+static unsigned char test2048[]={
+	0x30,0x82,0x04,0xa1,0x02,0x01,0x00,0x02,0x82,0x01,
+	0x00,0x7a,0x52,0xa1,0xd0,0xdb,0x8c,0x38,0xcf,0x0f,
+	0x01,0x25,0x98,0xee,0x84,0xc1,0xf3,0x8e,0x90,0xb5,
+	0x85,0x5e,0x5f,0x3a,0x33,0x8f,0xc6,0x49,0xe0,0x07,
+	0xd3,0x66,0x26,0xcc,0x47,0xc3,0x04,0xcf,0x91,0x74,
+	0x65,0x07,0x56,0x35,0x7d,0x0a,0xbf,0xcd,0xd2,0x8a,
+	0xf9,0x05,0x62,0xc0,0x63,0xc2,0x54,0xb8,0x14,0x89,
+	0x88,0x58,0x1c,0xeb,0xbc,0xbf,0xf2,0x0d,0xcb,0x05,
+	0x62,0x1c,0xe9,0x48,0x0f,0x2b,0x8d,0x28,0x67,0x92,
+	0x31,0x86,0xe3,0xa4,0x20,0x80,0xfc,0x5c,0x41,0x9d,
+	0x21,0x6d,0x7f,0x12,0x6b,0x54,0xb1,0x04,0x0f,0x87,
+	0x15,0xd7,0xbf,0xc5,0x6b,0x13,0x81,0x80,0x88,0x1e,
+	0x86,0x16,0x66,0xd9,0xcf,0xa5,0x4e,0xe1,0xcf,0xa4,
+	0x4c,0x38,0xdd,0xf9,0x5d,0x5f,0x30,0xdf,0x0d,0x2b,
+	0xfa,0xa0,0x1f,0xb8,0xe3,0x3c,0x62,0xff,0x13,0xf0,
+	0x61,0xc1,0xcd,0x3c,0xb7,0xc3,0xf7,0xec,0x91,0xcf,
+	0x7c,0x4e,0x11,0x4e,0x96,0x7e,0xe5,0x6c,0x9e,0x1b,
+	0xbe,0x3f,0x71,0xc5,0xb1,0xe6,0xeb,0x7e,0xa3,0x97,
+	0xc1,0xd6,0x1b,0x48,0x4f,0x84,0xaf,0x69,0xc2,0x96,
+	0xed,0xbc,0x81,0xdf,0x5f,0xc6,0xda,0xd3,0x25,0x2d,
+	0xc6,0x9f,0x62,0xd2,0x1c,0xef,0xcb,0x0a,0x75,0xd0,
+	0x23,0x1c,0x3b,0x88,0x22,0x70,0x08,0x05,0x46,0xed,
+	0x8a,0xda,0x45,0x94,0x8d,0x0d,0x9b,0x61,0xf3,0x07,
+	0xdc,0x81,0xaa,0x3c,0xcc,0xad,0x06,0x24,0xd7,0xbc,
+	0x28,0x98,0xb4,0x43,0xe3,0x9b,0x0f,0x93,0xa4,0x6e,
+	0x49,0xea,0x3a,0xe6,0x1e,0x56,0x5a,0xff,0x0c,0x93,
+	0x9e,0x9b,0x28,0x7e,0x63,0xb7,0x71,0x02,0x03,0x01,
+	0x00,0x01,0x02,0x82,0x01,0x00,0x34,0xd9,0x5c,0xb6,
+	0x5b,0x14,0xd3,0x3a,0x8a,0x96,0x09,0x43,0x70,0xd2,
+	0x04,0xe6,0x10,0xd3,0x6e,0xc9,0xc7,0x83,0x47,0x27,
+	0x1d,0xd8,0x22,0xf4,0xdb,0x0c,0xb7,0xd6,0xcd,0x6d,
+	0xb7,0xd1,0x6d,0x48,0xbf,0xcc,0x22,0x86,0x59,0xa7,
+	0xc3,0xac,0x28,0xe5,0xed,0x4b,0x37,0xcb,0x79,0xa9,
+	0xe0,0x3d,0x30,0x27,0x17,0x60,0xc4,0x09,0x02,0xc4,
+	0xd2,0xfd,0x66,0x7e,0x2f,0xbe,0x3b,0x15,0x83,0x1f,
+	0xa2,0xc6,0x63,0x0d,0x94,0x79,0x37,0x79,0x44,0xe1,
+	0x12,0x39,0x76,0x36,0x97,0x07,0xe9,0x41,0xfc,0x98,
+	0x48,0xc8,0x0e,0x24,0x13,0x4e,0x19,0x9f,0xee,0x50,
+	0x9b,0xe5,0xd8,0xbd,0x76,0xca,0xa2,0x05,0x1f,0xd7,
+	0xf9,0xe9,0x01,0xe0,0xef,0x70,0x4b,0x25,0x84,0x66,
+	0x96,0x09,0x0c,0x65,0x0f,0x0b,0xa8,0xd6,0xf5,0xc2,
+	0xe3,0xcb,0x3c,0x43,0x66,0xa4,0x15,0x36,0xa5,0xe2,
+	0x9d,0xe9,0xf7,0x32,0x10,0x0e,0x96,0x57,0xaa,0x84,
+	0xf9,0x4d,0x91,0x37,0x5a,0x80,0x01,0x05,0x63,0x1c,
+	0x6e,0xe6,0x8c,0xf7,0x70,0xc1,0x03,0x4f,0x5d,0xde,
+	0x19,0x90,0x1e,0x53,0x98,0xc9,0xc6,0x41,0x66,0xb0,
+	0xc2,0x6f,0x30,0xfe,0xb1,0x26,0x47,0x82,0x0a,0x7b,
+	0x50,0xf8,0x7c,0x88,0x13,0x4d,0x77,0xa0,0xd0,0xba,
+	0x60,0x87,0x21,0xdd,0x74,0xaa,0x32,0xdb,0xbe,0x23,
+	0xee,0x81,0xc0,0xca,0xc9,0x94,0x2f,0x75,0x78,0x08,
+	0xc4,0x04,0x4e,0x67,0x3c,0xb9,0x99,0xd5,0xe5,0xbc,
+	0x4d,0x6b,0x12,0x59,0xfe,0x55,0xff,0x28,0x0a,0x8d,
+	0x6c,0xb1,0xd3,0x23,0x7c,0x33,0x87,0x35,0xba,0x8c,
+	0xb3,0x51,0x02,0x81,0x81,0x00,0xcb,0xbc,0x6f,0x2c,
+	0xa4,0xbb,0x7b,0x51,0x0e,0xfe,0xdb,0x16,0x83,0x16,
+	0x91,0x4a,0xb9,0x31,0x42,0x81,0x8b,0x39,0x44,0x11,
+	0x8b,0x82,0x6f,0x19,0x58,0xd4,0xba,0x38,0x44,0x95,
+	0xec,0x99,0x32,0x4d,0x98,0xd7,0xad,0x3d,0xd1,0x00,
+	0xd4,0x1e,0x62,0x90,0xc4,0xac,0x65,0x29,0xb7,0x5c,
+	0x7c,0x54,0x55,0x33,0xb9,0x22,0x55,0x61,0xc8,0x08,
+	0xdd,0x5d,0x4d,0xc0,0x19,0xa6,0x89,0x3a,0x33,0x19,
+	0xc7,0x1d,0x43,0x16,0x9e,0x7e,0x47,0xce,0xe3,0xde,
+	0xbb,0x52,0x8d,0xcd,0xe3,0x6a,0xe3,0x79,0x9e,0x27,
+	0x0f,0x6d,0x3b,0x74,0x25,0x39,0xe7,0x87,0x3a,0xad,
+	0x98,0x82,0xfc,0xae,0x7d,0x53,0x41,0x79,0x7e,0xb6,
+	0xdc,0xc5,0x75,0x69,0x47,0xd5,0x83,0x26,0x56,0x32,
+	0xfb,0xdf,0x77,0x9d,0x02,0x81,0x81,0x00,0x99,0xb3,
+	0xb3,0x33,0x1e,0xea,0x65,0x5d,0x57,0x27,0x99,0xad,
+	0xd4,0xb7,0xb5,0x5e,0x6a,0x53,0x9d,0x60,0xe9,0x4f,
+	0xa5,0xd9,0x18,0x24,0x05,0x5b,0xda,0x9a,0x24,0xbe,
+	0xdc,0xb1,0xa9,0x2e,0x18,0xc6,0x54,0xb1,0xff,0x65,
+	0x8a,0xaa,0x2b,0x98,0xab,0x27,0x83,0xe6,0x33,0xf5,
+	0x97,0xa1,0x0b,0x09,0x68,0x98,0x0d,0xa2,0x85,0x06,
+	0x99,0x73,0xec,0x1c,0x6d,0x5c,0x9d,0x23,0x49,0xef,
+	0x05,0xea,0x92,0x99,0xeb,0x0b,0xe8,0x15,0xbc,0x87,
+	0xb3,0x30,0xbf,0x10,0xfe,0x99,0x3b,0xd6,0xe5,0x6c,
+	0x8b,0x58,0xa6,0xfb,0xae,0xe5,0x4f,0x10,0xb0,0x28,
+	0xea,0x85,0x5b,0x9b,0x08,0x38,0x75,0x56,0xc3,0xeb,
+	0x3b,0x47,0xea,0x60,0x86,0x77,0x9b,0x84,0xee,0xc1,
+	0x58,0x60,0x88,0x33,0x18,0xe5,0x02,0x81,0x80,0x17,
+	0x3a,0x74,0xb2,0x72,0x55,0xad,0xc9,0xa0,0x1c,0x0e,
+	0x7e,0x92,0x93,0x90,0x1d,0x24,0xe0,0x28,0xe4,0xfc,
+	0x2a,0x9b,0x48,0x24,0xcf,0xca,0x3a,0xe9,0x95,0xd7,
+	0x65,0x72,0xec,0x64,0xfd,0x52,0x6e,0xe6,0x6e,0x30,
+	0xa2,0x4b,0xa1,0xfc,0x8d,0x3a,0x4f,0xa7,0x1c,0xc0,
+	0xab,0xf0,0xeb,0xea,0x80,0xf2,0xf5,0xe2,0xb5,0xb7,
+	0x66,0x5e,0x98,0x24,0x24,0xef,0x28,0x67,0xc4,0x45,
+	0x01,0x0d,0xb2,0x72,0xb1,0x33,0x64,0xf0,0xcd,0x15,
+	0x02,0xd1,0x98,0x23,0x63,0x56,0x27,0x93,0x36,0x2c,
+	0x99,0x41,0x1e,0xd2,0xf3,0x71,0x43,0xdc,0xba,0xad,
+	0x5b,0x0d,0xa5,0x9d,0x2d,0xd2,0x01,0x52,0xe8,0x9b,
+	0x1e,0x6f,0x04,0x0a,0x47,0xb9,0x0b,0x37,0xd5,0x70,
+	0x0e,0x7e,0xe5,0x71,0x32,0x19,0x41,0x02,0x81,0x80,
+	0x23,0xc3,0x55,0x51,0xf2,0xc2,0x95,0x5d,0x57,0x97,
+	0x26,0x41,0xf5,0x39,0xdd,0xa0,0x9f,0x5a,0xdf,0x46,
+	0x9a,0x62,0xe6,0xf3,0x11,0x93,0xe8,0x0f,0x4c,0x59,
+	0x0b,0x6d,0xc1,0x8a,0x31,0x14,0x41,0xbd,0x7c,0x1d,
+	0x82,0x90,0x8c,0xe8,0x35,0x86,0xab,0x64,0x61,0x63,
+	0x61,0xf9,0xa6,0x13,0x59,0xaf,0x11,0xc0,0x37,0x83,
+	0xf6,0x31,0xe7,0xe8,0xba,0x2a,0x8f,0x23,0xba,0x88,
+	0x68,0x7e,0x8e,0x40,0xdb,0x65,0xa6,0xf4,0x39,0x47,
+	0x3d,0x7b,0xd1,0xac,0xe8,0xf8,0x3a,0x55,0x4b,0x40,
+	0x20,0x57,0xd6,0x40, 0x85,0x72,0x10,0x6a,0xd8,0xaf,
+	0xc8,0x5d,0x6c,0xdc,0x24,0xc9,0x78,0xeb,0x32,0x1a,
+	0x43,0x31,0xeb,0xb4,0x3b,0x0b,0xc4,0x9d,0xf5,0xf8,
+	0xc3,0x59,0x07,0x88,0x46,0x88,0xa5,0x25,0x02,0x81,
+	0x80,0x55,0xf5,0x12,0x2e,0x48,0xce,0xef,0xb3,0x1d,
+	0xbf,0xab,0x06,0xf7,0x09,0x8c,0xf0,0x1a,0xe9,0xfa,
+	0x01,0xf9,0x97,0xa4,0x57,0x6f,0x7a,0x73,0x63,0x2a,
+	0x57,0x30,0x97,0xce,0xf7,0xe5,0xd4,0x8c,0x35,0xa2,
+	0x12,0xb7,0xf3,0xf6,0x66,0x76,0x9e,0x90,0x3f,0xb4,
+	0x70,0x0f,0x99,0x7a,0xc9,0x36,0xcf,0x46,0x74,0x39,
+	0x91,0xf2,0x66,0xa2,0x55,0x19,0x1b,0x70,0xe3,0xd6,
+	0x9a,0x8b,0x94,0x79,0x18,0x8a,0x93,0xcf,0x27,0x2a,
+	0xc1,0xb3,0xda,0x51,0x52,0x9d,0x14,0xb7,0xc9,0x2e,
+	0x2f,0x75,0x6d,0xc9,0xdb,0x8f,0x69,0xa7,0xc9,0x5e,
+	0x1f,0x9d,0x3c,0x6e,0x1f,0xa4,0x08,0x33,0x0a,0x7a,
+	0xde,0x90,0x18,0xf2,0x43,0xf7,0x60,0x8b,0x51,0xa3,
+	0x50,0xf8,0x52,0xfc,0xed,0x5c,0x63,0xbc,0x1a,
+	};
+
+static unsigned char test4096[]={
+	0x30,0x82,0x09,0x28,0x02,0x01,0x00,0x02,0x82,0x02,
+	0x01,0x00,0x92,0x1f,0x39,0xc3,0x7c,0xc2,0xfe,0x5c,
+	0x2c,0x83,0x5d,0x08,0x5e,0x76,0xe6,0x53,0x30,0x86,
+	0x47,0x62,0xe9,0x21,0x22,0x2c,0xeb,0x3b,0xe5,0xb3,
+	0x30,0xbf,0x1c,0x37,0x23,0xe2,0x4b,0x27,0xf2,0x8c,
+	0x6a,0x8c,0xcb,0x54,0xf0,0x47,0x91,0xbc,0x3b,0x41,
+	0x6d,0xa6,0xe3,0x9b,0x25,0x3e,0x2f,0x3d,0x8e,0x67,
+	0x9d,0xe9,0x2b,0x7d,0xcd,0x39,0xf5,0xc9,0x2b,0xd0,
+	0xe5,0xe6,0xe7,0x62,0x1e,0x6c,0xe1,0x8f,0xc2,0xa3,
+	0xc9,0x02,0x11,0xf3,0x51,0x63,0x27,0x25,0x82,0x01,
+	0xaa,0x0a,0x68,0x6d,0x4c,0x02,0x5c,0xaf,0xb1,0x72,
+	0xb5,0xf4,0x53,0x43,0xb1,0x90,0x28,0x1b,0x54,0xdd,
+	0xfd,0x57,0x36,0xac,0xf8,0x44,0x34,0x7a,0x85,0x66,
+	0x37,0x62,0xe9,0x80,0xd2,0xe2,0xdc,0xa0,0xe8,0x76,
+	0x09,0x6d,0xc1,0x38,0xac,0x55,0x57,0x44,0xbe,0x0e,
+	0x81,0x0d,0x81,0x63,0xb7,0x73,0xd7,0xbf,0x5d,0x84,
+	0x2f,0x31,0xdc,0x79,0x69,0xf5,0xa9,0x7e,0x60,0x5b,
+	0xc1,0x92,0x26,0xb1,0xf0,0xdf,0x0c,0xe4,0x76,0xf7,
+	0xa3,0x68,0x79,0x9f,0x14,0x5c,0x52,0x97,0x21,0x76,
+	0xd7,0x19,0x8b,0x47,0xc0,0xb6,0x36,0x01,0xa8,0x73,
+	0x54,0xfc,0x61,0xd1,0x64,0x44,0xd3,0x36,0x4b,0xbe,
+	0xc8,0x26,0xcd,0x24,0xb5,0x35,0xdc,0x5a,0xe9,0x25,
+	0x26,0xb4,0x60,0x19,0x1f,0xc7,0x57,0x47,0xd6,0xf1,
+	0x5a,0xae,0xc8,0x16,0xfd,0xa8,0x85,0x0b,0x3a,0xbd,
+	0xd7,0x4c,0xfb,0xd1,0x75,0xa4,0x86,0x91,0x4a,0xb8,
+	0x0a,0x1b,0x83,0xe4,0xce,0x10,0xd2,0x2b,0xe3,0xe4,
+	0x87,0x8c,0xfd,0xb9,0xfb,0x8d,0xb6,0x70,0xa5,0x2b,
+	0xbe,0xe6,0x43,0x4c,0x44,0x09,0x6b,0xd6,0x5a,0xcc,
+	0x89,0x78,0xb7,0xd8,0xc9,0xa9,0x24,0xe9,0xa6,0x87,
+	0x2f,0xd4,0x3f,0xad,0x98,0x32,0x57,0x19,0xf0,0xdd,
+	0x65,0x2e,0x69,0x5f,0x83,0x24,0x3c,0xea,0xc0,0x36,
+	0x88,0xd2,0x1c,0x27,0x29,0x83,0x80,0xd0,0xdf,0xf1,
+	0x1e,0x2d,0x62,0x4c,0x24,0xb1,0xb8,0xa2,0x70,0xc7,
+	0xc5,0xdf,0x8d,0xea,0xf7,0xea,0xb8,0x68,0x99,0x7c,
+	0xd6,0xf0,0x3b,0x6b,0xb0,0xc5,0xb0,0x0c,0x96,0xfd,
+	0x07,0x46,0x5f,0xc8,0xde,0xb4,0x4f,0x7b,0x0f,0xd1,
+	0x71,0x1e,0x84,0x27,0x93,0x95,0xfc,0x7b,0x3f,0x3a,
+	0xf1,0xe9,0x82,0x4f,0x09,0xc0,0x79,0x35,0xb1,0xe4,
+	0x45,0x87,0x26,0xe7,0xf9,0x9a,0xcd,0x63,0x42,0x98,
+	0x9a,0xf8,0x11,0x20,0xf1,0x42,0xd2,0x31,0xdc,0x03,
+	0xb5,0xa9,0xeb,0x87,0x08,0x2a,0x76,0xb4,0xbf,0x0e,
+	0x5b,0xa9,0x52,0xd5,0x12,0xda,0x87,0xfa,0x01,0x23,
+	0x5b,0x78,0x97,0x73,0xcc,0xf8,0x0e,0xf0,0xde,0x34,
+	0x9f,0xb2,0xcd,0x8c,0x5a,0xce,0xd6,0x3f,0x17,0xe1,
+	0x45,0xd5,0xeb,0xab,0x6a,0x47,0x0f,0x3c,0x02,0xfb,
+	0xa5,0xcd,0x85,0x54,0x07,0x0b,0xba,0x74,0x16,0x87,
+	0x2e,0x9e,0xe5,0x2a,0x80,0x4c,0x27,0xc6,0x9e,0xe2,
+	0xfd,0x60,0xa7,0x89,0x13,0x3e,0x03,0x7f,0x55,0xf5,
+	0xd2,0x67,0xab,0x37,0x40,0xbf,0x33,0x03,0xe2,0xd1,
+	0x60,0xcb,0x48,0xae,0x80,0x30,0x87,0xf6,0xd8,0x34,
+	0xef,0x61,0xb3,0x9b,0x75,0x25,0x2a,0xe9,0xfa,0xb6,
+	0x08,0xbe,0xbf,0x80,0x63,0x46,0x77,0x89,0xe7,0x9c,
+	0xd0,0xe4,0x50,0xa9,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x82,0x02,0x00,0x73,0xcb,0x78,0xfc,0x18,0xbf,0x71,
+	0xd0,0xdb,0x99,0x92,0x3d,0x12,0x97,0x08,0xb9,0x3e,
+	0x07,0xfb,0x44,0x3f,0xd8,0xf8,0xfb,0x3d,0xc2,0xee,
+	0xa9,0x8c,0xe4,0xb5,0xd8,0x60,0x80,0x70,0xec,0x8c,
+	0x42,0x88,0x21,0x60,0xf4,0xc3,0xa1,0x03,0xb5,0x76,
+	0x03,0xc8,0x80,0x6b,0x78,0x44,0x10,0x3e,0x61,0x7a,
+	0x9b,0x54,0x41,0x36,0x2c,0xf0,0x58,0x91,0x15,0x45,
+	0xba,0xba,0xa5,0xbc,0x11,0x3e,0x69,0x2c,0x6a,0xbf,
+	0x65,0x09,0xe2,0xb1,0x14,0xf0,0x17,0x32,0x2b,0x80,
+	0x16,0x0f,0x89,0x45,0xed,0xef,0x41,0x23,0xf0,0x3b,
+	0x1f,0xdb,0x5f,0x6e,0x28,0x83,0xea,0xe8,0x4d,0x98,
+	0x78,0x7e,0xce,0x01,0x4f,0x1b,0x42,0xf9,0x8f,0x6a,
+	0x6d,0x71,0x50,0xda,0x18,0x33,0x86,0x82,0x2e,0xa5,
+	0x68,0xfc,0xd9,0xd4,0x38,0x34,0x21,0x41,0x12,0x01,
+	0xc6,0xfe,0xb0,0x14,0x2c,0x50,0x71,0xe5,0xb4,0x09,
+	0xc8,0xb9,0x99,0xba,0xcd,0x20,0x92,0x04,0x2a,0x58,
+	0xf3,0xfd,0xb6,0xf3,0x21,0x29,0xef,0xa8,0x88,0xd8,
+	0x5a,0x30,0x4d,0x97,0xab,0xdf,0xf7,0xb5,0x9f,0x7c,
+	0x6e,0x6f,0xd1,0x17,0x55,0xda,0x3a,0xcb,0x1b,0x8f,
+	0x41,0x2e,0x44,0xfe,0xc3,0x6f,0xc1,0x36,0xdb,0x9d,
+	0x34,0xe7,0xea,0x0f,0xc1,0x9a,0x34,0xbf,0x95,0xef,
+	0x92,0x78,0x54,0x92,0x9e,0xf6,0x57,0x03,0x2c,0xb4,
+	0x01,0xf9,0xc9,0xee,0x58,0x81,0xd5,0x6c,0xf1,0x54,
+	0x30,0xa3,0x10,0xa7,0xb1,0xfa,0x97,0x51,0xe8,0x8b,
+	0x9c,0xc2,0xad,0xc1,0x5c,0xad,0x8c,0x18,0xf1,0x9d,
+	0x1c,0x39,0xeb,0x1a,0x1a,0xab,0x65,0x47,0x00,0x54,
+	0x89,0x4d,0xf4,0x22,0xaf,0x35,0x8a,0x2b,0x11,0x9d,
+	0x73,0xb3,0x48,0xf9,0xe9,0x9b,0x73,0xa8,0xeb,0x32,
+	0x4f,0xf2,0x33,0x5e,0xc8,0xc7,0xe3,0xdb,0xbf,0xcd,
+	0x8a,0x5b,0xbe,0x19,0x91,0xe1,0x34,0x2c,0x6a,0xd8,
+	0x56,0xe4,0x92,0x89,0x6f,0x9c,0xda,0x4d,0x9e,0xca,
+	0xd4,0x2d,0xbb,0x06,0x4b,0x77,0x79,0xe1,0x2e,0xab,
+	0x2e,0x14,0x0f,0xe3,0x6b,0xc6,0x44,0x18,0xdb,0xd0,
+	0x51,0xb4,0x72,0xf5,0x77,0x57,0xe8,0x9c,0xad,0x35,
+	0xb2,0x6c,0x24,0x8b,0x67,0xcc,0xc2,0x6a,0xfa,0xf0,
+	0xd4,0x40,0x19,0xf1,0x76,0x24,0x42,0x25,0x7b,0x5b,
+	0xe1,0x25,0xde,0xa4,0x4d,0x00,0xf1,0x80,0x02,0xd0,
+	0x09,0x48,0x65,0x76,0x8c,0xb3,0x2d,0xe2,0xad,0x87,
+	0x4f,0xbb,0x76,0xa9,0xac,0xa3,0x1d,0xb9,0x0d,0x4c,
+	0xb3,0xba,0xdf,0x62,0x91,0xb5,0x3b,0x00,0x11,0x2b,
+	0x6f,0x74,0x87,0x6d,0xe8,0xed,0x04,0xc4,0xc9,0xf4,
+	0xc9,0xa3,0xc7,0x0a,0xb8,0x80,0xd8,0x5d,0x30,0x4b,
+	0xdc,0x79,0x4a,0x5b,0xa4,0x7d,0xf5,0xb2,0x16,0x02,
+	0x48,0x6d,0x89,0x3a,0xb6,0x3f,0x2d,0x1f,0x91,0xaa,
+	0xd3,0xc8,0x54,0x17,0x5e,0xb3,0x59,0x05,0xb5,0xf3,
+	0xe5,0x2e,0xb1,0x41,0xd6,0x87,0xa5,0xcb,0xd1,0xeb,
+	0x03,0x35,0x7b,0x94,0x06,0x09,0xbb,0x7b,0x67,0x14,
+	0x83,0x65,0xa1,0x82,0x52,0x70,0xf8,0x3c,0xf2,0x21,
+	0xb7,0x26,0xa8,0xdd,0x56,0x75,0xc8,0xda,0xc8,0x05,
+	0x6f,0xba,0xea,0x6a,0x14,0x0f,0x13,0xc6,0x9d,0xea,
+	0xc3,0xb4,0x95,0x9b,0xc4,0x6b,0x35,0xbd,0x10,0xce,
+	0xb6,0xf6,0x07,0x72,0xbd,0x02,0x82,0x01,0x01,0x00,
+	0xcb,0x3c,0x4c,0xfb,0xcf,0xae,0xa9,0xb8,0x2a,0xcc,
+	0x31,0xa3,0x5d,0xce,0x43,0xbf,0xf9,0x93,0x18,0xcc,
+	0x17,0x50,0x67,0x7e,0x52,0x6c,0xd5,0xbf,0x3e,0xc2,
+	0x99,0x56,0xbc,0x7a,0x1a,0xc5,0x92,0x76,0xb3,0x38,
+	0xbf,0xf4,0xf8,0xae,0x41,0x17,0xb0,0x17,0x1b,0x1a,
+	0x4d,0x6b,0x3d,0x0c,0xc1,0x25,0x5c,0x54,0xa7,0x39,
+	0x2c,0x38,0x72,0x1f,0x0a,0xe9,0xd4,0x5b,0xa4,0x81,
+	0x5d,0xf1,0xc2,0xf7,0xd2,0x5c,0x4c,0x7e,0x24,0x02,
+	0x81,0xa1,0x3a,0xf5,0xd0,0x11,0x15,0x4e,0x03,0x3d,
+	0x82,0xfa,0xcd,0x32,0x89,0x10,0xe1,0x4f,0x47,0x32,
+	0x54,0xfc,0x95,0xf2,0x3a,0x58,0x8e,0xbb,0x9b,0xbf,
+	0x7c,0x5b,0xc0,0x73,0x25,0xdc,0x04,0xf6,0x98,0xc1,
+	0xed,0xa9,0x2a,0x6a,0x7b,0xc4,0x8d,0x2a,0x0f,0x51,
+	0xb3,0xa3,0x75,0x79,0x40,0x76,0xf6,0xbe,0xb2,0xd9,
+	0xc1,0x6e,0xb1,0xfa,0x96,0xd2,0xea,0x07,0xee,0xe9,
+	0xf2,0xdb,0x3f,0x20,0xdc,0xe0,0x63,0xdc,0x86,0x7f,
+	0xbb,0xfb,0x60,0x2f,0xc6,0xaf,0x5f,0x46,0x26,0x39,
+	0xcf,0xc4,0x10,0x60,0xf1,0x24,0x9b,0x49,0x5f,0x91,
+	0x3e,0xac,0x7a,0x53,0x3e,0x84,0x71,0xcd,0x9d,0x45,
+	0x3a,0x75,0x87,0x2c,0x96,0xfb,0x03,0xa5,0xc7,0x59,
+	0x9a,0xaa,0x99,0xcf,0x8e,0x89,0x3a,0xdc,0x26,0x06,
+	0xdf,0x14,0x6a,0x95,0xf7,0x88,0x72,0xcb,0x4e,0x91,
+	0xde,0xeb,0x14,0x23,0xac,0x58,0x69,0x84,0x2b,0xea,
+	0xdf,0xc8,0x35,0xb2,0x01,0x9d,0x7f,0xaa,0x73,0x51,
+	0xf5,0xc7,0x2e,0xba,0xa0,0xb4,0x49,0xb6,0x74,0xa3,
+	0x73,0x17,0xc2,0xfa,0xc8,0xf3,0x02,0x82,0x01,0x01,
+	0x00,0xb8,0x0e,0xf8,0x50,0x74,0x42,0x79,0x90,0xd0,
+	0x47,0x8d,0x48,0x2e,0x84,0x3b,0x30,0xe0,0x26,0x31,
+	0x95,0x54,0x34,0x93,0xa0,0x30,0xd5,0x03,0x50,0xb2,
+	0x19,0xbf,0xe8,0x22,0x1f,0xbe,0x40,0xec,0x94,0xd8,
+	0x21,0x17,0xaa,0x95,0xf9,0x62,0xa5,0xf5,0x25,0xd1,
+	0x72,0x36,0x22,0x67,0x94,0xcf,0xc0,0x06,0x22,0x93,
+	0x0d,0x6a,0x22,0xfe,0xff,0xb3,0xc2,0xde,0x8f,0x5f,
+	0x75,0x84,0xe4,0x88,0xf3,0xe4,0x04,0xbb,0x9c,0x6b,
+	0xb3,0x14,0x9d,0xb7,0xb4,0xa9,0x63,0x3f,0xdc,0xe8,
+	0x0c,0x05,0xa8,0x76,0xab,0xa1,0xbb,0x23,0x1d,0x6a,
+	0xcd,0x31,0xbc,0x19,0xb5,0x49,0xa1,0x71,0xee,0x93,
+	0x46,0x71,0xce,0xba,0xd2,0xa8,0x4e,0x08,0x8d,0x7b,
+	0x85,0x3d,0x77,0x46,0x9a,0x71,0x71,0xeb,0x03,0x5c,
+	0xd2,0x0f,0xb1,0xf4,0x78,0xb4,0xf4,0x8d,0xd4,0xd9,
+	0x9b,0x79,0x99,0xce,0x9b,0xa9,0x38,0xaa,0xd6,0x76,
+	0x9f,0x9c,0xb1,0xbd,0xd3,0x7c,0x18,0x54,0x62,0xbc,
+	0x54,0x2a,0x0f,0xef,0x76,0x39,0xd5,0x10,0x2f,0xbf,
+	0xc5,0x60,0x92,0x21,0x99,0x46,0xbc,0x36,0x65,0x0b,
+	0x31,0xb6,0x6f,0xa8,0x5d,0x8e,0x2f,0xf0,0xed,0x86,
+	0x8c,0xf2,0x2a,0x83,0xa7,0x34,0x11,0x06,0xd9,0x6f,
+	0xb3,0xf5,0x7b,0x31,0x45,0x17,0x5a,0xdc,0x22,0xc3,
+	0xe8,0xe1,0x89,0x78,0xde,0xae,0x49,0x1a,0x5f,0x4d,
+	0x06,0xf6,0xb5,0x23,0x66,0xe0,0x00,0xd6,0x37,0x8d,
+	0xb4,0x5b,0x67,0xb0,0xdb,0x7a,0x10,0x03,0x91,0x64,
+	0xa6,0xaa,0xc6,0x30,0x49,0x3c,0x81,0x72,0x57,0x9f,
+	0xd9,0x72,0xae,0xa9,0xce,0xa6,0xf3,0x02,0x82,0x01,
+	0x01,0x00,0xa3,0x69,0x55,0xe0,0xf6,0xe9,0x52,0xaf,
+	0xb1,0x41,0xc3,0xfb,0xbe,0x56,0x36,0x25,0x6a,0xef,
+	0xfa,0x75,0x47,0x9d,0xaf,0xc9,0x63,0x4e,0xfd,0x42,
+	0xab,0x9c,0xde,0x9c,0x5e,0x29,0xb3,0xd2,0xfe,0x64,
+	0x10,0xd0,0xe5,0x8f,0x7c,0x50,0xe8,0x27,0xba,0xbf,
+	0xa9,0x5c,0x29,0xb9,0xbb,0x39,0xc1,0x27,0x60,0x28,
+	0xf4,0xd8,0x44,0x95,0x12,0x35,0xa1,0x99,0xc7,0xd4,
+	0xf3,0xdd,0xcd,0x02,0xb2,0x28,0x7f,0x6d,0x15,0x58,
+	0x2b,0x6e,0x14,0x7a,0xe6,0x24,0x75,0xea,0xf6,0x7d,
+	0x66,0x9f,0x93,0xec,0x43,0x07,0x8a,0x2c,0x17,0x6d,
+	0x9e,0x2a,0x7b,0x29,0x29,0x0b,0xbe,0x1c,0x2c,0x8f,
+	0xee,0xb8,0x35,0xae,0xb4,0x7c,0x21,0x89,0xda,0x37,
+	0xc9,0x35,0xcc,0xf9,0x43,0x10,0xa1,0x79,0xb5,0xa3,
+	0x86,0xf3,0xc3,0x83,0xff,0xd5,0xc1,0x9e,0xa5,0xe1,
+	0x49,0x7f,0x4b,0x47,0xcd,0x35,0x57,0x06,0x39,0x84,
+	0xad,0x76,0x50,0x7e,0x37,0x31,0x1e,0x48,0x12,0x23,
+	0x63,0xc5,0xdb,0x09,0x51,0x1a,0xb9,0x1f,0x93,0x74,
+	0x9d,0x11,0xc8,0xdb,0xb5,0xeb,0xac,0x99,0x29,0x7f,
+	0x02,0xa7,0x8f,0x84,0x31,0x4b,0x33,0xae,0x5c,0xae,
+	0xdd,0xf0,0xa7,0x03,0x8e,0xef,0xac,0x6a,0x22,0x51,
+	0xae,0x8b,0x7e,0x90,0x03,0xe2,0x5e,0x92,0x3a,0xd0,
+	0x7e,0x86,0xf1,0xe1,0xc1,0x9d,0xd9,0x8d,0x4d,0xf7,
+	0xe8,0xb1,0xe3,0x52,0x93,0x3b,0xe7,0xbc,0xa3,0x02,
+	0xd2,0x29,0x25,0x4c,0x1e,0xd8,0x84,0xf1,0xf5,0x8f,
+	0xc0,0xef,0xba,0xb6,0x2f,0xfd,0x81,0x6f,0xd5,0x01,
+	0x2e,0xa1,0xa9,0xce,0x06,0x49,0x8d,0x3f,0x02,0x82,
+	0x01,0x00,0x16,0x9d,0x20,0x3d,0x22,0x4b,0x98,0x8c,
+	0x06,0x4b,0x04,0x3c,0xbe,0x1a,0x58,0xfb,0x64,0x4e,
+	0xcd,0x00,0xbf,0xdb,0xc5,0xd7,0x84,0xa8,0x67,0x43,
+	0xde,0xdd,0xf3,0x0a,0x1e,0x47,0x30,0x24,0xe1,0xec,
+	0x57,0xb1,0x99,0x2a,0xc8,0x4a,0x5f,0xa8,0x6c,0x3a,
+	0x3d,0x45,0x7f,0x09,0x33,0x18,0xc1,0x7d,0xa2,0x43,
+	0x55,0x35,0xec,0xb8,0x68,0x04,0x1a,0x9d,0xf2,0xa2,
+	0x42,0xe4,0x39,0x73,0xaa,0xaf,0xec,0x6f,0xf8,0x6c,
+	0xfb,0x7e,0x81,0x25,0xef,0x90,0x2e,0xcf,0x96,0xe5,
+	0x19,0x4d,0x80,0xd4,0x75,0xe0,0x18,0x7a,0xd9,0x91,
+	0x9f,0xb1,0x9e,0x4e,0xb2,0x09,0xe8,0x06,0x01,0xed,
+	0x82,0x02,0xc1,0xb0,0xd8,0x9b,0x51,0x3a,0x65,0x2a,
+	0x9c,0xe6,0x7d,0xea,0xcd,0xad,0xe4,0x0a,0x4f,0x09,
+	0x96,0xb9,0xe8,0x5b,0xc0,0xe1,0xa3,0xb9,0xf8,0x43,
+	0x12,0x89,0x5b,0xa3,0x5e,0x13,0x19,0xf3,0x70,0x69,
+	0xf1,0x21,0x23,0x2b,0x63,0x5b,0x3c,0x7f,0xf0,0xbe,
+	0x40,0xcd,0x46,0x6d,0xb6,0xca,0x1b,0xc8,0xe5,0xb8,
+	0x38,0x23,0x93,0xfd,0xe0,0x4a,0xe8,0xb9,0xef,0x24,
+	0xf2,0xff,0x24,0x9f,0x0b,0x5c,0x93,0x3f,0xa8,0xa6,
+	0x46,0x45,0xc2,0xeb,0x1e,0x49,0xc8,0xc7,0xde,0xc3,
+	0x90,0x49,0xd7,0xfb,0x4e,0xce,0x62,0x54,0x33,0x7f,
+	0xc1,0xfa,0x36,0xdb,0xa1,0x12,0x1a,0xef,0xb8,0x61,
+	0xc5,0x20,0xf9,0xe6,0xbf,0x76,0xc0,0x46,0xda,0x0a,
+	0xf1,0x4a,0x1b,0x80,0xdd,0xe5,0xd9,0x55,0x66,0x5a,
+	0xd2,0xb6,0xf7,0x7c,0x6a,0x2a,0x55,0x58,0xc2,0x27,
+	0xa9,0xe8,0x19,0x83,0x04,0x31,0xf3,0xa9,0x02,0x82,
+	0x01,0x00,0x5f,0x4d,0xd9,0x71,0x24,0x28,0x84,0xbd,
+	0x39,0x5a,0x17,0x19,0x78,0x0a,0x95,0x01,0xf7,0x42,
+	0x23,0x16,0xb9,0x86,0x51,0x4b,0xa0,0x59,0x0e,0x30,
+	0xf3,0xa2,0x61,0xbd,0x66,0x4e,0xa7,0x26,0xc0,0xdc,
+	0xa7,0x31,0x94,0x1e,0xc2,0x96,0x41,0xe6,0x91,0x4e,
+	0x6c,0x9a,0xcc,0x80,0xf4,0xb8,0x0a,0x06,0x58,0xb1,
+	0x20,0x16,0x89,0xb0,0xaa,0x2a,0x31,0x0c,0x7c,0xae,
+	0x79,0x1e,0x63,0x9a,0x3c,0x8c,0xc4,0x02,0x51,0x3a,
+	0x58,0x75,0xf7,0xb7,0x2c,0x02,0xc8,0x4c,0x8b,0x09,
+	0xd2,0x69,0xff,0xcd,0xa3,0x5d,0x9b,0x09,0x1c,0x27,
+	0xb5,0xc0,0xf0,0x0c,0xa7,0x54,0xc0,0xef,0x86,0x0b,
+	0x20,0x71,0x46,0x04,0xe4,0x02,0x82,0x7b,0xac,0x26,
+	0x80,0xc3,0xb1,0x22,0x19,0x6f,0xc6,0x3a,0xdd,0xdc,
+	0x68,0x3d,0x95,0x5c,0xff,0xc5,0xbf,0x0c,0xf1,0x8f,
+	0x5e,0xca,0x74,0xd0,0xf3,0xa9,0xe3,0x21,0x34,0x11,
+	0x11,0xd9,0xc1,0x91,0x65,0xc0,0xde,0x54,0x2e,0xb5,
+	0xac,0x17,0xb1,0x46,0x3f,0x8e,0xbe,0xbc,0x48,0x0c,
+	0x96,0x4f,0x48,0x13,0xd4,0x4e,0xb5,0xe4,0xc4,0xbe,
+	0x55,0xe8,0x7b,0x00,0x36,0x1b,0xd0,0x85,0x24,0xdb,
+	0x29,0xaf,0x76,0x82,0xb5,0x90,0xcb,0xb1,0xbd,0xb4,
+	0x45,0x57,0x61,0xcd,0x6e,0xa8,0x23,0xf2,0x7a,0x47,
+	0x4e,0x01,0x52,0x92,0x55,0x61,0xe5,0xd0,0x4e,0x0a,
+	0xe7,0x18,0x65,0xf1,0x33,0x2b,0x71,0xf3,0x4b,0x8b,
+	0xdb,0x28,0x63,0x65,0x9b,0x02,0x5d,0x00,0xc1,0xd1,
+	0x26,0x9d,0x2a,0x15,0x12,0xf2,0xc8,0xd9,0xb9,0x87,
+	0x56,0x2c,0xe7,0xa6,0x6d,0xc2,0xd7,0x6b,
+	};
diff --git a/apps/tkca b/apps/tkca
new file mode 100644
index 0000000000000000000000000000000000000000..bdaf21606afe5d5e5ee4f0b82c4db0e42bf00591
--- /dev/null
+++ b/apps/tkca
@@ -0,0 +1,66 @@
+#!/usr/local/bin/perl5
+#
+# This is only something I'm playing with, it does not work :-)
+#
+
+use Tk;
+
+my $main=MainWindow->new();
+my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+$f->pack(-fill => 'x');
+
+my $ff=$f->Frame;
+$ff->pack(-fill => 'x');
+my $l=$ff->Label(-text => "TkCA - SSLeay",
+	-relief => "ridge", -borderwidth => 2);
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Certify");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Review");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Revoke");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Generate CRL");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my($db)=&load_db("demoCA/index.txt");
+
+MainLoop;
+
+sub load_db
+	{
+	my(%ret);
+	my($file)=@_;
+	my(*IN);
+	my(%db_serial,%db_name,@f,@db_s);
+
+	$ret{'serial'}=\%db_serial;
+	$ret{'name'}=\%db_name;
+
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+	while ()
+		{
+		chop;
+		s/([^\\])\t/\1\t\t/g;
+		my(@f)=split(/\t\t/);
+		die "wrong number of fields in $file, line $.\n"
+			if ($#f != 5);
+
+		my(%f);
+		$f{'type'}=$f[0];
+		$f{'exp'}=$f[1];
+		$f{'rev'}=$f[2];
+		$f{'serial'}=$f[3];
+		$f{'file'}=$f[4];
+		$f{'name'}=$f[5];
+		die "serial number $f{'serial'} appears twice (line $.)\n"
+			if (defined($db{$f{'serial'}}))
+		$db_serial{$f{'serial'}}=\%f;
+		$db_name{$f{'name'}}.=$f{'serial'}." ";
+		}
+	return \%ret;
+	}
diff --git a/apps/verify.c b/apps/verify.c
new file mode 100644
index 0000000000000000000000000000000000000000..809f4c43fa6b13f76ffdf4ad2a0e50cd0d21126b
--- /dev/null
+++ b/apps/verify.c
@@ -0,0 +1,240 @@
+/* apps/verify.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG	verify_main
+
+#ifndef NOPROTO
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx,char *file);
+#else
+static int MS_CALLBACK cb();
+static int check();
+#endif
+
+static int v_verbose=0;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int i,ret=1;
+	char *CApath=NULL,*CAfile=NULL;
+	X509_STORE *cert_ctx=NULL;
+	X509_LOOKUP *lookup=NULL;
+
+	cert_ctx=X509_STORE_new();
+	if (cert_ctx == NULL) goto end;
+	X509_STORE_set_verify_cb_func(cert_ctx,cb);
+
+	ERR_load_crypto_strings();
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	argc--;
+	argv++;
+	for (;;)
+		{
+		if (argc >= 1)
+			{
+			if (strcmp(*argv,"-CApath") == 0)
+				{
+				if (argc-- < 1) goto end;
+				CApath= *(++argv);
+				}
+			else if (strcmp(*argv,"-CAfile") == 0)
+				{
+				if (argc-- < 1) goto end;
+				CAfile= *(++argv);
+				}
+			else if (strcmp(*argv,"-help") == 0)
+				goto end;
+			else if (strcmp(*argv,"-verbose") == 0)
+				v_verbose=1;
+			else if (argv[0][0] == '-')
+				goto end;
+			else
+				break;
+			argc--;
+			argv++;
+			}
+		else
+			break;
+		}
+
+	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+	if (lookup == NULL) abort();
+	if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+		X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+		
+	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
+	if (lookup == NULL) abort();
+	if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+		X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+
+	if (argc < 1) check(cert_ctx,NULL);
+	else
+		for (i=0; ierror == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+			ok=1;
+		else
+			{
+			X509_NAME_oneline(
+				X509_get_subject_name(ctx->current_cert),buf,256);
+			printf("%s\n",buf);
+			printf("error %d at %d depth lookup:%s\n",ctx->error,
+				ctx->error_depth,
+				X509_verify_cert_error_string(ctx->error));
+			if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
+				ok=1;
+			}
+		}
+	if (!v_verbose)
+		ERR_clear_error();
+	return(ok);
+	}
+
diff --git a/apps/version.c b/apps/version.c
new file mode 100644
index 0000000000000000000000000000000000000000..a84943329ca78936a85bfbd2f680dadf7da694e6
--- /dev/null
+++ b/apps/version.c
@@ -0,0 +1,128 @@
+/* apps/version.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "apps.h"
+#include "evp.h"
+#include "crypto.h"
+
+#undef PROG
+#define PROG	version_main
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int i,ret=0;
+	int cflags=0,version=0,date=0,options=0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	if (argc == 1) version=1;
+	for (i=1; i
+#include 
+#include 
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "bio.h"
+#include "asn1.h"
+#include "err.h"
+#include "bn.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG x509_main
+
+#undef POSTFIX
+#define	POSTFIX	".srl"
+#define DEF_DAYS	30
+
+#define FORMAT_UNDEF	0
+#define FORMAT_ASN1	1
+#define FORMAT_TEXT	2
+#define FORMAT_PEM	3
+
+#define CERT_HDR	"certificate"
+
+static char *x509_usage[]={
+"usage: x509 args\n",
+" -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM\n",
+" -keyform arg    - private key format - default PEM\n",
+" -CAform arg     - CA format - default PEM\n",
+" -CAkeyform arg  - CA key format - default PEM\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -serial         - print serial number value\n",
+" -hash           - print hash value\n",
+" -subject        - print subject DN\n",
+" -issuer         - print issuer DN\n",
+" -startdate      - notBefore field\n",
+" -enddate        - notAfter field\n",
+" -dates          - both Before and After dates\n",
+" -modulus        - print the RSA key modulus\n",
+" -fingerprint    - print the certificate fingerprint\n",
+" -noout          - no certificate output\n",
+
+" -days arg       - How long till expiry of a signed certificate - def 30 days\n",
+" -signkey arg    - self sign cert with arg\n",
+" -x509toreq      - output a certification request object\n",
+" -req            - input is a certificate request, sign and output.\n",
+" -CA arg         - set the CA certificate, must be PEM format.\n",
+" -CAkey arg      - set the CA key, must be PEM format\n",
+"                   missing, it is asssumed to be in the CA file.\n",
+" -CAcreateserial - create serial number file if it does not exist\n",
+" -CAserial       - serial file\n",
+" -text           - print the certitificate in text form\n",
+" -C              - print out C code forms\n",
+" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+NULL
+};
+
+#ifndef NOPROTO
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static EVP_PKEY *load_key(char *file, int format);
+static X509 *load_cert(char *file, int format);
+static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
+static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
+	X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
+#else
+static int MS_CALLBACK callb();
+static EVP_PKEY *load_key();
+static X509 *load_cert();
+static int sign ();
+static int x509_certify ();
+#endif
+
+static int reqfile=0;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int ret=1;
+	X509_REQ *req=NULL;
+	X509 *x=NULL,*xca=NULL;
+	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+	int i,num,badops=0;
+	BIO *out=NULL;
+	BIO *STDout=NULL;
+	int informat,outformat,keyformat,CAformat,CAkeyformat;
+	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
+	char *CAkeyfile=NULL,*CAserial=NULL;
+	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+	int C=0;
+	int x509req=0,days=DEF_DAYS,modulus=0;
+	char **pp;
+	X509_STORE *ctx=NULL;
+	X509_REQ *rq=NULL;
+	int fingerprint=0;
+	char buf[256];
+	EVP_MD *md_alg,*digest=EVP_md5();
+
+	reqfile=0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+	keyformat=FORMAT_PEM;
+	CAformat=FORMAT_PEM;
+	CAkeyformat=FORMAT_PEM;
+
+	ctx=X509_STORE_new();
+	if (ctx == NULL) goto end;
+	X509_STORE_set_verify_cb_func(ctx,callb);
+
+	argc--;
+	argv++;
+	num=0;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-req") == 0)
+			reqfile=1;
+		else if (strcmp(*argv,"-CAform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-CAkeyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-days") == 0)
+			{
+			if (--argc < 1) goto bad;
+			days=atoi(*(++argv));
+			if (days == 0)
+				{
+				BIO_printf(bio_err,"bad number of days\n");
+				goto bad;
+				}
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-signkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyfile= *(++argv);
+			sign_flag= ++num;
+			}
+		else if (strcmp(*argv,"-CA") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile= *(++argv);
+			CA_flag= ++num;
+			}
+		else if (strcmp(*argv,"-CAkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAkeyfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-CAserial") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAserial= *(++argv);
+			}
+		else if (strcmp(*argv,"-C") == 0)
+			C= ++num;
+		else if (strcmp(*argv,"-serial") == 0)
+			serial= ++num;
+		else if (strcmp(*argv,"-modulus") == 0)
+			modulus= ++num;
+		else if (strcmp(*argv,"-x509toreq") == 0)
+			x509req= ++num;
+		else if (strcmp(*argv,"-text") == 0)
+			text= ++num;
+		else if (strcmp(*argv,"-hash") == 0)
+			hash= ++num;
+		else if (strcmp(*argv,"-subject") == 0)
+			subject= ++num;
+		else if (strcmp(*argv,"-issuer") == 0)
+			issuer= ++num;
+		else if (strcmp(*argv,"-fingerprint") == 0)
+			fingerprint= ++num;
+		else if (strcmp(*argv,"-dates") == 0)
+			{
+			startdate= ++num;
+			enddate= ++num;
+			}
+		else if (strcmp(*argv,"-startdate") == 0)
+			startdate= ++num;
+		else if (strcmp(*argv,"-enddate") == 0)
+			enddate= ++num;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout= ++num;
+		else if (strcmp(*argv,"-CAcreateserial") == 0)
+			CA_createserial= ++num;
+		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+			{
+			/* ok */
+			digest=md_alg;
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		for (pp=x509_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,*pp);
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+
+	if (!X509_STORE_set_default_paths(ctx))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
+		{ CAkeyfile=CAfile; }
+	else if ((CA_flag) && (CAkeyfile == NULL))
+		{
+		BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+		goto end;
+		}
+
+	if (reqfile)
+		{
+		EVP_PKEY *pkey;
+		X509_CINF *ci;
+		BIO *in;
+
+		if (!sign_flag && !CA_flag)
+			{
+			BIO_printf(bio_err,"We need a private key to sign with\n");
+			goto end;
+			}
+		in=BIO_new(BIO_s_file());
+		if (in == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
+		if (infile == NULL)
+			BIO_set_fp(in,stdin,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				goto end;
+				}
+			}
+		req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+		BIO_free(in);
+
+		if (req == NULL) { perror(infile); goto end; }
+
+		if (	(req->req_info == NULL) ||
+			(req->req_info->pubkey == NULL) ||
+			(req->req_info->pubkey->public_key == NULL) ||
+			(req->req_info->pubkey->public_key->data == NULL))
+			{
+			BIO_printf(bio_err,"The certificate request appears to corrupted\n");
+			BIO_printf(bio_err,"It does not contain a public key\n");
+			goto end;
+			}
+		if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
+	                {
+	                BIO_printf(bio_err,"error unpacking public key\n");
+	                goto end;
+	                }
+		i=X509_REQ_verify(req,pkey);
+		if (i < 0)
+			{
+			BIO_printf(bio_err,"Signature verification error\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+	        if (i == 0)
+			{
+			BIO_printf(bio_err,"Signature did not match the certificate request\n");
+			goto end;
+			}
+		else
+			BIO_printf(bio_err,"Signature ok\n");
+		
+		X509_NAME_oneline(req->req_info->subject,buf,256);
+		BIO_printf(bio_err,"subject=%s\n",buf);
+
+		if ((x=X509_new()) == NULL) goto end;
+		ci=x->cert_info;
+
+		if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
+		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+
+		X509_gmtime_adj(X509_get_notBefore(x),0);
+	        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+
+		X509_PUBKEY_free(ci->key);
+		ci->key=req->req_info->pubkey;
+	        req->req_info->pubkey=NULL;
+		}
+	else
+		x=load_cert(infile,informat);
+
+	if (x == NULL) goto end;
+	if (CA_flag)
+		{
+		xca=load_cert(CAfile,CAformat);
+		if (xca == NULL) goto end;
+		}
+
+	if (!noout || text)
+		{
+		OBJ_create_and_add_object("2.99999.3",
+			"SET.ex3","SET x509v3 extension 3");
+
+		out=BIO_new(BIO_s_file());
+		if (out == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (outfile == NULL)
+			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_write_filename(out,outfile) <= 0)
+				{
+				perror(outfile);
+				goto end;
+				}
+			}
+		}
+
+	if (num)
+		{
+		for (i=1; i<=num; i++)
+			{
+			if (issuer == i)
+				{
+				X509_NAME_oneline(X509_get_issuer_name(x),
+					buf,256);
+				fprintf(stdout,"issuer= %s\n",buf);
+				}
+			else if (subject == i) 
+				{
+				X509_NAME_oneline(X509_get_subject_name(x),
+					buf,256);
+				fprintf(stdout,"subject=%s\n",buf);
+				}
+			else if (serial == i)
+				{
+				fprintf(stdout,"serial=");
+				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
+				fprintf(stdout,"\n");
+				}
+			else if (hash == i)
+				{
+				fprintf(stdout,"%08lx\n",
+					X509_subject_name_hash(x));
+				}
+			else
+#ifndef NO_RSA
+				if (modulus == i)
+				{
+				EVP_PKEY *pkey;
+
+				pkey=X509_get_pubkey(x);
+				if (pkey == NULL)
+					{
+					fprintf(stdout,"Modulus=unavailable\n");
+					ERR_print_errors(bio_err);
+					goto end;
+					}
+				fprintf(stdout,"Modulus=");
+				if (pkey->type == EVP_PKEY_RSA)
+					BN_print(STDout,pkey->pkey.rsa->n);
+				else
+					fprintf(stdout,"Wrong Algorithm type");
+				fprintf(stdout,"\n");
+				}
+			else
+#endif
+				if (C == i)
+				{
+				unsigned char *d;
+				char *m;
+				int y,z;
+
+				X509_NAME_oneline(X509_get_subject_name(x),
+					buf,256);
+				printf("/* subject:%s */\n",buf);
+				m=X509_NAME_oneline(
+					X509_get_issuer_name(x),buf,256);
+				printf("/* issuer :%s */\n",buf);
+
+				z=i2d_X509(x,NULL);
+				m=Malloc(z);
+
+				d=(unsigned char *)m;
+				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
+				printf("unsigned char XXX_subject_name[%d]={\n",z);
+				d=(unsigned char *)m;
+				for (y=0; ytype == EVP_PKEY_DSA)
+		                        digest=EVP_dss1();
+#endif
+
+				if (!sign(x,Upkey,days,digest)) goto end;
+				}
+			else if (CA_flag == i)
+				{
+				BIO_printf(bio_err,"Getting CA Private Key\n");
+				if (CAkeyfile != NULL)
+					{
+					CApkey=load_key(CAkeyfile,CAkeyformat);
+					if (CApkey == NULL) goto end;
+					}
+#ifndef NO_DSA
+		                if (CApkey->type == EVP_PKEY_DSA)
+		                        digest=EVP_dss1();
+#endif
+				if (!x509_certify(ctx,CAfile,digest,x,xca,
+					CApkey,
+					CAserial,CA_createserial,days))
+					goto end;
+				}
+			else if (x509req == i)
+				{
+				EVP_PKEY *pk;
+
+				BIO_printf(bio_err,"Getting request Private Key\n");
+				if (keyfile == NULL)
+					{
+					BIO_printf(bio_err,"no request key file specified\n");
+					goto end;
+					}
+				else
+					{
+					pk=load_key(keyfile,FORMAT_PEM);
+					if (pk == NULL) goto end;
+					}
+
+				BIO_printf(bio_err,"Generating certificate request\n");
+
+				rq=X509_to_X509_REQ(x,pk);
+				EVP_PKEY_free(pk);
+				if (rq == NULL)
+					{
+					ERR_print_errors(bio_err);
+					goto end;
+					}
+				if (!noout)
+					{
+					X509_REQ_print(out,rq);
+					PEM_write_bio_X509_REQ(out,rq);
+					}
+				noout=1;
+				}
+			}
+		}
+
+	if (noout)
+		{
+		ret=0;
+		goto end;
+		}
+
+	if 	(outformat == FORMAT_ASN1)
+		i=i2d_X509_bio(out,x);
+	else if (outformat == FORMAT_PEM)
+		i=PEM_write_bio_X509(out,x);
+	else if (outformat == FORMAT_NETSCAPE)
+		{
+		ASN1_HEADER ah;
+		ASN1_OCTET_STRING os;
+
+		os.data=(unsigned char *)CERT_HDR;
+		os.length=strlen(CERT_HDR);
+		ah.header= &os;
+		ah.data=(char *)x;
+		ah.meth=X509_asn1_meth();
+
+		/* no macro for this one yet */
+		i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
+		}
+	else	{
+		BIO_printf(bio_err,"bad output format specified for outfile\n");
+		goto end;
+		}
+	if (!i) {
+		BIO_printf(bio_err,"unable to write certificate\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	ret=0;
+end:
+	OBJ_cleanup();
+	if (out != NULL) BIO_free(out);
+	if (STDout != NULL) BIO_free(STDout);
+	if (ctx != NULL) X509_STORE_free(ctx);
+	if (req != NULL) X509_REQ_free(req);
+	if (x != NULL) X509_free(x);
+	if (xca != NULL) X509_free(xca);
+	if (Upkey != NULL) EVP_PKEY_free(Upkey);
+	if (CApkey != NULL) EVP_PKEY_free(CApkey);
+	if (rq != NULL) X509_REQ_free(rq);
+	EXIT(ret);
+	}
+
+static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
+X509_STORE *ctx;
+char *CAfile;
+EVP_MD *digest;
+X509 *x;
+X509 *xca;
+EVP_PKEY *pkey;
+char *serialfile;
+int create;
+int days;
+	{
+	int ret=0;
+	BIO *io=NULL;
+	MS_STATIC char buf2[1024];
+	char *buf=NULL,*p;
+	BIGNUM *serial=NULL;
+	ASN1_INTEGER *bs=NULL,bs2;
+	X509_STORE_CTX xsc;
+	EVP_PKEY *upkey;
+
+	EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+
+	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+	buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
+		((serialfile == NULL)
+			?(strlen(CAfile)+strlen(POSTFIX)+1)
+			:(strlen(serialfile)))+1);
+	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
+	if (serialfile == NULL)
+		{
+		strcpy(buf,CAfile);
+		for (p=buf; *p; p++)
+			if (*p == '.')
+				{
+				*p='\0';
+				break;
+				}
+		strcat(buf,POSTFIX);
+		}
+	else
+		strcpy(buf,serialfile);
+	serial=BN_new();
+	bs=ASN1_INTEGER_new();
+	if ((serial == NULL) || (bs == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	io=BIO_new(BIO_s_file());
+	if (io == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+	if (BIO_read_filename(io,buf) <= 0)
+		{
+		if (!create)
+			{
+			perror(buf);
+			goto end;
+			}
+		else
+			{
+			ASN1_INTEGER_set(bs,0);
+			BN_zero(serial);
+			}
+		}
+	else 
+		{
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+			{
+			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		else
+			{
+			serial=BN_bin2bn(bs->data,bs->length,serial);
+			if (serial == NULL)
+				{
+				BIO_printf(bio_err,"error converting bin 2 bn");
+				goto end;
+				}
+			}
+		}
+
+	if (!BN_add_word(serial,1))
+		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
+	bs2.data=(unsigned char *)buf2;
+	bs2.length=BN_bn2bin(serial,bs2.data);
+
+	if (BIO_write_filename(io,buf) <= 0)
+		{
+		BIO_printf(bio_err,"error attempting to write serial number file\n");
+		perror(buf);
+		goto end;
+		}
+	i2a_ASN1_INTEGER(io,&bs2);
+	BIO_puts(io,"\n");
+	BIO_free(io);
+	io=NULL;
+	
+	if (!X509_STORE_add_cert(ctx,x)) goto end;
+
+	/* NOTE: this certificate can/should be self signed, unless it was
+	 * a certificate request in which case it is not. */
+	X509_STORE_CTX_set_cert(&xsc,x);
+	if (!reqfile && !X509_verify_cert(&xsc))
+		goto end;
+
+	if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
+	if (!X509_set_serialNumber(x,bs)) goto end;
+
+	if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
+		goto end;
+
+	/* hardwired expired */
+	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+		goto end;
+
+	/* don't save DSA parameters in child if parent has them. */
+	upkey=X509_get_pubkey(x);
+	if (!EVP_PKEY_missing_parameters(pkey))
+		{
+		EVP_PKEY_save_parameters(upkey,0);
+		/* Force a re-write */
+		X509_set_pubkey(x,upkey);
+		}
+
+	if (!X509_sign(x,pkey,digest)) goto end;
+	ret=1;
+end:
+	X509_STORE_CTX_cleanup(&xsc);
+	if (!ret)
+		ERR_print_errors(bio_err);
+	if (buf != NULL) Free(buf);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	if (io != NULL)	BIO_free(io);
+	if (serial != NULL) BN_free(serial);
+	return(ret);
+	}
+
+static int MS_CALLBACK callb(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+	{
+	char buf[256];
+	int err;
+	X509 *err_cert;
+
+	/* it is ok to use a self signed certificate
+	 * This case will catch both the initial ok == 0 and the
+	 * final ok == 1 calls to this function */
+	err=X509_STORE_CTX_get_error(ctx);
+	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+		return(1);
+
+	/* BAD we should have gotten an error.  Normally if everything
+	 * worked X509_STORE_CTX_get_error(ctx) will still be set to
+	 * DEPTH_ZERO_SELF_.... */
+	if (ok)
+		{
+		printf("error with certificate to be certified - should be self signed\n");
+		return(0);
+		}
+	else
+		{
+		err_cert=X509_STORE_CTX_get_current_cert(ctx);
+		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+		printf("%s\n",buf);
+		printf("error with certificate - error %d at depth %d\n%s\n",
+			err,X509_STORE_CTX_get_error_depth(ctx),
+			X509_verify_cert_error_string(err));
+		return(1);
+		}
+	}
+
+static EVP_PKEY *load_key(file, format)
+char *file;
+int format;
+	{
+	BIO *key=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	if (file == NULL)
+		{
+		BIO_printf(bio_err,"no keyfile specified\n");
+		goto end;
+		}
+	key=BIO_new(BIO_s_file());
+	if (key == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (BIO_read_filename(key,file) <= 0)
+		{
+		perror(file);
+		goto end;
+		}
+#ifndef NO_RSA
+	if	(format == FORMAT_ASN1)
+		{
+		RSA *rsa;
+
+		rsa=d2i_RSAPrivateKey_bio(key,NULL);
+		if (rsa != NULL)
+			{
+			if ((pkey=EVP_PKEY_new()) != NULL)
+				EVP_PKEY_assign_RSA(pkey,rsa);
+			else
+				RSA_free(rsa);
+			}
+		}
+	else
+#endif
+		if (format == FORMAT_PEM)
+		{
+		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL);
+		}
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified for key\n");
+		goto end;
+		}
+end:
+	if (key != NULL) BIO_free(key);
+	if (pkey == NULL)
+		BIO_printf(bio_err,"unable to load Private Key\n");
+	return(pkey);
+	}
+
+static X509 *load_cert(file, format)
+char *file;
+int format;
+	{
+	ASN1_HEADER *ah=NULL;
+	BUF_MEM *buf=NULL;
+	X509 *x=NULL;
+	BIO *cert;
+
+	if ((cert=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (file == NULL)
+		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(cert,file) <= 0)
+			{
+			perror(file);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_X509_bio(cert,NULL);
+	else if (format == FORMAT_NETSCAPE)
+		{
+		unsigned char *p,*op;
+		int size=0,i;
+
+		/* We sort of have to do it this way because it is sort of nice
+		 * to read the header first and check it, then
+		 * try to read the certificate */
+		buf=BUF_MEM_new();
+		for (;;)
+			{
+			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+				goto end;
+			i=BIO_read(cert,&(buf->data[size]),1024*10);
+			size+=i;
+			if (i == 0) break;
+			if (i < 0)
+				{
+				perror("reading certificate");
+				goto end;
+				}
+			}
+		p=(unsigned char *)buf->data;
+		op=p;
+
+		/* First load the header */
+		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+			goto end;
+		if ((ah->header == NULL) || (ah->header->data == NULL) ||
+			(strncmp(CERT_HDR,(char *)ah->header->data,
+			ah->header->length) != 0))
+			{
+			BIO_printf(bio_err,"Error reading header on certificate\n");
+			goto end;
+			}
+		/* header is ok, so now read the object */
+		p=op;
+		ah->meth=X509_asn1_meth();
+		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+			goto end;
+		x=(X509 *)ah->data;
+		ah->data=NULL;
+		}
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_X509(cert,NULL,NULL);
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input cert\n");
+		goto end;
+		}
+end:
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load certificate\n");
+		ERR_print_errors(bio_err);
+		}
+	if (ah != NULL) ASN1_HEADER_free(ah);
+	if (cert != NULL) BIO_free(cert);
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(x);
+	}
+
+/* self sign */
+static int sign(x, pkey, days, digest)
+X509 *x;
+EVP_PKEY *pkey;
+int days;
+EVP_MD *digest;
+	{
+
+	EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
+	EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+
+	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
+	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+
+	/* Lets just make it 12:00am GMT, Jan 1 1970 */
+	/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
+	/* 28 days to be certified */
+
+	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+		goto err;
+
+	if (!X509_set_pubkey(x,pkey)) goto err;
+	if (!X509_sign(x,pkey,digest)) goto err;
+	return(1);
+err:
+	ERR_print_errors(bio_err);
+	return(0);
+	}
diff --git a/bugs/MS b/bugs/MS
new file mode 100644
index 0000000000000000000000000000000000000000..a1dcfb90de208ff2627c6d4636f2064794047bbd
--- /dev/null
+++ b/bugs/MS
@@ -0,0 +1,7 @@
+If you use the function that does an fopen inside the DLL, it's malloc
+will be used and when the function is then written inside, more
+hassles
+....
+
+
+think about it.
diff --git a/bugs/SSLv3 b/bugs/SSLv3
new file mode 100644
index 0000000000000000000000000000000000000000..2e22a65cddc7fc2117e7e1241f1c2fe9048d560a
--- /dev/null
+++ b/bugs/SSLv3
@@ -0,0 +1,41 @@
+So far...
+
+ssl3.netscape.com:443 does not support client side dynamic
+session-renegotiation.
+
+ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN
+in an invalid format (the outer sequence is removed).
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys.  Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when opperating in SSLv2/v3 compatablity mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+ssl3.netscape.com:443, first a connection is established with RC4-MD5.
+If it is then resumed, we end up using DES-CBC3-SHA.  It should be
+RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
+Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
+It only really shows up when connecting via SSLv2/v3 then reconnecting
+via SSLv3. The cipher list changes....
+NEW INFORMATION.  Try connecting with a cipher list of just
+DES-CBC-SHA:RC4-MD5.  For some weird reason, each new connection uses
+RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
+doing a re-connect, always takes the first cipher in the cipher list.
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-sighed CA which does not have it's CA in netscape, and the
+browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
+
+Netscape browsers do not really notice the server sending a
+close notify message.  I was sending one, and then some invalid data.
+netscape complained of an invalid mac. (a fork()ed child doing a
+SSL_shutdown() and still sharing the socket with its parent).
+
+Netscape, when using export ciphers, will accept a 1024 bit temporary
+RSA key.  It is supposed to only accept 512.
diff --git a/bugs/VC16.bug b/bugs/VC16.bug
new file mode 100644
index 0000000000000000000000000000000000000000..7815bb5c77ea8f941e2eff8f6f77c50773375d64
--- /dev/null
+++ b/bugs/VC16.bug
@@ -0,0 +1,18 @@
+Microsoft (R) C/C++ Optimizing Compiler Version 8.00c
+
+Compile with /O2 chokes the compiler on these files
+
+crypto\md\md5_dgst.c		warning '@(#)reg86.c:1.26', line 1110
+crypto\des\ofb64ede.c		warning '@(#)grammar.c:1.147', line 168
+crypto\des\ofb64enc.c		warning '@(#)grammar.c:1.147', line 168
+crypto\des\qud_cksm.c		warning '@(#)grammar.c:1.147', line 168
+crypto\rc2\rc2ofb64.c		warning '@(#)grammar.c:1.147', line 168
+crypto\objects\obj_dat.c	warning	'@(#)grammar.c:1.147', line 168
+				fatal	'@(#)grammar.c:1.147', line 168
+crypto\objects\obj_lib.c	warning	'@(#)grammar.c:1.147', line 168
+				fatal	'@(#)grammar.c:1.147', line 168
+ssl\ssl_auth.c			warning	'@(#)grammar.c:1.147', line 168
+				fatal	'@(#)grammar.c:1.147', line 168
+
+Turning on /G3 with build flags that worked fine for /G2 came up with
+divide by zero errors in 'normal' code in speed.c :-(
diff --git a/bugs/alpha.c b/bugs/alpha.c
new file mode 100644
index 0000000000000000000000000000000000000000..419379bb6eb42816cfb0aebc7d1b612d055c671b
--- /dev/null
+++ b/bugs/alpha.c
@@ -0,0 +1,91 @@
+/* bugs/alpha.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for.  This was fine on linux/NT/Solaris but not
+ * Alpha */
+
+/* it is basically an example of
+ * func(*(a++),*(a++))
+ * which parameter is evaluated first?  It is not defined in ASN1 C.
+ */
+
+#include 
+
+#define TYPE    unsigned int
+
+void func(a,b)
+TYPE *a;
+TYPE b;
+        {
+        printf("%ld -1 == %ld\n",a[0],b);
+        }
+
+main()
+        {
+        TYPE data[5]={1L,2L,3L,4L,5L};
+        TYPE *p;
+        int i;
+
+        p=data;
+
+        for (i=0; i<4; i++)
+                {
+                func(p,*(p++));
+                }
+        }
diff --git a/bugs/dggccbug.c b/bugs/dggccbug.c
new file mode 100644
index 0000000000000000000000000000000000000000..30e07a60ea4a0d526fe96648227463db1d94492c
--- /dev/null
+++ b/bugs/dggccbug.c
@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay@cryptsoft.com) - May 1995 */
+
+#include 
+
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop.  Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */
+
+/* compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+
+void inc(a)
+int *a;
+	{
+	(*a)++;
+	}
+
+main()
+	{
+	int p=0;
+#ifdef FIXBUG
+	int dummy;
+#endif
+
+	while (p<3)
+		{
+		fprintf(stderr,"%08X\n",p);
+		inc(&p);
+#ifdef FIXBUG
+		dummy+=p;
+#endif
+		}
+	}
diff --git a/bugs/sgiccbug.c b/bugs/sgiccbug.c
new file mode 100644
index 0000000000000000000000000000000000000000..48bd0605df89fc286b122eaa1f7f12ad9984fde8
--- /dev/null
+++ b/bugs/sgiccbug.c
@@ -0,0 +1,55 @@
+/* NOCW */
+/* sgibug.c */
+/* bug found by Eric Young (eay@mincom.oz.au) May 95 */
+
+#include 
+
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ */
+ 
+/* Compare the output from
+ * cc sgiccbug.c; ./a.out
+ * and
+ * cc -O sgiccbug.c; ./a.out
+ */
+
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
+
+main()
+	{
+	unsigned long r[4];
+	sub(r,a,b);
+	fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
+	fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
+	fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
+	fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
+	}
+
+int sub(r,a,b)
+unsigned long *r,*a,*b;
+	{
+	register unsigned long t1,t2,*ap,*bp,*rp;
+	int i,carry;
+#ifdef FIXBUG
+	unsigned long dummy;
+#endif
+
+	ap=a;
+	bp=b;
+	rp=r;
+	carry=0;
+	for (i=0; i<4; i++)
+		{
+		t1= *(ap++);
+		t2= *(bp++);
+		t1=(t1-t2);
+#ifdef FIXBUG
+		dummy=t1;
+#endif
+		*(rp++)=t1&0xffffffff;
+		}
+	}
diff --git a/bugs/sslref.dif b/bugs/sslref.dif
new file mode 100644
index 0000000000000000000000000000000000000000..0aa92bfe6de8c1078a18a2d7ac7f0cc6400116f6
--- /dev/null
+++ b/bugs/sslref.dif
@@ -0,0 +1,26 @@
+The February 9th, 1995 version of the SSL document differs from
+https://www.netscape.com in the following ways.
+=====
+The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
+KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
+not
+KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
+as specified in the documentation.
+=====
+From the section 2.6 Server Only Protocol Messages
+
+If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
+CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. 
+
+This is not true for https://www.netscape.com.  The CERTIFICATE-TYPE
+is returned as 1.
+=====
+I have not tested the following but it is reported by holtzman@mit.edu.
+
+SSLref clients wait to recieve a server-verify before they send a
+client-finished.  Besides this not being evident from the examples in
+2.2.1, it makes more sense to always send all packets you can before
+reading.  SSLeay was waiting in the server to recieve a client-finish
+before sending the server-verify :-).  I have changed SSLeay to send a
+server-verify before trying to read the client-finished.
+
diff --git a/bugs/stream.c b/bugs/stream.c
new file mode 100644
index 0000000000000000000000000000000000000000..155b7b9752e74e8b423d34620d72b1b97d0be89e
--- /dev/null
+++ b/bugs/stream.c
@@ -0,0 +1,131 @@
+/* bugs/stream.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc4.h"
+#ifdef NO_DES
+#include 
+#else
+#include "des.h"
+#endif
+
+/* show how stream ciphers are not very good.  The mac has no affect
+ * on RC4 while it does for cfb DES
+ */
+
+main()
+	{
+	fprintf(stderr,"rc4\n");
+	rc4();
+	fprintf(stderr,"cfb des\n");
+	des();
+	}
+
+int des()
+	{
+	des_key_schedule ks;
+	des_cblock iv,key;
+	int num;
+	static char *keystr="01234567";
+	static char *in1="0123456789ABCEDFdata 12345";
+	static char *in2="9876543210abcdefdata 12345";
+	unsigned char out[100];
+	int i;
+
+	des_set_key((des_cblock *)keystr,ks);
+
+	num=0;
+	memset(iv,0,8);
+	des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+
+	num=0;
+	memset(iv,0,8);
+	des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+	}
+
+int rc4()
+	{
+	static char *keystr="0123456789abcdef";
+	RC4_KEY key;
+	unsigned char in[100],out[100];
+	int i;
+
+	RC4_set_key(&key,16,keystr);
+	in[0]='\0';
+	strcpy(in,"0123456789ABCEDFdata 12345");
+	RC4(key,26,in,out);
+
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+
+	RC4_set_key(&key,16,keystr);
+	in[0]='\0';
+	strcpy(in,"9876543210abcdefdata 12345");
+	RC4(key,26,in,out);
+
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+	}
diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..6dd974d70da9604a4a30a9a5d13ebde3bb5791ab
--- /dev/null
+++ b/certs/ca-cert.pem
@@ -0,0 +1,31 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/certs/dsa-ca.pem b/certs/dsa-ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..9eb08f3ddd45864dff7c3403c26e6ef6dbf4a5e9
--- /dev/null
+++ b/certs/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
diff --git a/certs/dsa-pca.pem b/certs/dsa-pca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e3641ad47e6b317a3fa797981ec63d80fee4a073
--- /dev/null
+++ b/certs/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
diff --git a/certs/factory.pem b/certs/factory.pem
new file mode 100644
index 0000000000000000000000000000000000000000..8e28b391b2f36a57e311321ce801a438feb454ad
--- /dev/null
+++ b/certs/factory.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
diff --git a/certs/nortelCA.pem b/certs/nortelCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..207f34ab3a7dc0919afb72d913cc63439d8146b8
--- /dev/null
+++ b/certs/nortelCA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
diff --git a/certs/pca-cert.pem b/certs/pca-cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..140e9a6b43293b8cca8e0266dd1591fd1d6b2993
--- /dev/null
+++ b/certs/pca-cert.pem
@@ -0,0 +1,31 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
diff --git a/certs/rsa-cca.pem b/certs/rsa-cca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..69f5c1c84cd7e0e34c609b2a1259f4ba60a22ea0
--- /dev/null
+++ b/certs/rsa-cca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
diff --git a/certs/rsa-ssca.pem b/certs/rsa-ssca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..c9403212d18350bfc1592225acbffc46a03a7810
--- /dev/null
+++ b/certs/rsa-ssca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
diff --git a/certs/thawteCb.pem b/certs/thawteCb.pem
new file mode 100644
index 0000000000000000000000000000000000000000..27df192f0d086256570f63f43e497c84fb86487f
--- /dev/null
+++ b/certs/thawteCb.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
diff --git a/certs/thawteCp.pem b/certs/thawteCp.pem
new file mode 100644
index 0000000000000000000000000000000000000000..51285e33c2fc2a8d1f0b276bad378c304eb52e36
--- /dev/null
+++ b/certs/thawteCp.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
diff --git a/certs/timCA.pem b/certs/timCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..9c8d5bf9c690c7c1b0b43f27849f059bd3d1220f
--- /dev/null
+++ b/certs/timCA.pem
@@ -0,0 +1,16 @@
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
diff --git a/certs/tjhCA.pem b/certs/tjhCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..67bee1b20018aa51df5213f3d203121111542d20
--- /dev/null
+++ b/certs/tjhCA.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
diff --git a/certs/vsign1.pem b/certs/vsign1.pem
new file mode 100644
index 0000000000000000000000000000000000000000..08c70f26742d7ab73b504e2a0d9a6c1bb68e663f
--- /dev/null
+++ b/certs/vsign1.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
diff --git a/certs/vsign2.pem b/certs/vsign2.pem
new file mode 100644
index 0000000000000000000000000000000000000000..2386e149d0bf09571e39c66097ef5267280f1581
--- /dev/null
+++ b/certs/vsign2.pem
@@ -0,0 +1,31 @@
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
diff --git a/certs/vsign3.pem b/certs/vsign3.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e6e31879c1c00ccf95e11d4ebf8f9f632e407f81
--- /dev/null
+++ b/certs/vsign3.pem
@@ -0,0 +1,16 @@
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
diff --git a/certs/vsign4.pem b/certs/vsign4.pem
new file mode 100644
index 0000000000000000000000000000000000000000..b5bcef4d0d7e9ff5733dd37de4d5d96eb2a446c7
--- /dev/null
+++ b/certs/vsign4.pem
@@ -0,0 +1,16 @@
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..9cb45e4b51df7ca5e57ed74d7e92bd601deb2a09
--- /dev/null
+++ b/crypto/Makefile.ssl
@@ -0,0 +1,156 @@
+#
+# SSLeay/crypto/Makefile
+#
+
+DIR=		crypto
+TOP=		..
+CC=		cc
+INCLUDE=	-I. -I../include
+INCLUDES=	-I.. -I../../include
+CFLAG=		-g
+INSTALLTOP=	/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+RM=             /bin/rm -f
+AR=		ar r
+
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" "
+
+LIBS=
+
+SDIRS=	md sha mdc2 \
+	des rc4 rc2 idea bf \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp pem x509 \
+	asn1 conf txt_db pkcs7
+
+GENERAL=Makefile README
+
+LIB= $(TOP)/libcrypto.a
+LIBSRC=	cryptlib.c mem.c cversion.c
+LIBOBJ= cryptlib.o mem.o cversion.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h cryptall.h
+HEADER=	cryptlib.h date.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: date.h lib subdirs
+
+date.h: ../Makefile.ssl ../VERSION
+	echo "#define DATE	\"`date`\"" >date.h
+
+subdirs:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making all in $$i..."; \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \
+	done;
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making 'files' in $$i..."; \
+	$(MAKE) files ); \
+	done;
+
+links:
+	/bin/rm -f Makefile 
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../include $(EXHEADER) ;
+	$(TOP)/util/mklink.sh ../test $(TEST) ;
+	$(TOP)/util/mklink.sh ../apps $(APPS) ;
+	$(TOP)/util/point.sh Makefile.ssl Makefile;
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making links in $$i..."; \
+	$(MAKE) links ); \
+	done;
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+libs:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making libs in $$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+	done;
+
+tests:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making tests in $$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+	done;
+
+install:
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making install in $$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	done;
+
+lint:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making lint in $$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+	done;
+
+depend:
+	$(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making depend in $$i..."; \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' MAKEDEPEND='${MAKEDEPEND}' depend ); \
+	done;
+
+clean:
+	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making clean in $$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+	done;
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making dclean in $$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+	done;
+
+errors:
+	perl ./err/err_code.pl */*.c ../ssl/*.c ../rsaref/*.c
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making errors in $$i..."; \
+	$(MAKE) errors ); \
+	done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..a39e009d27dc43d1d1d3b5438fe5943121048758
--- /dev/null
+++ b/crypto/asn1/Makefile.ssl
@@ -0,0 +1,118 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=	asn1
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=asn1
+ERRC=asn1_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c \
+	a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+	a_sign.c a_digest.c a_verify.c \
+	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
+	x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c \
+	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
+	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+	t_req.c t_x509.c t_pkey.c \
+	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
+	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
+	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+	a_hdr.c x_pkey.c a_bool.c x_exten.c \
+	asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
+	a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+	a_sign.o a_digest.o a_verify.o \
+	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
+	x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o \
+	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
+	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+	t_req.o t_x509.o t_pkey.o \
+	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
+	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
+	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+	a_hdr.o x_pkey.o a_bool.o x_exten.o \
+	asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:	test.c
+	cc -g -I../../include -c test.c
+	cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:	pk.c
+	cc -g -I../../include -c pk.c
+	cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
new file mode 100644
index 0000000000000000000000000000000000000000..eb99ebca2f78de577ece57104cb8e63b64c5bbfe
--- /dev/null
+++ b/crypto/asn1/a_bitstr.c
@@ -0,0 +1,158 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT);
+ * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING);
+ */
+
+int i2d_ASN1_BIT_STRING(a,pp)
+ASN1_BIT_STRING *a;
+unsigned char **pp;
+	{
+	int ret,j,r,bits;
+	unsigned char *p,*d;
+
+	if (a == NULL) return(0);
+
+	/* our bit strings are always a multiple of 8 :-) */
+	bits=0;
+	ret=1+a->length;
+	r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
+	if (bits == 0)
+		j=0;
+	else	j=8-bits;
+	*(p++)=(unsigned char)j;
+	d=a->data;
+	memcpy(p,d,a->length);
+	p+=a->length;
+	if (a->length > 0) p[-1]&=(0xff< 1) /* using one because of the bits left byte */
+		{
+		s=(unsigned char *)Malloc((int)len);
+		if (s == NULL)
+			{
+			i=ERR_R_MALLOC_FAILURE;
+			goto err;
+			}
+		memcpy(s,p,(int)len);
+		s[len-1]&=(0xff<length=(int)len;
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->type=V_ASN1_BIT_STRING;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_BIT_STRING_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
new file mode 100644
index 0000000000000000000000000000000000000000..83607b58ef43466c9fa19129ceedb99dff52c54b
--- /dev/null
+++ b/crypto/asn1/a_bool.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_EXPECTING_A_BOOLEAN);
+ * ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+ */
+
+int i2d_ASN1_BOOLEAN(a,pp)
+int a;
+unsigned char **pp;
+	{
+	int r;
+	unsigned char *p;
+
+	r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
+	*(p++)= (unsigned char)a;
+	*pp=p;
+	return(r);
+	}
+
+int d2i_ASN1_BOOLEAN(a, pp, length)
+int *a;
+unsigned char **pp;
+long length;
+	{
+	int ret= -1;
+	unsigned char *p;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_BOOLEAN)
+		{
+		i=ASN1_R_EXPECTING_A_BOOLEAN;
+		goto err;
+		}
+
+	if (len != 1)
+		{
+		i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+		goto err;
+		}
+	ret= (int)*(p++);
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
+	return(ret);
+	}
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
new file mode 100644
index 0000000000000000000000000000000000000000..0c9132498cf99d98551ff2a9c5c1bed953ec9391
--- /dev/null
+++ b/crypto/asn1/a_bytes.c
@@ -0,0 +1,337 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_WRONG_TYPE);
+ * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
+ */
+
+static unsigned long tag2bit[32]={
+0,	0,	0,	0,	/* tags  0 -  3 */
+B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags 12-15 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
+0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,
+	};
+
+#ifndef NOPROTO
+static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
+#else
+static int asn1_collate_primative();
+#endif
+
+/* type is a 'bitmap' of acceptable string types to be accepted.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(a, pp, length, type)
+ASN1_STRING **a;
+unsigned char **pp;
+long length;
+int type;
+	{
+	ASN1_STRING *ret=NULL;
+	unsigned char *p,*s;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80) goto err;
+
+	if (tag >= 32)
+		{
+		i=ASN1_R_TAG_VALUE_TOO_HIGH;;
+		goto err;
+		}
+	if (!(tag2bit[tag] & type))
+		{
+		i=ASN1_R_WRONG_TYPE;
+		goto err;
+		}
+	if (len != 0)
+		{
+		s=(unsigned char *)Malloc((int)len+1);
+		if (s == NULL)
+			{
+			i=ERR_R_MALLOC_FAILURE;
+			goto err;
+			}
+		memcpy(s,p,(int)len);
+		s[len]='\0';
+		p+=len;
+		}
+	else
+		s=NULL;
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->length=(int)len;
+	ret->data=s;
+	ret->type=tag;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_STRING_free(ret);
+	return(NULL);
+	}
+
+int i2d_ASN1_bytes(a, pp, tag, xclass)
+ASN1_STRING *a;
+unsigned char **pp;
+int tag;
+int xclass;
+	{
+	int ret,r,constructed;
+	unsigned char *p;
+
+	if (a == NULL)  return(0);
+	ret=a->length;
+	r=ASN1_object_size(0,ret,tag);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+		constructed=1;
+	else
+		constructed=0;
+	ASN1_put_object(&p,constructed,ret,tag,xclass);
+	memcpy(p,a->data,a->length);
+	p+=a->length;
+	*pp= p;
+	return(r);
+	}
+
+ASN1_STRING *d2i_ASN1_bytes(a, pp, length, Ptag, Pclass)
+ASN1_STRING **a;
+unsigned char **pp;
+long length;
+int Ptag;
+int Pclass;
+	{
+	ASN1_STRING *ret=NULL;
+	unsigned char *p,*s;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != Ptag)
+		{
+		i=ASN1_R_WRONG_TAG;
+		goto err;
+		}
+
+	if (inf & V_ASN1_CONSTRUCTED)
+		{
+		ASN1_CTX c;
+
+		c.pp=pp;
+		c.p=p;
+		c.inf=inf;
+		c.slen=len;
+		c.tag=Ptag;
+		c.xclass=Pclass;
+		c.max=(length == 0)?0:(p+length);
+		if (!asn1_collate_primative(ret,&c)) 
+			goto err; 
+		else
+			{
+			p=c.p;
+			}
+		}
+	else
+		{
+		if (len != 0)
+			{
+			if (ret->length < len)
+				{
+				if (ret->data != NULL) Free((char *)ret->data);
+				s=(unsigned char *)Malloc((int)len);
+				if (s == NULL)
+					{
+					i=ERR_R_MALLOC_FAILURE;
+					goto err;
+					}
+				}
+			else
+				s=ret->data;
+			memcpy(s,p,(int)len);
+			p+=len;
+			}
+		else
+			{
+			s=NULL;
+			if (ret->data != NULL) Free((char *)ret->data);
+			}
+
+		ret->length=(int)len;
+		ret->data=s;
+		ret->type=Ptag;
+		}
+
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_STRING_free(ret);
+	ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
+	return(NULL);
+	}
+
+
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes
+ * them into the one struture that is then returned */
+/* There have been a few bug fixes for this function from
+ * Paul Keogh , many thanks to him */
+static int asn1_collate_primative(a,c)
+ASN1_STRING *a;
+ASN1_CTX *c;
+	{
+	ASN1_STRING *os=NULL;
+	BUF_MEM b;
+	int num;
+
+	b.length=0;
+	b.max=0;
+	b.data=NULL;
+
+	if (a == NULL)
+		{
+		c->error=ERR_R_PASSED_NULL_PARAMETER;
+		goto err;
+		}
+
+	num=0;
+	for (;;)
+		{
+		if (c->inf & 1)
+			{
+			c->eos=ASN1_check_infinite_end(&c->p,
+				(long)(c->max-c->p));
+			if (c->eos) break;
+			}
+		else
+			{
+			if (c->slen <= 0) break;
+			}
+
+		c->q=c->p;
+		if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+			== NULL)
+			{
+			c->error=ERR_R_ASN1_LIB;
+			goto err;
+			}
+
+		if (!BUF_MEM_grow(&b,num+os->length))
+			{
+			c->error=ERR_R_BUF_LIB;
+			goto err;
+			}
+		memcpy(&(b.data[num]),os->data,os->length);
+		if (!(c->inf & 1))
+			c->slen-=(c->p-c->q);
+		num+=os->length;
+		}
+
+	if (!asn1_Finish(c)) goto err;
+
+	a->length=num;
+	if (a->data != NULL) Free(a->data);
+	a->data=(unsigned char *)b.data;
+	if (os != NULL) ASN1_STRING_free(os);
+	return(1);
+err:
+	ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,c->error);
+	if (os != NULL) ASN1_STRING_free(os);
+	if (b.data != NULL) Free(b.data);
+	return(0);
+	}
+
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
new file mode 100644
index 0000000000000000000000000000000000000000..5c9c9cf09b356a9f2d2e24c114f0508aca5a2dcd
--- /dev/null
+++ b/crypto/asn1/a_d2i_fp.c
@@ -0,0 +1,200 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1_mac.h"
+
+#define HEADER_SIZE   8
+
+#ifndef WIN16
+char *ASN1_d2i_fp(xnew,d2i,in,x)
+char *(*xnew)();
+char *(*d2i)();
+FILE *in;
+unsigned char **x;
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+		}
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_d2i_bio(xnew,d2i,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+char *ASN1_d2i_bio(xnew,d2i,in,x)
+char *(*xnew)();
+char *(*d2i)();
+BIO *in;
+unsigned char **x;
+	{
+	BUF_MEM *b;
+	unsigned char *p;
+	int i;
+	char *ret=NULL;
+	ASN1_CTX c;
+	int want=HEADER_SIZE;
+	int eos=0;
+	int off=0;
+	int len=0;
+
+	b=BUF_MEM_new();
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	for (;;)
+		{
+		if (want >= (len-off))
+			{
+			want-=(len-off);
+
+			if (!BUF_MEM_grow(b,len+want))
+				{
+				ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			i=BIO_read(in,&(b->data[len]),want);
+			if ((i < 0) && ((len-off) == 0))
+				{
+				ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+				goto err;
+				}
+			if (i > 0)
+				len+=i;
+			}
+		/* else data already loaded */
+
+		p=(unsigned char *)&(b->data[off]);
+		c.p=p;
+		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
+			len-off);
+		if (c.inf & 0x80)
+			{
+			unsigned long e;
+
+			e=ERR_GET_REASON(ERR_peek_error());
+			if (e != ASN1_R_TOO_LONG)
+				goto err;
+			else
+				ERR_get_error(); /* clear error */
+			}
+		i=c.p-p;/* header length */
+		off+=i;	/* end of data */
+
+		if (c.inf & 1)
+			{
+			/* no data body so go round again */
+			eos++;
+			want=HEADER_SIZE;
+			}
+		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+			{
+			/* eos value, so go back and read another header */
+			eos--;
+			if (eos <= 0)
+				break;
+			else
+				want=HEADER_SIZE;
+			}
+		else 
+			{
+			/* suck in c.slen bytes of data */
+			want=(int)c.slen;
+			if (want > (len-off))
+				{
+				want-=(len-off);
+				if (!BUF_MEM_grow(b,len+want))
+					{
+					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+					goto err;
+					}
+				i=BIO_read(in,&(b->data[len]),want);
+				if (i <= 0)
+					{
+					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+					goto err;
+					}
+				len+=i;
+				}
+			off+=(int)c.slen;
+			if (eos <= 0)
+				{
+				break;
+				}
+			else
+				want=HEADER_SIZE;
+			}
+		}
+
+	p=(unsigned char *)b->data;
+	ret=d2i(x,&p,off);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
new file mode 100644
index 0000000000000000000000000000000000000000..8f395d958a2c2425bc0aa541d3ede31a1071116c
--- /dev/null
+++ b/crypto/asn1/a_digest.c
@@ -0,0 +1,91 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include "evp.h"
+#include "x509.h"
+#include "buffer.h"
+
+int ASN1_digest(i2d,type,data,md,len)
+int (*i2d)();
+EVP_MD *type;
+char *data;
+unsigned char *md;
+unsigned int *len;
+	{
+	EVP_MD_CTX ctx;
+	int i;
+	unsigned char *str,*p;
+
+	i=i2d(data,NULL);
+	if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
+	p=str;
+	i2d(data,&p);
+
+	EVP_DigestInit(&ctx,type);
+	EVP_DigestUpdate(&ctx,str,i);
+	EVP_DigestFinal(&ctx,md,len);
+	Free(str);
+	return(1);
+	}
+
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
new file mode 100644
index 0000000000000000000000000000000000000000..51ed105ff20c41f6959d376ba8921b2995f05b0f
--- /dev/null
+++ b/crypto/asn1/a_dup.c
@@ -0,0 +1,86 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+#define READ_CHUNK   2048
+
+char *ASN1_dup(i2d,d2i,x)
+int (*i2d)();
+char *(*d2i)();
+char *x;
+	{
+	unsigned char *b,*p;
+	long i;
+	char *ret;
+
+	if (x == NULL) return(NULL);
+
+	i=(long)i2d(x,NULL);
+	b=(unsigned char *)Malloc((unsigned int)i+10);
+	if (b == NULL)
+		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+	p= b;
+	i=i2d(x,&p);
+	p= b;
+	ret=d2i(NULL,&p,i);
+	Free((char *)b);
+	return(ret);
+	}
diff --git a/crypto/asn1/a_hdr.c b/crypto/asn1/a_hdr.c
new file mode 100644
index 0000000000000000000000000000000000000000..b7de335fc1c39974a95984b5eaa96e652d231174
--- /dev/null
+++ b/crypto/asn1/a_hdr.c
@@ -0,0 +1,130 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "asn1.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_ASN1_HEADER,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
+ * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
+ * ASN1err(ASN1_F_ASN1_HEADER_NEW,ASN1_R_BAD_GET_OBJECT);
+ */
+
+int i2d_ASN1_HEADER(a,pp)
+ASN1_HEADER *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->header,	i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len(a->data,		a->meth->i2d);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->header,	i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put(a->data,		a->meth->i2d);
+
+	M_ASN1_I2D_finish();
+	}
+
+ASN1_HEADER *d2i_ASN1_HEADER(a,pp,length)
+ASN1_HEADER **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+
+	M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING);
+	if (ret->meth != NULL)
+		{
+		M_ASN1_D2I_get(ret->data,ret->meth->d2i);
+		}
+	else
+		{
+		if (a != NULL) (*a)=ret;
+		return(ret);
+		}
+        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+	}
+
+ASN1_HEADER *ASN1_HEADER_new()
+	{
+	ASN1_HEADER *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,ASN1_HEADER);
+	M_ASN1_New(ret->header,ASN1_OCTET_STRING_new);
+	ret->meth=NULL;
+	ret->data=NULL;
+	return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+	}
+
+void ASN1_HEADER_free(a)
+ASN1_HEADER *a;
+	{
+	if (a == NULL) return;
+	ASN1_OCTET_STRING_free(a->header);
+	if (a->meth != NULL)
+		a->meth->destroy(a->data);
+	Free((char *)a);
+	}
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
new file mode 100644
index 0000000000000000000000000000000000000000..eab127e6e0da44e410a335cffbb7ebc1989056ae
--- /dev/null
+++ b/crypto/asn1/a_i2d_fp.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1_mac.h"
+
+#ifndef WIN16
+int ASN1_i2d_fp(i2d,out,x)
+int (*i2d)();
+FILE *out;
+unsigned char *x;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_i2d_bio(i2d,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_i2d_bio(i2d,out,x)
+int (*i2d)();
+BIO *out;
+unsigned char *x;
+	{
+	char *b;
+	unsigned char *p;
+	int i,j=0,n,ret=1;
+
+	n=i2d(x,NULL);
+	b=(char *)Malloc(n);
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	p=(unsigned char *)b;
+	i2d(x,&p);
+	
+	for (;;)
+		{
+		i=BIO_write(out,&(b[j]),n);
+		if (i == n) break;
+		if (i <= 0)
+			{
+			ret=0;
+			break;
+			}
+		j+=i;
+		n-=i;
+		}
+	Free((char *)b);
+	return(ret);
+	}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
new file mode 100644
index 0000000000000000000000000000000000000000..ce0921d59ac76e55693ebf67f3daea32dfc1000d
--- /dev/null
+++ b/crypto/asn1/a_int.c
@@ -0,0 +1,304 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
+ */
+
+int i2d_ASN1_INTEGER(a,pp)
+ASN1_INTEGER *a;
+unsigned char **pp;
+	{
+	int pad=0,ret,r,i,t;
+	unsigned char *p,*pt,*n,pb=0;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+	t=a->type;
+	if (a->length == 0)
+		ret=1;
+	else
+		{
+		ret=a->length;
+		i=a->data[0];
+		if ((t == V_ASN1_INTEGER) && (i > 127))
+			{
+			pad=1;
+			pb=0;
+			}
+		else if ((t == V_ASN1_NEG_INTEGER) && (i>128))
+			{
+			pad=1;
+			pb=0xFF;
+			}
+		ret+=pad;
+		}
+	r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
+	if (pad) *(p++)=pb;
+	if (a->length == 0)
+		*(p++)=0;
+	else if (t == V_ASN1_INTEGER)
+		{
+		memcpy(p,a->data,(unsigned int)a->length);
+		p+=a->length;
+		}
+	else
+		{
+		n=a->data;
+		pt=p;
+		for (i=a->length; i>0; i--)
+			*(p++)= (*(n++)^0xFF)+1;
+		if (!pad) *pt|=0x80;
+		}
+
+	*pp=p;
+	return(r);
+	}
+
+ASN1_INTEGER *d2i_ASN1_INTEGER(a, pp, length)
+ASN1_INTEGER **a;
+unsigned char **pp;
+long length;
+	{
+	ASN1_INTEGER *ret=NULL;
+	unsigned char *p,*to,*s;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_INTEGER;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_INTEGER)
+		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+	if (*p & 0x80) /* a negative number */
+		{
+		ret->type=V_ASN1_NEG_INTEGER;
+		if (*p == 0xff)
+			{
+			p++;
+			len--;
+			}
+		for (i=(int)len; i>0; i--)
+			*(to++)= (*(p++)^0xFF)+1;
+		}
+	else
+		{
+		ret->type=V_ASN1_INTEGER;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+		p+=len;
+		}
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+int ASN1_INTEGER_set(a,v)
+ASN1_INTEGER *a;
+long v;
+	{
+	int i,j,k;
+	unsigned char buf[sizeof(long)+1];
+	long d;
+
+	a->type=V_ASN1_INTEGER;
+	if (a->length < (sizeof(long)+1))
+		{
+		if (a->data != NULL)
+			Free((char *)a->data);
+		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+			memset((char *)a->data,0,sizeof(long)+1);
+		}
+	if (a->data == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	d=v;
+	if (d < 0)
+		{
+		d= -d;
+		a->type=V_ASN1_NEG_INTEGER;
+		}
+
+	for (i=0; i>=8;
+		}
+	j=0;
+	if (v < 0) a->data[j++]=0;
+	for (k=i-1; k >=0; k--)
+		a->data[j++]=buf[k];
+	a->length=j;
+	return(1);
+	}
+
+long ASN1_INTEGER_get(a)
+ASN1_INTEGER *a;
+	{
+	int neg=0,i;
+	long r=0;
+
+	if (a == NULL) return(0L);
+	i=a->type;
+	if (i == V_ASN1_NEG_INTEGER)
+		neg=1;
+	else if (i != V_ASN1_INTEGER)
+		return(0);
+	
+	if (a->length > sizeof(long))
+		{
+		return(0xFFFFFFFFL);
+		}
+	if (a->data == NULL)
+		return(0);
+
+	for (i=0; ilength; i++)
+		{
+		r<<=8;
+		r|=(unsigned char)a->data[i];
+		}
+	if (neg) r= -r;
+	return(r);
+	}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(bn,ai)
+BIGNUM *bn;
+ASN1_INTEGER *ai;
+	{
+	ASN1_INTEGER *ret;
+	int len,j;
+
+	if (ai == NULL)
+		ret=ASN1_INTEGER_new();
+	else
+		ret=ai;
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ASN1_R_ERROR_STACK);
+		goto err;
+		}
+	ret->type=V_ASN1_INTEGER;
+	j=BN_num_bits(bn);
+	len=((j == 0)?0:((j/8)+1));
+	ret->data=(unsigned char *)Malloc(len+4);
+	ret->length=BN_bn2bin(bn,ret->data);
+	return(ret);
+err:
+	if (ret != ai) ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+BIGNUM *ASN1_INTEGER_to_BN(ai,bn)
+ASN1_INTEGER *ai;
+BIGNUM *bn;
+	{
+	BIGNUM *ret;
+
+	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+	return(ret);
+	}
diff --git a/crypto/asn1/a_meth.c b/crypto/asn1/a_meth.c
new file mode 100644
index 0000000000000000000000000000000000000000..0beb958aa6544cc2aad75402063a006fa163a524
--- /dev/null
+++ b/crypto/asn1/a_meth.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+
+static  ASN1_METHOD ia5string_meth={
+	(int (*)())	i2d_ASN1_IA5STRING,
+	(char *(*)())	d2i_ASN1_IA5STRING,
+	(char *(*)())	ASN1_STRING_new,
+	(void (*)())	ASN1_STRING_free};
+
+static  ASN1_METHOD bit_string_meth={
+	(int (*)())	i2d_ASN1_BIT_STRING,
+	(char *(*)())	d2i_ASN1_BIT_STRING,
+	(char *(*)())	ASN1_STRING_new,
+	(void (*)())	ASN1_STRING_free};
+
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth()
+	{
+	return(&ia5string_meth);
+	}
+
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth()
+	{
+	return(&bit_string_meth);
+	}
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
new file mode 100644
index 0000000000000000000000000000000000000000..897915cf491acb4e747b4aab96a504be252542de
--- /dev/null
+++ b/crypto/asn1/a_object.c
@@ -0,0 +1,369 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "asn1.h"
+#include "objects.h"
+
+/* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); 
+ * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); 
+ * ASN1err(ASN1_F_I2A_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
+ */
+
+int i2d_ASN1_OBJECT(a, pp)
+ASN1_OBJECT *a;
+unsigned char **pp;
+	{
+	unsigned char *p;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+
+	if (pp == NULL)
+		return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
+
+	p= *pp;
+	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+	memcpy(p,a->data,a->length);
+	p+=a->length;
+
+	*pp=p;
+	return(a->length);
+	}
+
+int a2d_ASN1_OBJECT(out,olen,buf,num)
+unsigned char *out;
+int olen;
+char *buf;
+int num;
+	{
+	int i,first,len=0,c;
+	char tmp[24],*p;
+	unsigned long l;
+
+	if (num == 0)
+		return(0);
+	else if (num == -1)
+		num=strlen(buf);
+
+	p=buf;
+	c= *(p++);
+	num--;
+	if ((c >= '0') && (c <= '2'))
+		{
+		first=(c-'0')*40;
+		}
+	else
+		{
+		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
+		goto err;
+		}
+
+	if (num <= 0)
+		{
+		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
+		goto err;
+		}
+	c= *(p++);
+	num--;
+	for (;;)
+		{
+		if (num <= 0) break;
+		if ((c != '.') && (c != ' '))
+			{
+			ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
+			goto err;
+			}
+		l=0;
+		for (;;)
+			{
+			if (num <= 0) break;
+			num--;
+			c= *(p++);
+			if ((c == ' ') || (c == '.'))
+				break;
+			if ((c < '0') || (c > '9'))
+				{
+				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+				goto err;
+				}
+			l=l*10L+(long)(c-'0');
+			}
+		if (len == 0)
+			{
+			if ((first < 2) && (l >= 40))
+				{
+				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
+				goto err;
+				}
+			l+=(long)first;
+			}
+		i=0;
+		for (;;)
+			{
+			tmp[i++]=(unsigned char)l&0x7f;
+			l>>=7L;
+			if (l == 0L) break;
+			}
+		if (out != NULL)
+			{
+			if (len+i > olen)
+				{
+				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
+				goto err;
+				}
+			while (--i > 0)
+				out[len++]=tmp[i]|0x80;
+			out[len++]=tmp[0];
+			}
+		else
+			len+=i;
+		}
+	return(len);
+err:
+	return(0);
+	}
+
+int i2a_ASN1_OBJECT(bp,a)
+BIO *bp;
+ASN1_OBJECT *a;
+	{
+	int j,i,idx=0,n=0,len,nid,reason=ERR_R_BUF_LIB;
+	unsigned long l;
+	unsigned char *p;
+	char buf[20];
+	char *s;
+
+	if ((a == NULL) || (a->data == NULL))
+		{
+		return(BIO_write(bp,"NULL",4));
+		}
+
+	nid=OBJ_obj2nid(a);
+	if (nid == NID_undef)
+		{
+		len=a->length;
+		p=a->data;
+
+		idx=0;
+		l=0;
+		while (idx < a->length)
+			{
+			l|=(p[idx]&0x7f);
+			if (!(p[idx] & 0x80)) break;
+			l<<=7L;
+			idx++;
+			}
+		idx++;
+		i=(int)(l/40);
+		if (i > 2) i=2;
+		l-=(long)(i*40);
+
+		sprintf(buf,"%d.%ld",i,l);
+		i=strlen(buf);
+		if (BIO_write(bp,buf,i) != i)
+				goto err;
+		n+=i;
+
+		l=0;
+		for (; idxsn or ->ln */
+	if ((a == NULL) || ((*a) == NULL) ||
+		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+		{
+		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+		}
+	else	ret=(*a);
+
+	p= *pp;
+
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_OBJECT)
+		{
+		i=ASN1_R_EXPECTING_AN_OBJECT;
+		goto err;
+		}
+	if ((ret->data == NULL) || (ret->length < len))
+		{
+		if (ret->data != NULL) Free((char *)ret->data);
+		ret->data=(unsigned char *)Malloc((int)len);
+		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+		if (ret->data == NULL)
+			{ i=ERR_R_MALLOC_FAILURE; goto err; }
+		}
+	memcpy(ret->data,p,(int)len);
+	ret->length=(int)len;
+	ret->sn=NULL;
+	ret->ln=NULL;
+	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+	p+=len;
+
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_OBJECT_free(ret);
+	return(NULL);
+	}
+
+ASN1_OBJECT *ASN1_OBJECT_new()
+	{
+	ASN1_OBJECT *ret;
+
+	ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->length=0;
+	ret->data=NULL;
+	ret->nid=0;
+	ret->sn=NULL;
+	ret->ln=NULL;
+	ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
+	return(ret);
+	}
+
+void ASN1_OBJECT_free(a)
+ASN1_OBJECT *a;
+	{
+	if (a == NULL) return;
+	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
+		{
+		if (a->sn != NULL) Free(a->sn);
+		if (a->ln != NULL) Free(a->ln);
+		a->sn=a->ln=NULL;
+		}
+	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
+		{
+		if (a->data != NULL) Free(a->data);
+		a->data=NULL;
+		a->length=0;
+		}
+	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+		Free((char *)a);
+	}
+
+ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln)
+int nid;
+unsigned char *data;
+int len;
+char *sn,*ln;
+	{
+	ASN1_OBJECT o;
+
+	o.sn=sn;
+	o.ln=ln;
+	o.data=data;
+	o.nid=nid;
+	o.length=len;
+	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|
+		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+	return(OBJ_dup(&o));
+	}
+
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
new file mode 100644
index 0000000000000000000000000000000000000000..e4ef15a995f004a5e56bf4e51a77b66ee7618b67
--- /dev/null
+++ b/crypto/asn1/a_octet.c
@@ -0,0 +1,90 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_EXPECTING_AN_OCTET_STRING);
+ */
+
+int i2d_ASN1_OCTET_STRING(a, pp)
+ASN1_OCTET_STRING *a;
+unsigned char **pp;
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(a, pp, length)
+ASN1_OCTET_STRING **a;
+unsigned char **pp;
+long length;
+	{
+	ASN1_OCTET_STRING *ret=NULL;
+
+	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_ERROR_STACK);
+		return(NULL);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
new file mode 100644
index 0000000000000000000000000000000000000000..a1bbc35ca176a6299753f7f73c5a143095565394
--- /dev/null
+++ b/crypto/asn1/a_print.c
@@ -0,0 +1,161 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_WRONG_PRINTABLE_TYPE);
+ * ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_TAG_VALUE_TOO_HIGH);
+ */
+
+int i2d_ASN1_IA5STRING(a,pp)
+ASN1_IA5STRING *a;
+unsigned char **pp;
+	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
+
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(a,pp,l)
+ASN1_IA5STRING **a;
+unsigned char **pp;
+long l;
+	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
+
+ASN1_T61STRING *d2i_ASN1_T61STRING(a,pp,l)
+ASN1_T61STRING **a;
+unsigned char **pp;
+long l;
+	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
+
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(a,pp,l)
+ASN1_PRINTABLESTRING **a;
+unsigned char **pp;
+long l;
+	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,l)); }
+
+int i2d_ASN1_PRINTABLE(a,pp)
+ASN1_STRING *a;
+unsigned char **pp;
+	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
+
+ASN1_STRING *d2i_ASN1_PRINTABLE(a,pp,l)
+ASN1_STRING **a;
+unsigned char **pp;
+long l;
+	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
+
+int ASN1_PRINTABLE_type(s,len)
+unsigned char *s;
+int len;
+	{
+	int c;
+	int ia5=0;
+	int t61=0;
+
+	if (len <= 0) len= -1;
+	if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+
+	while ((*s) && (len-- != 0))
+		{
+		c= *(s++);
+		if (!(	((c >= 'a') && (c <= 'z')) ||
+			((c >= 'A') && (c <= 'Z')) ||
+			(c == ' ') ||
+			((c >= '0') && (c <= '9')) ||
+			(c == ' ') || (c == '\'') ||
+			(c == '(') || (c == ')') ||
+			(c == '+') || (c == ',') ||
+			(c == '-') || (c == '.') ||
+			(c == '/') || (c == ':') ||
+			(c == '=') || (c == '?')))
+			ia5=1;
+		if (c&0x80)
+			t61=1;
+		}
+	if (t61) return(V_ASN1_T61STRING);
+	if (ia5) return(V_ASN1_IA5STRING);
+	return(V_ASN1_PRINTABLESTRING);
+	}
+
+int ASN1_UNIVERSALSTRING_to_string(s)
+ASN1_UNIVERSALSTRING *s;
+	{
+	int i;
+	unsigned char *p;
+
+	if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
+	if ((s->length%4) != 0) return(0);
+	p=s->data;
+	for (i=0; ilength; i+=4)
+		{
+		if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+			break;
+		else
+			p+=4;
+		}
+	if (i < s->length) return(0);
+	p=s->data;
+	for (i=3; ilength; i+=4)
+		{
+		*(p++)=s->data[i];
+		}
+	*(p)='\0';
+	s->length/=4;
+	s->type=ASN1_PRINTABLE_type(s->data,s->length);
+	return(1);
+	}
+
diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
new file mode 100644
index 0000000000000000000000000000000000000000..5752fbb5fd73700ec5ac502def88f72f4816e5bf
--- /dev/null
+++ b/crypto/asn1/a_set.c
@@ -0,0 +1,149 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+ */
+
+int i2d_ASN1_SET(a,pp,func,ex_tag,ex_class)
+STACK *a;
+unsigned char **pp;
+int (*func)();
+int ex_tag;
+int ex_class;
+	{
+	int ret=0,r;
+	int i;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+	for (i=sk_num(a)-1; i>=0; i--)
+		ret+=func(sk_value(a,i),NULL);
+	r=ASN1_object_size(1,ret,ex_tag);
+	if (pp == NULL) return(r);
+
+	p= *pp;
+	ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+	for (i=0; i c.max)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
+		goto err;
+		}
+	/* check for infinite constructed - it can be as long
+	 * as the amount of data passed to us */
+	if (c.inf == (V_ASN1_CONSTRUCTED+1))
+		c.slen=length+ *pp-c.p;
+	c.max=c.p+c.slen;
+
+	while (c.p < c.max)
+		{
+		char *s;
+
+		if (M_ASN1_D2I_end_sequence()) break;
+		if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) goto err;
+		if (!sk_push(ret,s)) goto err;
+		}
+	if (a != NULL) (*a)=ret;
+	*pp=c.p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) sk_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
new file mode 100644
index 0000000000000000000000000000000000000000..2925ce3ad3e41f3a9bfcce65dbbfbfb6d5d0bc28
--- /dev/null
+++ b/crypto/asn1/a_sign.c
@@ -0,0 +1,147 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "buffer.h"
+#include "pem.h"
+
+int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type)
+int (*i2d)();
+X509_ALGOR *algor1;
+X509_ALGOR *algor2;
+ASN1_BIT_STRING *signature;
+char *data;
+EVP_PKEY *pkey;
+EVP_MD *type;
+	{
+	EVP_MD_CTX ctx;
+	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+	int i,inl=0,outl=0,outll=0;
+	X509_ALGOR *a;
+
+	for (i=0; i<2; i++)
+		{
+		if (i == 0)
+			a=algor1;
+		else
+			a=algor2;
+		if (a == NULL) continue;
+		if (	(a->parameter == NULL) || 
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+			a->parameter->type=V_ASN1_NULL;
+			}
+		ASN1_OBJECT_free(a->algorithm);
+		a->algorithm=OBJ_nid2obj(type->pkey_type);
+		if (a->algorithm == NULL)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+			goto err;
+			}
+		if (a->algorithm->length == 0)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			goto err;
+			}
+		}
+	inl=i2d(data,NULL);
+	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	outll=outl=EVP_PKEY_size(pkey);
+	buf_out=(unsigned char *)Malloc((unsigned int)outl);
+	if ((buf_in == NULL) || (buf_out == NULL))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=buf_in;
+
+	i2d(data,&p);
+	EVP_SignInit(&ctx,type);
+	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+			(unsigned int *)&outl,pkey))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+		goto err;
+		}
+	if (signature->data != NULL) Free((char *)signature->data);
+	signature->data=buf_out;
+	buf_out=NULL;
+	signature->length=outl;
+
+err:
+	memset(&ctx,0,sizeof(ctx));
+	if (buf_in != NULL)
+		{ memset((char *)buf_in,0,(unsigned int)inl); Free((char *)buf_in); }
+	if (buf_out != NULL)
+		{ memset((char *)buf_out,0,outll); Free((char *)buf_out); }
+	return(outl);
+	}
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
new file mode 100644
index 0000000000000000000000000000000000000000..abaf70dcb8904ca1c2c2f3cf56da5d1a29c7c37d
--- /dev/null
+++ b/crypto/asn1/a_type.c
@@ -0,0 +1,317 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_ERROR_STACK);
+ * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_WRONG_TAG);
+ * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
+ */
+
+#ifndef NOPROTO
+static void ASN1_TYPE_component_free(ASN1_TYPE *a);
+#else
+static void ASN1_TYPE_component_free();
+#endif
+
+int i2d_ASN1_TYPE(a,pp)
+ASN1_TYPE *a;
+unsigned char **pp;
+	{
+	int r=0;
+
+	if (a == NULL) return(0);
+
+	switch (a->type)
+		{
+	case V_ASN1_NULL:
+		if (pp != NULL)
+			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
+		r=2;
+		break;
+	case V_ASN1_INTEGER:
+	case V_ASN1_NEG_INTEGER:
+		r=i2d_ASN1_INTEGER(a->value.integer,pp);
+		break;
+	case V_ASN1_BIT_STRING:
+		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
+		break;
+	case V_ASN1_OCTET_STRING:
+		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
+		break;
+	case V_ASN1_OBJECT:
+		r=i2d_ASN1_OBJECT(a->value.object,pp);
+		break;
+	case V_ASN1_PRINTABLESTRING:
+		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
+		break;
+	case V_ASN1_T61STRING:
+		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
+		break;
+	case V_ASN1_IA5STRING:
+		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
+		break;
+	case V_ASN1_GENERALSTRING:
+		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
+		break;
+	case V_ASN1_UNIVERSALSTRING:
+		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
+		break;
+	case V_ASN1_UTCTIME:
+		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
+		break;
+	case V_ASN1_SET:
+	case V_ASN1_SEQUENCE:
+		if (a->value.set == NULL)
+			r=0;
+		else
+			{
+			r=a->value.set->length;
+			if (pp != NULL)
+				{
+				memcpy(*pp,a->value.set->data,r);
+				*pp+=r;
+				}
+			}
+		break;
+		}
+	return(r);
+	}
+
+ASN1_TYPE *d2i_ASN1_TYPE(a,pp,length)
+ASN1_TYPE **a;
+unsigned char **pp;
+long length;
+	{
+	ASN1_TYPE *ret=NULL;
+	unsigned char *q,*p,*max;
+	int inf,tag,xclass;
+	long len;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	q=p;
+	max=(p+length);
+
+	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
+	if (inf & 0x80) goto err;
+	
+	ASN1_TYPE_component_free(ret);
+
+	switch (tag)
+		{
+	case V_ASN1_NULL:
+		p=q;
+		ret->value.ptr=NULL;
+		break;
+	case V_ASN1_INTEGER:
+		if ((ret->value.integer=
+			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_BIT_STRING:
+		if ((ret->value.bit_string=
+			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_OCTET_STRING:
+		if ((ret->value.octet_string=
+			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_OBJECT:
+		if ((ret->value.object=
+			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_PRINTABLESTRING:
+		if ((ret->value.printablestring=
+			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_T61STRING:
+		if ((ret->value.t61string=
+			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_IA5STRING:
+		if ((ret->value.ia5string=
+			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_GENERALSTRING:
+		if ((ret->value.generalstring=
+			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UNIVERSALSTRING:
+		if ((ret->value.universalstring=
+			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UTCTIME:
+		if ((ret->value.utctime=
+			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_SET:
+	case V_ASN1_SEQUENCE:
+		/* Sets and sequences are left complete */
+		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
+		ret->value.set->type=tag;
+		len+=(q-p);
+		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
+		p+=len;
+		break;
+	default:
+		ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
+		goto err;
+		}
+
+	ret->type=tag;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
+	return(NULL);
+	}
+
+ASN1_TYPE *ASN1_TYPE_new()
+	{
+	ASN1_TYPE *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,ASN1_TYPE);
+	ret->type= -1;
+	ret->value.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
+	}
+
+void ASN1_TYPE_free(a)
+ASN1_TYPE *a;
+	{
+	if (a == NULL) return;
+	ASN1_TYPE_component_free(a);
+	Free((char *)(char *)a);
+	}
+
+int ASN1_TYPE_get(a)
+ASN1_TYPE *a;
+	{
+	if (a->value.ptr != NULL)
+		return(a->type);
+	else
+		return(0);
+	}
+
+void ASN1_TYPE_set(a,type,value)
+ASN1_TYPE *a;
+int type;
+char *value;
+	{
+	if (a->value.ptr != NULL)
+		ASN1_TYPE_component_free(a);
+	a->type=type;
+	a->value.ptr=value;
+	}
+
+static void ASN1_TYPE_component_free(a)
+ASN1_TYPE *a;
+	{
+	if (a == NULL) return;
+
+	if (a->value.ptr != NULL)
+		{
+		switch (a->type)
+			{
+		case V_ASN1_OBJECT:
+			ASN1_OBJECT_free(a->value.object);
+			break;
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_BIT_STRING:
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_SET:
+		case V_ASN1_SEQUENCE:
+			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
+			break;
+		default:
+			/* MEMORY LEAK */
+			break;
+			}
+		a->type=0;
+		a->value.ptr=NULL;
+		}
+	}
+
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
new file mode 100644
index 0000000000000000000000000000000000000000..cc3c692fc9af614d4e10906354972af3138b669b
--- /dev/null
+++ b/crypto/asn1/a_utctm.c
@@ -0,0 +1,190 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1err(ASN1_F_ASN1_UTCTIME_NEW,ASN1_R_UTCTIME_TOO_LONG);
+ * ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_EXPECTING_A_UTCTIME);
+ */
+
+int i2d_ASN1_UTCTIME(a,pp)
+ASN1_UTCTIME *a;
+unsigned char **pp;
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+	}
+
+
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(a, pp, length)
+ASN1_UTCTIME **a;
+unsigned char **pp;
+long length;
+	{
+	ASN1_UTCTIME *ret=NULL;
+
+	ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_ERROR_STACK);
+		return(NULL);
+		}
+	if (!ASN1_UTCTIME_check(ret))
+		{
+		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+		goto err;
+		}
+
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_UTCTIME_free(ret);
+	return(NULL);
+	}
+
+int ASN1_UTCTIME_check(d)
+ASN1_UTCTIME *d;
+	{
+	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+	static int max[8]={99,12,31,23,59,59,12,59};
+	char *a;
+	int n,i,l,o;
+
+	if (d->type != V_ASN1_UTCTIME) return(0);
+	l=d->length;
+	a=(char *)d->data;
+	o=0;
+
+	if (l < 11) goto err;
+	for (i=0; i<6; i++)
+		{
+		if ((i == 5) && ((a[o] == 'Z') ||
+			(a[o] == '+') || (a[o] == '-')))
+			{ i++; break; }
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n= a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n=(n*10)+ a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((n < min[i]) || (n > max[i])) goto err;
+		}
+	if (a[o] == 'Z')
+		o++;
+	else if ((a[o] == '+') || (a[o] == '-'))
+		{
+		o++;
+		if (o+4 > l) goto err;
+		for (i=6; i<8; i++)
+			{
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n= a[o]-'0';
+			o++;
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n=(n*10)+ a[o]-'0';
+			if ((n < min[i]) || (n > max[i])) goto err;
+			o++;
+			}
+		}
+	return(o == l);
+err:
+	return(0);
+	}
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(s, t)
+ASN1_UTCTIME *s;
+time_t t;
+	{
+	char *p;
+	struct tm *ts;
+#if defined(THREADS)
+	struct tm data;
+#endif
+
+	if (s == NULL)
+		s=ASN1_UTCTIME_new();
+	if (s == NULL)
+		return(NULL);
+
+#if defined(THREADS)
+	ts=(struct tm *)gmtime_r(&t,&data);
+#else
+	ts=(struct tm *)gmtime(&t);
+#endif
+	p=(char *)s->data;
+	if ((p == NULL) || (s->length < 14))
+		{
+		p=Malloc(20);
+		if (p == NULL) return(NULL);
+		if (s->data != NULL)
+			Free(s->data);
+		s->data=(unsigned char *)p;
+		}
+
+	sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	s->length=strlen(p);
+	s->type=V_ASN1_UTCTIME;
+	return(s);
+	}
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
new file mode 100644
index 0000000000000000000000000000000000000000..567552f782ce63bbc9ab54ce28c7b209645d0628
--- /dev/null
+++ b/crypto/asn1/a_verify.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include "bn.h"
+#include "x509.h"
+#include "objects.h"
+#include "buffer.h"
+#include "evp.h"
+#include "pem.h"
+
+int ASN1_verify(i2d,a,signature,data,pkey)
+int (*i2d)();
+X509_ALGOR *a;
+ASN1_BIT_STRING *signature;
+char *data;
+EVP_PKEY *pkey;
+	{
+	EVP_MD_CTX ctx;
+	EVP_MD *type;
+	unsigned char *p,*buf_in=NULL;
+	int ret= -1,i,inl;
+
+	i=OBJ_obj2nid(a->algorithm);
+	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+	if (type == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+		goto err;
+		}
+	
+	inl=i2d(data,NULL);
+	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	if (buf_in == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=buf_in;
+
+	i2d(data,&p);
+	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	memset(buf_in,0,(unsigned int)inl);
+	Free((char *)buf_in);
+
+	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+			(unsigned int)signature->length,pkey) <= 0)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+	/* we don't need to zero the 'ctx' because we just checked
+	 * public information */
+	/* memset(&ctx,0,sizeof(ctx)); */
+	ret=1;
+err:
+	return(ret);
+	}
diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err
new file mode 100644
index 0000000000000000000000000000000000000000..cbf27ab5fd499a2678c15fb3a03d9d559c3c399b
--- /dev/null
+++ b/crypto/asn1/asn1.err
@@ -0,0 +1,178 @@
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT				 100
+#define ASN1_F_A2I_ASN1_INTEGER				 101
+#define ASN1_F_A2I_ASN1_STRING				 102
+#define ASN1_F_ASN1_COLLATE_PRIMATIVE			 103
+#define ASN1_F_ASN1_D2I_BIO				 104
+#define ASN1_F_ASN1_D2I_FP				 105
+#define ASN1_F_ASN1_DUP					 106
+#define ASN1_F_ASN1_GET_OBJECT				 107
+#define ASN1_F_ASN1_HEADER_NEW				 108
+#define ASN1_F_ASN1_I2D_BIO				 109
+#define ASN1_F_ASN1_I2D_FP				 110
+#define ASN1_F_ASN1_INTEGER_SET				 111
+#define ASN1_F_ASN1_INTEGER_TO_BN			 112
+#define ASN1_F_ASN1_OBJECT_NEW				 113
+#define ASN1_F_ASN1_SIGN				 114
+#define ASN1_F_ASN1_STRING_NEW				 115
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
+#define ASN1_F_ASN1_TYPE_NEW				 117
+#define ASN1_F_ASN1_UTCTIME_NEW				 118
+#define ASN1_F_ASN1_VERIFY				 119
+#define ASN1_F_BN_TO_ASN1_INTEGER			 120
+#define ASN1_F_D2I_ASN1_BIT_STRING			 121
+#define ASN1_F_D2I_ASN1_BOOLEAN				 122
+#define ASN1_F_D2I_ASN1_BYTES				 123
+#define ASN1_F_D2I_ASN1_HEADER				 124
+#define ASN1_F_D2I_ASN1_INTEGER				 125
+#define ASN1_F_D2I_ASN1_OBJECT				 126
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 127
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 128
+#define ASN1_F_D2I_ASN1_SET				 129
+#define ASN1_F_D2I_ASN1_TYPE				 130
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 131
+#define ASN1_F_D2I_ASN1_UTCTIME				 132
+#define ASN1_F_D2I_DHPARAMS				 133
+#define ASN1_F_D2I_DSAPARAMS				 134
+#define ASN1_F_D2I_DSAPRIVATEKEY			 135
+#define ASN1_F_D2I_DSAPUBLICKEY				 136
+#define ASN1_F_D2I_NETSCAPE_PKEY			 137
+#define ASN1_F_D2I_NETSCAPE_RSA				 138
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 139
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 140
+#define ASN1_F_D2I_NETSCAPE_SPKI			 141
+#define ASN1_F_D2I_PKCS7				 142
+#define ASN1_F_D2I_PKCS7_DIGEST				 143
+#define ASN1_F_D2I_PKCS7_ENCRYPT			 144
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 145
+#define ASN1_F_D2I_PKCS7_ENVELOPE			 146
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 147
+#define ASN1_F_D2I_PKCS7_RECIP_INFO			 148
+#define ASN1_F_D2I_PKCS7_SIGNED				 149
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 150
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 151
+#define ASN1_F_D2I_PRIVATEKEY				 152
+#define ASN1_F_D2I_PUBLICKEY				 153
+#define ASN1_F_D2I_RSAPRIVATEKEY			 154
+#define ASN1_F_D2I_RSAPUBLICKEY				 155
+#define ASN1_F_D2I_X509					 156
+#define ASN1_F_D2I_X509_ALGOR				 157
+#define ASN1_F_D2I_X509_ATTRIBUTE			 158
+#define ASN1_F_D2I_X509_CINF				 159
+#define ASN1_F_D2I_X509_CRL				 160
+#define ASN1_F_D2I_X509_CRL_INFO			 161
+#define ASN1_F_D2I_X509_EXTENSION			 162
+#define ASN1_F_D2I_X509_KEY				 163
+#define ASN1_F_D2I_X509_NAME				 164
+#define ASN1_F_D2I_X509_NAME_ENTRY			 165
+#define ASN1_F_D2I_X509_PKEY				 166
+#define ASN1_F_D2I_X509_PUBKEY				 167
+#define ASN1_F_D2I_X509_REQ				 168
+#define ASN1_F_D2I_X509_REQ_INFO			 169
+#define ASN1_F_D2I_X509_REVOKED				 170
+#define ASN1_F_D2I_X509_SIG				 171
+#define ASN1_F_D2I_X509_VAL				 172
+#define ASN1_F_I2A_ASN1_OBJECT				 173
+#define ASN1_F_I2D_ASN1_HEADER				 174
+#define ASN1_F_I2D_DHPARAMS				 175
+#define ASN1_F_I2D_DSAPARAMS				 176
+#define ASN1_F_I2D_DSAPRIVATEKEY			 177
+#define ASN1_F_I2D_DSAPUBLICKEY				 178
+#define ASN1_F_I2D_NETSCAPE_RSA				 179
+#define ASN1_F_I2D_PKCS7				 180
+#define ASN1_F_I2D_PRIVATEKEY				 181
+#define ASN1_F_I2D_PUBLICKEY				 182
+#define ASN1_F_I2D_RSAPRIVATEKEY			 183
+#define ASN1_F_I2D_RSAPUBLICKEY				 184
+#define ASN1_F_I2D_X509_ATTRIBUTE			 185
+#define ASN1_F_NETSCAPE_PKEY_NEW			 186
+#define ASN1_F_NETSCAPE_SPKAC_NEW			 187
+#define ASN1_F_NETSCAPE_SPKI_NEW			 188
+#define ASN1_F_PKCS7_DIGEST_NEW				 189
+#define ASN1_F_PKCS7_ENCRYPT_NEW			 190
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 191
+#define ASN1_F_PKCS7_ENVELOPE_NEW			 192
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 193
+#define ASN1_F_PKCS7_NEW				 194
+#define ASN1_F_PKCS7_RECIP_INFO_NEW			 195
+#define ASN1_F_PKCS7_SIGNED_NEW				 196
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 197
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 198
+#define ASN1_F_X509_ALGOR_NEW				 199
+#define ASN1_F_X509_ATTRIBUTE_NEW			 200
+#define ASN1_F_X509_CINF_NEW				 201
+#define ASN1_F_X509_CRL_INFO_NEW			 202
+#define ASN1_F_X509_CRL_NEW				 203
+#define ASN1_F_X509_DHPARAMS_NEW			 204
+#define ASN1_F_X509_EXTENSION_NEW			 205
+#define ASN1_F_X509_INFO_NEW				 206
+#define ASN1_F_X509_KEY_NEW				 207
+#define ASN1_F_X509_NAME_ENTRY_NEW			 208
+#define ASN1_F_X509_NAME_NEW				 209
+#define ASN1_F_X509_NEW					 210
+#define ASN1_F_X509_PKEY_NEW				 211
+#define ASN1_F_X509_PUBKEY_NEW				 212
+#define ASN1_F_X509_REQ_INFO_NEW			 213
+#define ASN1_F_X509_REQ_NEW				 214
+#define ASN1_F_X509_REVOKED_NEW				 215
+#define ASN1_F_X509_SIG_NEW				 216
+#define ASN1_F_X509_VAL_FREE				 217
+#define ASN1_F_X509_VAL_NEW				 218
+
+/* Reason codes. */
+#define ASN1_R_BAD_CLASS				 100
+#define ASN1_R_BAD_GET_OBJECT				 101
+#define ASN1_R_BAD_OBJECT_HEADER			 102
+#define ASN1_R_BAD_PASSWORD_READ			 103
+#define ASN1_R_BAD_PKCS7_CONTENT			 104
+#define ASN1_R_BAD_PKCS7_TYPE				 105
+#define ASN1_R_BAD_TAG					 106
+#define ASN1_R_BAD_TYPE					 107
+#define ASN1_R_BN_LIB					 108
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 109
+#define ASN1_R_BUFFER_TOO_SMALL				 110
+#define ASN1_R_DECODING_ERROR				 111
+#define ASN1_R_ERROR_STACK				 112
+#define ASN1_R_EXPECTING_AN_INTEGER			 113
+#define ASN1_R_EXPECTING_AN_OBJECT			 114
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
+#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_EXPECTING_A_BOOLEAN			 117
+#define ASN1_R_EXPECTING_A_SEQUENCE			 118
+#define ASN1_R_EXPECTING_A_UTCTIME			 119
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 120
+#define ASN1_R_HEADER_TOO_LONG				 121
+#define ASN1_R_INVALID_DIGIT				 122
+#define ASN1_R_INVALID_SEPARATOR			 123
+#define ASN1_R_INVALID_TIME_FORMAT			 124
+#define ASN1_R_IV_TOO_LARGE				 125
+#define ASN1_R_LENGTH_ERROR				 126
+#define ASN1_R_LENGTH_MISMATCH				 127
+#define ASN1_R_MISSING_EOS				 128
+#define ASN1_R_MISSING_SECOND_NUMBER			 129
+#define ASN1_R_NON_HEX_CHARACTERS			 130
+#define ASN1_R_NOT_ENOUGH_DATA				 131
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 132
+#define ASN1_R_PARSING					 133
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 134
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 135
+#define ASN1_R_SHORT_LINE				 136
+#define ASN1_R_STRING_TOO_SHORT				 137
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 138
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139
+#define ASN1_R_TOO_LONG					 140
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 141
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 142
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 143
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 144
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 145
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 146
+#define ASN1_R_UNSUPPORTED_CIPHER			 147
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 148
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 149
+#define ASN1_R_UTCTIME_TOO_LONG				 150
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 151
+#define ASN1_R_WRONG_TAG				 152
+#define ASN1_R_WRONG_TYPE				 153
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
new file mode 100644
index 0000000000000000000000000000000000000000..cdc342946d5315ca1618683a42717743fa51ae1c
--- /dev/null
+++ b/crypto/asn1/asn1.h
@@ -0,0 +1,786 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_H
+#define HEADER_ASN1_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include "bn.h"
+#include "stack.h"
+
+#define V_ASN1_UNIVERSAL		0x00
+#define	V_ASN1_APPLICATION		0x40
+#define V_ASN1_CONTEXT_SPECIFIC		0x80
+#define V_ASN1_PRIVATE			0xc0
+
+#define V_ASN1_CONSTRUCTED		0x20
+#define V_ASN1_PRIMATIVE_TAG		0x1f
+
+#define V_ASN1_APP_CHOOSE		-2	/* let the recipent choose */
+
+#define V_ASN1_UNDEF			-1
+#define V_ASN1_EOC			0
+#define V_ASN1_BOOLEAN			1	/**/
+#define V_ASN1_INTEGER			2
+#define V_ASN1_NEG_INTEGER		(2+0x100)
+#define V_ASN1_BIT_STRING		3
+#define V_ASN1_OCTET_STRING		4
+#define V_ASN1_NULL			5
+#define V_ASN1_OBJECT			6
+#define V_ASN1_REAL			9
+#define V_ASN1_ENUMERATED		10	/* microsoft weirdness */
+#define V_ASN1_SEQUENCE			16
+#define V_ASN1_SET			17
+#define V_ASN1_NUMERICSTRING		18	/**/
+#define V_ASN1_PRINTABLESTRING		19
+#define V_ASN1_T61STRING		20
+#define V_ASN1_TELETEXSTRING		20	/* alias */
+#define V_ASN1_VIDEOTEXSTRING		21	/**/
+#define V_ASN1_IA5STRING		22
+#define V_ASN1_UTCTIME			23
+#define V_ASN1_GENERALIZEDTIME		24	/**/
+#define V_ASN1_GRAPHICSTRING		25	/**/
+#define V_ASN1_ISO64STRING		26	/**/
+#define V_ASN1_VISIBLESTRING		26	/* alias */
+#define V_ASN1_GENERALSTRING		27	/**/
+#define V_ASN1_UNIVERSALSTRING		28	/**/
+
+/* For use with d2i_ASN1_type_bytes() */
+#define B_ASN1_NUMERICSTRING	0x0001
+#define B_ASN1_PRINTABLESTRING	0x0002
+#define B_ASN1_T61STRING	0x0004
+#define B_ASN1_VIDEOTEXSTRING	0x0008
+#define B_ASN1_IA5STRING	0x0010
+#define B_ASN1_GRAPHICSTRING	0x0020
+#define B_ASN1_ISO64STRING	0x0040
+#define B_ASN1_GENERALSTRING	0x0080
+#define B_ASN1_UNIVERSALSTRING	0x0100
+#define B_ASN1_OCTET_STRING	0x0200
+#define B_ASN1_UNKNOWN		0x1000
+
+#ifndef DEBUG
+
+#define ASN1_INTEGER		ASN1_STRING
+#define ASN1_BIT_STRING		ASN1_STRING
+#define ASN1_OCTET_STRING	ASN1_STRING
+#define ASN1_PRINTABLESTRING	ASN1_STRING
+#define ASN1_T61STRING		ASN1_STRING
+#define ASN1_IA5STRING		ASN1_STRING
+#define ASN1_UTCTIME		ASN1_STRING
+#define ASN1_GENERALSTRING	ASN1_STRING
+#define ASN1_UNIVERSALSTRING	ASN1_STRING
+
+#else
+
+typedef struct asn1_integer_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_INTEGER;
+
+typedef struct asn1_bit_string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_BIT_STRING;
+
+typedef struct asn1_octet_string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_OCTET_STRING;
+
+typedef struct asn1_printablestring_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_PRINTABLESTRING;
+
+typedef struct asn1_t61string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_T61STRING;
+
+typedef struct asn1_ia5string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_IA5STRING;
+
+typedef struct asn1_generalstring_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_GENERALSTRING;
+
+typedef struct asn1_universalstring_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_UNIVERSALSTRING;
+
+typedef struct asn1_utctime_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_UTCTIME;
+
+#endif
+
+typedef struct asn1_ctx_st
+	{
+	unsigned char *p;/* work char pointer */
+	int eos;	/* end of sequence read for indefinite encoding */
+	int error;	/* error code to use when returning an error */
+	int inf;	/* constructed if 0x20, indefinite is 0x21 */
+	int tag;	/* tag from last 'get object' */
+	int xclass;	/* class from last 'get object' */
+	long slen;	/* length of last 'get object' */
+	unsigned char *max; /* largest value of p alowed */
+	unsigned char *q;/* temporary variable */
+	unsigned char **pp;/* variable */
+	} ASN1_CTX;
+
+/* These are used internally in the ASN1_OBJECT to keep track of
+ * whether the names and data need to be free()ed */
+#define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */
+#define ASN1_OBJECT_FLAG_CRITICAL	 0x02	/* critical x509v3 object id */
+#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04	/* internal use */
+#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
+typedef struct asn1_object_st
+	{
+	char *sn,*ln;
+	int nid;
+	int length;
+	unsigned char *data;
+	int flags;	/* Should we free this one */
+	} ASN1_OBJECT;
+
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_STRING;
+
+typedef struct asn1_type_st
+	{
+	int type;
+	union	{
+		char *ptr;
+		ASN1_STRING *		asn1_string;
+		ASN1_OBJECT *		object;
+		ASN1_INTEGER *		integer;
+		ASN1_BIT_STRING *	bit_string;
+		ASN1_OCTET_STRING *	octet_string;
+		ASN1_PRINTABLESTRING *	printablestring;
+		ASN1_T61STRING *	t61string;
+		ASN1_IA5STRING *	ia5string;
+		ASN1_GENERALSTRING *	generalstring;
+		ASN1_UNIVERSALSTRING *	universalstring;
+		ASN1_UTCTIME *		utctime;
+		/* set and sequence are left complete and still
+		 * contain the set or sequence bytes */
+		ASN1_STRING *		set;
+		ASN1_STRING *		sequence;
+		} value;
+	} ASN1_TYPE;
+
+typedef struct asn1_method_st
+	{
+	int (*i2d)();
+	char *(*d2i)();
+	char *(*create)();
+	void (*destroy)();
+	} ASN1_METHOD;
+
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st
+	{
+	ASN1_OCTET_STRING *header;
+	char *data;
+	ASN1_METHOD *meth;
+	} ASN1_HEADER;
+
+#define ASN1_STRING_type(x)	((x)->type)
+#define ASN1_STRING_data(x)	((x)->data)
+
+/* Macros for string operations */
+#define ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+#define ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+		ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+#define ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+/* i2d_ASN1_BIT_STRING() is a function */
+/* d2i_ASN1_BIT_STRING() is a function */
+
+#define ASN1_INTEGER_new()	(ASN1_INTEGER *)\
+		ASN1_STRING_type_new(V_ASN1_INTEGER)
+#define ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+/* ASN1_INTEGER_set() is a function, also see BN_to_ASN1_INTEGER() */
+/* ASN1_INTEGER_get() is a function, also see ASN1_INTEGER_to_BN() */
+/* i2d_ASN1_INTEGER() is a function */
+/* d2i_ASN1_INTEGER() is a function */
+
+#define ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+#define ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+		ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+#define ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_i2d_ASN1_OCTET_STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+		V_ASN1_OCTET_STRING)
+/* d2i_ASN1_OCTET_STRING() is a function */
+
+#define ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+		pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_T61STRING| \
+			B_ASN1_IA5STRING| \
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UNKNOWN)
+
+#define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+		V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+
+#define ASN1_T61STRING_new()	(ASN1_T61STRING_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_T61STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+		V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_T61STRING(a,pp,l) \
+		(ASN1_T61STRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+
+#define ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
+		ASN1_STRING_type_new(V_ASN1_IA5STRING)
+#define ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_IA5STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_IA5STRING(a,pp,l) \
+		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+			B_ASN1_IA5STRING)
+
+#define ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\
+		ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+/* i2d_ASN1_UTCTIME() is a function */
+/* d2i_ASN1_UTCTIME() is a function */
+/* ASN1_UTCTIME_set() is a function */
+/* ASN1_UTCTIME_check() is a function */
+/* ASN1_UTCTIME_set() is a function */
+
+#define ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
+		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+#define ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_GENERALSTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+
+#define ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\
+		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+#define ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+
+#ifndef NOPROTO
+ASN1_TYPE *	ASN1_TYPE_new(void );
+void		ASN1_TYPE_free(ASN1_TYPE *a);
+int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
+ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
+
+ASN1_OBJECT *	ASN1_OBJECT_new(void );
+void		ASN1_OBJECT_free(ASN1_OBJECT *a);
+int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+			long length);
+
+ASN1_STRING *	ASN1_STRING_new(void );
+void		ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING *	ASN1_STRING_type_new(int type );
+int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+int 		ASN1_STRING_set(ASN1_STRING *str,unsigned char *data, int len);
+
+int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
+int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
+
+int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+			long length);
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+
+int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+			unsigned char **pp,long length);
+
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
+	unsigned char **pp, long l);
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	unsigned char **pp, long l);
+
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
+	unsigned char **pp, long l);
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
+	unsigned char **pp, long l);
+
+int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
+ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
+			int (*func)(), int ex_tag, int ex_class);
+STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+			char *(*func)(), int ex_tag, int ex_class);
+
+#ifdef HEADER_BIO_H
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+#endif
+
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
+	char *sn, char *ln);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(unsigned char *s, int max);
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
+	long length, int Ptag, int Pclass);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
+		long length,int type);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
+	int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+	int tag, int xclass);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
+
+#ifndef WIN16
+char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+#endif
+
+#ifdef HEADER_BIO_H
+char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+#endif
+
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
+ASN1_HEADER *ASN1_HEADER_new(void );
+void ASN1_HEADER_free(ASN1_HEADER *a);
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+void ERR_load_ASN1_strings(void);
+
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+
+#else
+
+ASN1_TYPE *	ASN1_TYPE_new();
+void		ASN1_TYPE_free();
+int		i2d_ASN1_TYPE();
+ASN1_TYPE *	d2i_ASN1_TYPE();
+int ASN1_TYPE_get();
+void ASN1_TYPE_set();
+
+ASN1_OBJECT *	ASN1_OBJECT_new();
+void		ASN1_OBJECT_free();
+int		i2d_ASN1_OBJECT();
+ASN1_OBJECT *	d2i_ASN1_OBJECT();
+ASN1_STRING *	ASN1_STRING_new();
+void		ASN1_STRING_free();
+ASN1_STRING *	ASN1_STRING_dup();
+ASN1_STRING *	ASN1_STRING_type_new();
+int 		ASN1_STRING_cmp();
+int 		ASN1_STRING_set();
+int		i2d_ASN1_BIT_STRING();
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING();
+int		i2d_ASN1_BOOLEAN();
+int 		d2i_ASN1_BOOLEAN();
+int		i2d_ASN1_INTEGER();
+ASN1_INTEGER *d2i_ASN1_INTEGER();
+int ASN1_UTCTIME_check();
+ASN1_UTCTIME *ASN1_UTCTIME_set();
+int		i2d_ASN1_OCTET_STRING();
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING();
+int i2d_ASN1_PRINTABLE();
+ASN1_STRING *d2i_ASN1_PRINTABLE();
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING();
+ASN1_T61STRING *d2i_ASN1_T61STRING();
+int i2d_ASN1_IA5STRING();
+ASN1_IA5STRING *d2i_ASN1_IA5STRING();
+int		i2d_ASN1_UTCTIME();
+ASN1_UTCTIME *	d2i_ASN1_UTCTIME();
+int		i2d_ASN1_SET();
+STACK *		d2i_ASN1_SET();
+int a2d_ASN1_OBJECT();
+ASN1_OBJECT *ASN1_OBJECT_create();
+int ASN1_INTEGER_set();
+long ASN1_INTEGER_get();
+ASN1_INTEGER *BN_to_ASN1_INTEGER();
+BIGNUM *ASN1_INTEGER_to_BN();
+int ASN1_PRINTABLE_type();
+int i2d_ASN1_bytes();
+ASN1_STRING *d2i_ASN1_bytes();
+ASN1_STRING *d2i_ASN1_type_bytes();
+int asn1_Finish();
+int ASN1_get_object();
+int ASN1_check_infinite_end();
+void ASN1_put_object();
+int ASN1_object_size();
+char *ASN1_dup();
+#ifndef WIN16
+char *ASN1_d2i_fp();
+int ASN1_i2d_fp();
+#endif
+
+char *ASN1_d2i_bio();
+int ASN1_i2d_bio();
+int ASN1_UTCTIME_print();
+int ASN1_STRING_print();
+int ASN1_parse();
+int i2a_ASN1_INTEGER();
+int a2i_ASN1_INTEGER();
+int i2a_ASN1_OBJECT();
+int a2i_ASN1_STRING();
+int i2a_ASN1_STRING();
+
+int i2d_ASN1_HEADER();
+ASN1_HEADER *d2i_ASN1_HEADER();
+ASN1_HEADER *ASN1_HEADER_new();
+void ASN1_HEADER_free();
+void ERR_load_ASN1_strings();
+ASN1_METHOD *X509_asn1_meth();
+ASN1_METHOD *RSAPrivateKey_asn1_meth();
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth();
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth();
+
+int ASN1_UNIVERSALSTRING_to_string();
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT				 100
+#define ASN1_F_A2I_ASN1_INTEGER				 101
+#define ASN1_F_A2I_ASN1_STRING				 102
+#define ASN1_F_ASN1_COLLATE_PRIMATIVE			 103
+#define ASN1_F_ASN1_D2I_BIO				 104
+#define ASN1_F_ASN1_D2I_FP				 105
+#define ASN1_F_ASN1_DUP					 106
+#define ASN1_F_ASN1_GET_OBJECT				 107
+#define ASN1_F_ASN1_HEADER_NEW				 108
+#define ASN1_F_ASN1_I2D_BIO				 109
+#define ASN1_F_ASN1_I2D_FP				 110
+#define ASN1_F_ASN1_INTEGER_SET				 111
+#define ASN1_F_ASN1_INTEGER_TO_BN			 112
+#define ASN1_F_ASN1_OBJECT_NEW				 113
+#define ASN1_F_ASN1_SIGN				 114
+#define ASN1_F_ASN1_STRING_NEW				 115
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
+#define ASN1_F_ASN1_TYPE_NEW				 117
+#define ASN1_F_ASN1_UTCTIME_NEW				 118
+#define ASN1_F_ASN1_VERIFY				 119
+#define ASN1_F_BN_TO_ASN1_INTEGER			 120
+#define ASN1_F_D2I_ASN1_BIT_STRING			 121
+#define ASN1_F_D2I_ASN1_BOOLEAN				 122
+#define ASN1_F_D2I_ASN1_BYTES				 123
+#define ASN1_F_D2I_ASN1_HEADER				 124
+#define ASN1_F_D2I_ASN1_INTEGER				 125
+#define ASN1_F_D2I_ASN1_OBJECT				 126
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 127
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 128
+#define ASN1_F_D2I_ASN1_SET				 129
+#define ASN1_F_D2I_ASN1_TYPE				 130
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 131
+#define ASN1_F_D2I_ASN1_UTCTIME				 132
+#define ASN1_F_D2I_DHPARAMS				 133
+#define ASN1_F_D2I_DSAPARAMS				 134
+#define ASN1_F_D2I_DSAPRIVATEKEY			 135
+#define ASN1_F_D2I_DSAPUBLICKEY				 136
+#define ASN1_F_D2I_NETSCAPE_PKEY			 137
+#define ASN1_F_D2I_NETSCAPE_RSA				 138
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 139
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 140
+#define ASN1_F_D2I_NETSCAPE_SPKI			 141
+#define ASN1_F_D2I_PKCS7				 142
+#define ASN1_F_D2I_PKCS7_DIGEST				 143
+#define ASN1_F_D2I_PKCS7_ENCRYPT			 144
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 145
+#define ASN1_F_D2I_PKCS7_ENVELOPE			 146
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 147
+#define ASN1_F_D2I_PKCS7_RECIP_INFO			 148
+#define ASN1_F_D2I_PKCS7_SIGNED				 149
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 150
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 151
+#define ASN1_F_D2I_PRIVATEKEY				 152
+#define ASN1_F_D2I_PUBLICKEY				 153
+#define ASN1_F_D2I_RSAPRIVATEKEY			 154
+#define ASN1_F_D2I_RSAPUBLICKEY				 155
+#define ASN1_F_D2I_X509					 156
+#define ASN1_F_D2I_X509_ALGOR				 157
+#define ASN1_F_D2I_X509_ATTRIBUTE			 158
+#define ASN1_F_D2I_X509_CINF				 159
+#define ASN1_F_D2I_X509_CRL				 160
+#define ASN1_F_D2I_X509_CRL_INFO			 161
+#define ASN1_F_D2I_X509_EXTENSION			 162
+#define ASN1_F_D2I_X509_KEY				 163
+#define ASN1_F_D2I_X509_NAME				 164
+#define ASN1_F_D2I_X509_NAME_ENTRY			 165
+#define ASN1_F_D2I_X509_PKEY				 166
+#define ASN1_F_D2I_X509_PUBKEY				 167
+#define ASN1_F_D2I_X509_REQ				 168
+#define ASN1_F_D2I_X509_REQ_INFO			 169
+#define ASN1_F_D2I_X509_REVOKED				 170
+#define ASN1_F_D2I_X509_SIG				 171
+#define ASN1_F_D2I_X509_VAL				 172
+#define ASN1_F_I2A_ASN1_OBJECT				 173
+#define ASN1_F_I2D_ASN1_HEADER				 174
+#define ASN1_F_I2D_DHPARAMS				 175
+#define ASN1_F_I2D_DSAPARAMS				 176
+#define ASN1_F_I2D_DSAPRIVATEKEY			 177
+#define ASN1_F_I2D_DSAPUBLICKEY				 178
+#define ASN1_F_I2D_NETSCAPE_RSA				 179
+#define ASN1_F_I2D_PKCS7				 180
+#define ASN1_F_I2D_PRIVATEKEY				 181
+#define ASN1_F_I2D_PUBLICKEY				 182
+#define ASN1_F_I2D_RSAPRIVATEKEY			 183
+#define ASN1_F_I2D_RSAPUBLICKEY				 184
+#define ASN1_F_I2D_X509_ATTRIBUTE			 185
+#define ASN1_F_NETSCAPE_PKEY_NEW			 186
+#define ASN1_F_NETSCAPE_SPKAC_NEW			 187
+#define ASN1_F_NETSCAPE_SPKI_NEW			 188
+#define ASN1_F_PKCS7_DIGEST_NEW				 189
+#define ASN1_F_PKCS7_ENCRYPT_NEW			 190
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 191
+#define ASN1_F_PKCS7_ENVELOPE_NEW			 192
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 193
+#define ASN1_F_PKCS7_NEW				 194
+#define ASN1_F_PKCS7_RECIP_INFO_NEW			 195
+#define ASN1_F_PKCS7_SIGNED_NEW				 196
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 197
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 198
+#define ASN1_F_X509_ALGOR_NEW				 199
+#define ASN1_F_X509_ATTRIBUTE_NEW			 200
+#define ASN1_F_X509_CINF_NEW				 201
+#define ASN1_F_X509_CRL_INFO_NEW			 202
+#define ASN1_F_X509_CRL_NEW				 203
+#define ASN1_F_X509_DHPARAMS_NEW			 204
+#define ASN1_F_X509_EXTENSION_NEW			 205
+#define ASN1_F_X509_INFO_NEW				 206
+#define ASN1_F_X509_KEY_NEW				 207
+#define ASN1_F_X509_NAME_ENTRY_NEW			 208
+#define ASN1_F_X509_NAME_NEW				 209
+#define ASN1_F_X509_NEW					 210
+#define ASN1_F_X509_PKEY_NEW				 211
+#define ASN1_F_X509_PUBKEY_NEW				 212
+#define ASN1_F_X509_REQ_INFO_NEW			 213
+#define ASN1_F_X509_REQ_NEW				 214
+#define ASN1_F_X509_REVOKED_NEW				 215
+#define ASN1_F_X509_SIG_NEW				 216
+#define ASN1_F_X509_VAL_FREE				 217
+#define ASN1_F_X509_VAL_NEW				 218
+
+/* Reason codes. */
+#define ASN1_R_BAD_CLASS				 100
+#define ASN1_R_BAD_GET_OBJECT				 101
+#define ASN1_R_BAD_OBJECT_HEADER			 102
+#define ASN1_R_BAD_PASSWORD_READ			 103
+#define ASN1_R_BAD_PKCS7_CONTENT			 104
+#define ASN1_R_BAD_PKCS7_TYPE				 105
+#define ASN1_R_BAD_TAG					 106
+#define ASN1_R_BAD_TYPE					 107
+#define ASN1_R_BN_LIB					 108
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 109
+#define ASN1_R_BUFFER_TOO_SMALL				 110
+#define ASN1_R_DECODING_ERROR				 111
+#define ASN1_R_ERROR_STACK				 112
+#define ASN1_R_EXPECTING_AN_INTEGER			 113
+#define ASN1_R_EXPECTING_AN_OBJECT			 114
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
+#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_EXPECTING_A_BOOLEAN			 117
+#define ASN1_R_EXPECTING_A_SEQUENCE			 118
+#define ASN1_R_EXPECTING_A_UTCTIME			 119
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 120
+#define ASN1_R_HEADER_TOO_LONG				 121
+#define ASN1_R_INVALID_DIGIT				 122
+#define ASN1_R_INVALID_SEPARATOR			 123
+#define ASN1_R_INVALID_TIME_FORMAT			 124
+#define ASN1_R_IV_TOO_LARGE				 125
+#define ASN1_R_LENGTH_ERROR				 126
+#define ASN1_R_LENGTH_MISMATCH				 127
+#define ASN1_R_MISSING_EOS				 128
+#define ASN1_R_MISSING_SECOND_NUMBER			 129
+#define ASN1_R_NON_HEX_CHARACTERS			 130
+#define ASN1_R_NOT_ENOUGH_DATA				 131
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 132
+#define ASN1_R_PARSING					 133
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 134
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 135
+#define ASN1_R_SHORT_LINE				 136
+#define ASN1_R_STRING_TOO_SHORT				 137
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 138
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139
+#define ASN1_R_TOO_LONG					 140
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 141
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 142
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 143
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 144
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 145
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 146
+#define ASN1_R_UNSUPPORTED_CIPHER			 147
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 148
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 149
+#define ASN1_R_UTCTIME_TOO_LONG				 150
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 151
+#define ASN1_R_WRONG_TAG				 152
+#define ASN1_R_WRONG_TYPE				 153
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..5e6a41b9520adcf92d8014311e6bc39f42cb312e
--- /dev/null
+++ b/crypto/asn1/asn1_err.c
@@ -0,0 +1,256 @@
+/* lib/asn1/asn1_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "asn1.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA ASN1_str_functs[]=
+	{
+{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMATIVE,0),	"ASN1_COLLATE_PRIMATIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
+{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
+{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
+{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_SIGN"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
+{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_VERIFY"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"D2I_DHPARAMS"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"D2I_DSAPARAMS"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"D2I_DSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"D2I_DSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"D2I_NETSCAPE_RSA"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"D2I_NETSCAPE_SPKAC"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"D2I_PKCS7"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"D2I_PKCS7_DIGEST"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"D2I_PKCS7_ENCRYPT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"D2I_PKCS7_ENC_CONTENT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"D2I_PKCS7_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"D2I_PKCS7_ISSUER_AND_SERIAL"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"D2I_PKCS7_RECIP_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"D2I_PKCS7_SIGNED"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"D2I_PKCS7_SIGNER_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"D2I_PKCS7_SIGN_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"D2I_PRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"D2I_PUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"D2I_RSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"D2I_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"D2I_X509_ALGOR"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"D2I_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"D2I_X509_CRL"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"D2I_X509_CRL_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"D2I_X509_EXTENSION"},
+{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"D2I_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"D2I_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"D2I_X509_PUBKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"D2I_X509_REQ"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"D2I_X509_REQ_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"D2I_X509_REVOKED"},
+{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"D2I_X509_SIG"},
+{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"D2I_X509_VAL"},
+{ERR_PACK(0,ASN1_F_I2A_ASN1_OBJECT,0),	"i2a_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"I2D_DHPARAMS"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"I2D_DSAPARAMS"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"I2D_DSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"I2D_DSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"I2D_NETSCAPE_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"I2D_PKCS7"},
+{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"I2D_PRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"I2D_PUBLICKEY"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"I2D_RSAPRIVATEKEY"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"I2D_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"I2D_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_NEW"},
+{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_NEW"},
+{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_NEW"},
+{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
+{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_NEW"},
+{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
+{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_NEW"},
+{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_NEW"},
+{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_NEW"},
+{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_FREE"},
+{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_NEW"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA ASN1_str_reasons[]=
+	{
+{ASN1_R_BAD_CLASS                        ,"bad class"},
+{ASN1_R_BAD_GET_OBJECT                   ,"bad get object"},
+{ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
+{ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
+{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
+{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
+{ASN1_R_BAD_TAG                          ,"bad tag"},
+{ASN1_R_BAD_TYPE                         ,"bad type"},
+{ASN1_R_BN_LIB                           ,"bn lib"},
+{ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
+{ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_DECODING_ERROR                   ,"decoding error"},
+{ASN1_R_ERROR_STACK                      ,"error stack"},
+{ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
+{ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
+{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
+{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
+{ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
+{ASN1_R_EXPECTING_A_SEQUENCE             ,"expecting a sequence"},
+{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
+{ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
+{ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
+{ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
+{ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
+{ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
+{ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_LENGTH_MISMATCH                  ,"length mismatch"},
+{ASN1_R_MISSING_EOS                      ,"missing eos"},
+{ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
+{ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
+{ASN1_R_PARSING                          ,"parsing"},
+{ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
+{ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SHORT_LINE                       ,"short line"},
+{ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
+{ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
+{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
+{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
+{ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
+{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
+{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
+{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
+{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
+{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
+{ASN1_R_WRONG_TAG                        ,"wrong tag"},
+{ASN1_R_WRONG_TYPE                       ,"wrong type"},
+{0,NULL},
+	};
+
+void ERR_load_ASN1_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
+		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+		}
+	}
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
new file mode 100644
index 0000000000000000000000000000000000000000..bdd706bcf1f98074ff6ecc58b33a40415c8a1add
--- /dev/null
+++ b/crypto/asn1/asn1_lib.c
@@ -0,0 +1,433 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+
+#ifndef NOPROTO
+static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
+static void asn1_put_length(unsigned char **pp, int length);
+#else
+static int asn1_get_length();
+static void asn1_put_length();
+#endif
+
+char *ASN1_version="ASN1 part of SSLeay 0.8.1b 29-Jun-1998";
+
+int ASN1_check_infinite_end(p,len)
+unsigned char **p;
+long len;
+	{
+	/* If there is 0 or 1 byte left, the length check should pick
+	 * things up */
+	if (len <= 0)
+		return(1);
+	else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
+		{
+		(*p)+=2;
+		return(1);
+		}
+	return(0);
+	}
+
+
+int ASN1_get_object(pp, plength, ptag, pclass, omax)
+unsigned char **pp;
+long *plength;
+int *ptag;
+int *pclass;
+long omax;
+	{
+	int i,ret;
+	long l;
+	unsigned char *p= *pp;
+	int tag,xclass,inf;
+	long max=omax;
+
+	if (!max) goto err;
+	ret=(*p&V_ASN1_CONSTRUCTED);
+	xclass=(*p&V_ASN1_PRIVATE);
+	i= *p&V_ASN1_PRIMATIVE_TAG;
+	if (i == V_ASN1_PRIMATIVE_TAG)
+		{		/* high-tag */
+		p++;
+		if (--max == 0) goto err;
+		l=0;
+		while (*p&0x80)
+			{
+			l<<=7L;
+			l|= *(p++)&0x7f;
+			if (--max == 0) goto err;
+			}
+		l<<=7L;
+		l|= *(p++)&0x7f;
+		tag=(int)l;
+		}
+	else
+		{ 
+		tag=i;
+		p++;
+		if (--max == 0) goto err;
+		}
+	*ptag=tag;
+	*pclass=xclass;
+	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+
+#ifdef undef
+	fprintf(stderr,"p=%d + *plength=%d > omax=%d + *pp=%d  (%d > %d)\n", 
+		p,*plength,omax,*pp,(p+ *plength),omax+ *pp);
+#endif
+
+	if ((p+ *plength) > (omax+ *pp))
+		{
+		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+		/* Set this so that even if things are not long enough
+		 * the values are set correctly */
+		ret|=0x80;
+		}
+	*pp=p;
+	return(ret+inf);
+err:
+	ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
+	return(0x80);
+	}
+
+static int asn1_get_length(pp,inf,rl,max)
+unsigned char **pp;
+int *inf;
+long *rl;
+int max;
+	{
+	unsigned char *p= *pp;
+	long ret=0;
+	int i;
+
+	if (max-- < 1) return(0);
+	if (*p == 0x80)
+		{
+		*inf=1;
+		ret=0;
+		p++;
+		}
+	else
+		{
+		*inf=0;
+		i= *p&0x7f;
+		if (*(p++) & 0x80)
+			{
+			if (max-- == 0) return(0);
+			while (i-- > 0)
+				{
+				ret<<=8L;
+				ret|= *(p++);
+				if (max-- == 0) return(0);
+				}
+			}
+		else
+			ret=i;
+		}
+	*pp=p;
+	*rl=ret;
+	return(1);
+	}
+
+/* class 0 is constructed
+ * constructed == 2 for indefinitle length constructed */
+void ASN1_put_object(pp,constructed,length,tag,xclass)
+unsigned char **pp;
+int constructed;
+int length;
+int tag;
+int xclass;
+	{
+	unsigned char *p= *pp;
+	int i;
+
+	i=(constructed)?V_ASN1_CONSTRUCTED:0;
+	i|=(xclass&V_ASN1_PRIVATE);
+	if (tag < 31)
+		*(p++)=i|(tag&V_ASN1_PRIMATIVE_TAG);
+	else
+		{
+		*(p++)=i|V_ASN1_PRIMATIVE_TAG;
+		while (tag > 0x7f)
+			{
+			*(p++)=(tag&0x7f)|0x80;
+			tag>>=7;
+			}
+		*(p++)=(tag&0x7f);
+		}
+	if ((constructed == 2) && (length == 0))
+		*(p++)=0x80; /* der_put_length would output 0 instead */
+	else
+		asn1_put_length(&p,length);
+	*pp=p;
+	}
+
+static void asn1_put_length(pp, length)
+unsigned char **pp;
+int length;
+	{
+	unsigned char *p= *pp;
+	int i,l;
+	if (length <= 127)
+		*(p++)=(unsigned char)length;
+	else
+		{
+		l=length;
+		for (i=0; l > 0; i++)
+			l>>=8;
+		*(p++)=i|0x80;
+		l=i;
+		while (i-- > 0)
+			{
+			p[i]=length&0xff;
+			length>>=8;
+			}
+		p+=l;
+		}
+	*pp=p;
+	}
+
+int ASN1_object_size(constructed, length, tag)
+int constructed;
+int length;
+int tag;
+	{
+	int ret;
+
+	ret=length;
+	ret++;
+	if (tag >= 31)
+		{
+		while (tag > 0)
+			{
+			tag>>=7;
+			ret++;
+			}
+		}
+	if ((length == 0) && (constructed == 2))
+		ret+=2;
+	ret++;
+	if (length > 127)
+		{
+		while (length > 0)
+			{
+			length>>=8;
+			ret++;
+			}
+		}
+	return(ret);
+	}
+
+int asn1_Finish(c)
+ASN1_CTX *c;
+	{
+	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
+		{
+		if (!ASN1_check_infinite_end(&c->p,c->slen))
+			{
+			c->error=ASN1_R_MISSING_EOS;
+			return(0);
+			}
+		}
+	if (	((c->slen != 0) && !(c->inf & 1)) ||
+		((c->slen < 0) && (c->inf & 1)))
+		{
+		c->error=ASN1_R_LENGTH_MISMATCH;
+		return(0);
+		}
+	return(1);
+	}
+
+int asn1_GetSequence(c,length)
+ASN1_CTX *c;
+long *length;
+	{
+	unsigned char *q;
+
+	q=c->p;
+	c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
+		*length);
+	if (c->inf & 0x80)
+		{
+		c->error=ASN1_R_BAD_GET_OBJECT;
+		return(0);
+		}
+	if (c->tag != V_ASN1_SEQUENCE)
+		{
+		c->error=ASN1_R_EXPECTING_A_SEQUENCE;
+		return(0);
+		}
+	(*length)-=(c->p-q);
+	if (c->max && (*length < 0))
+		{
+		c->error=ASN1_R_LENGTH_MISMATCH;
+		return(0);
+		}
+	if (c->inf == (1|V_ASN1_CONSTRUCTED))
+		c->slen= *length+ *(c->pp)-c->p;
+	c->eos=0;
+	return(1);
+	}
+
+ASN1_STRING *ASN1_STRING_dup(str)
+ASN1_STRING *str;
+	{
+	ASN1_STRING *ret;
+
+	if (str == NULL) return(NULL);
+	if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+		return(NULL);
+	if (!ASN1_STRING_set(ret,str->data,str->length))
+		{
+		ASN1_STRING_free(ret);
+		return(NULL);
+		}
+	return(ret);
+	}
+
+int ASN1_STRING_set(str,data,len)
+ASN1_STRING *str;
+unsigned char *data;
+int len;
+	{
+	char *c;
+
+	if (len < 0)
+		{
+		if (data == NULL)
+			return(0);
+		else
+			len=strlen((char *)data);
+		}
+	if ((str->length < len) || (str->data == NULL))
+		{
+		c=(char *)str->data;
+		if (c == NULL)
+			str->data=(unsigned char *)Malloc(len+1);
+		else
+			str->data=(unsigned char *)Realloc(c,len+1);
+
+		if (str->data == NULL)
+			{
+			str->data=(unsigned char *)c;
+			return(0);
+			}
+		}
+	str->length=len;
+	if (data != NULL)
+		{
+		memcpy(str->data,data,len);
+		/* an alowance for strings :-) */
+		str->data[len]='\0';
+		}
+	return(1);
+	}
+
+ASN1_STRING *ASN1_STRING_new()
+	{
+	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+	}
+
+
+ASN1_STRING *ASN1_STRING_type_new(type)
+int type;
+	{
+	ASN1_STRING *ret;
+
+	ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->length=0;
+	ret->type=type;
+	ret->data=NULL;
+	return(ret);
+	}
+
+void ASN1_STRING_free(a)
+ASN1_STRING *a;
+	{
+	if (a == NULL) return;
+	if (a->data != NULL) Free((char *)a->data);
+	Free((char *)a);
+	}
+
+int ASN1_STRING_cmp(a,b)
+ASN1_STRING *a,*b;
+	{
+	int i;
+
+	i=(a->length-b->length);
+	if (i == 0)
+		{
+		i=memcmp(a->data,b->data,a->length);
+		if (i == 0)
+			return(a->type-b->type);
+		else
+			return(i);
+		}
+	else
+		return(i);
+	}
+
diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
new file mode 100644
index 0000000000000000000000000000000000000000..e4ce0aaa7c0b63196143155489d1e5f3404f6030
--- /dev/null
+++ b/crypto/asn1/asn1_mac.h
@@ -0,0 +1,318 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_MAC_H
+#define HEADER_ASN1_MAC_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include "asn1.h"
+#include "x509.h"
+#include "pkcs7.h"
+
+#define M_ASN1_D2I_vars(a,type,func) \
+	ASN1_CTX c; \
+	type ret=NULL; \
+	\
+	c.pp=pp; \
+	c.error=ASN1_R_ERROR_STACK; \
+	if ((a == NULL) || ((*a) == NULL)) \
+		{ if ((ret=(type)func()) == NULL) goto err; } \
+	else	ret=(*a);
+
+#define M_ASN1_D2I_Init() \
+	c.p= *pp; \
+	c.max=(length == 0)?0:(c.p+length);
+
+#define M_ASN1_D2I_Finish_2(a) \
+	if (!asn1_Finish(&c)) goto err; \
+	*pp=c.p; \
+	if (a != NULL) (*a)=ret; \
+	return(ret);
+
+#define M_ASN1_D2I_Finish(a,func,e) \
+	M_ASN1_D2I_Finish_2(a); \
+err:\
+	ASN1err((e),c.error); \
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+	return(NULL)
+
+#define M_ASN1_D2I_start_sequence() \
+	if (!asn1_GetSequence(&c,&length)) goto err;
+
+#define M_ASN1_D2I_end_sequence() \
+	(((c.inf&1) == 0)?(c.slen <= 0): \
+		(c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
+
+#define M_ASN1_D2I_get(b,func) \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) == NULL) goto err; \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_opt(b,func,type) \
+	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+		== (V_ASN1_UNIVERSAL|(type)))) \
+		{ \
+		M_ASN1_D2I_get(b,func); \
+		}
+
+#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+		{ \
+		unsigned char tmp; \
+		tmp=M_ASN1_next; \
+		M_ASN1_next=(tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \
+		M_ASN1_D2I_get(b,func); \
+		M_ASN1_next_prev=tmp; \
+		}
+
+#define M_ASN1_D2I_get_set(r,func) \
+		M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,tag) \
+	if ((c.slen != 0) && \
+		(M_ASN1_next == \
+		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+		{ \
+		M_ASN1_D2I_get_imp_set(b,func,tag,V_ASN1_CONTEXT_SPECIFIC); \
+		}
+
+#define M_ASN1_D2I_get_seq(r,func) \
+		M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_seq_opt(r,func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+		{ M_ASN1_D2I_get_seq(r,func); }
+
+#define M_ASN1_D2I_get_IMP_set(r,func,x) \
+		M_ASN1_D2I_get_imp_set(r,func,x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_imp_set(r,func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,a,b) == NULL) \
+		goto err; \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+		goto err; \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+	if ((c.slen != 0L) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \
+		if (func(&(r),&c.p,Tlen) == NULL) \
+			goto err; \
+		c.slen-=(c.p-c.q); \
+		}
+
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,tag,b) \
+	if ((c.slen != 0) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \
+		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+			b,V_ASN1_UNIVERSAL) == NULL) \
+			goto err; \
+		c.slen-=(c.p-c.q); \
+		}
+
+/* New macros */
+#define M_ASN1_New_Malloc(ret,type) \
+	if ((ret=(type *)Malloc(sizeof(type))) == NULL) goto err2;
+
+#define M_ASN1_New(arg,func) \
+	if (((arg)=func()) == NULL) return(NULL)
+
+#define M_ASN1_New_Error(a) \
+/*	err:	ASN1err((a),ASN1_R_ERROR_STACK); \
+		return(NULL);*/ \
+	err2:	ASN1err((a),ERR_R_MALLOC_FAILURE); \
+		return(NULL)
+
+
+#define M_ASN1_next		(*c.p)
+#define M_ASN1_next_prev	(*c.q)
+
+/*************************************************/
+
+#define M_ASN1_I2D_vars(a)	int r=0,ret=0; \
+				unsigned char *p; \
+				if (a == NULL) return(0)
+
+/* Length Macros */
+#define M_ASN1_I2D_len(a,f)	ret+=f(a,NULL)
+#define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)
+
+#define M_ASN1_I2D_len_SET(a,f) \
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_I2D_len_SEQ(a,f) \
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_I2D_len_SEQ_opt(a,f) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			M_ASN1_I2D_len_SEQ(a,f);
+
+#define M_ASN1_I2D_len_IMP_set(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_I2D_len_IMP_set_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+		if (a != NULL)\
+			{ \
+			v=f(a,NULL); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_set_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+/* Put Macros */
+#define M_ASN1_I2D_put(a,f)	f(a,&p)
+
+#define M_ASN1_I2D_put_IMP_opt(a,f,t)	\
+		if (a != NULL) \
+			{ \
+			unsigned char *q=p; \
+			f(a,&p); \
+			*q=(V_ASN1_CONTEXT_SPECIFIC|t); \
+			}
+
+#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+			V_ASN1_UNIVERSAL)
+#define M_ASN1_I2D_put_IMP_set(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC)
+
+#define M_ASN1_I2D_put_SEQ(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+			V_ASN1_UNIVERSAL)
+
+#define M_ASN1_I2D_put_SEQ_opt(a,f) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			M_ASN1_I2D_put_SEQ(a,f);
+
+#define M_ASN1_I2D_put_IMP_set_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC); }
+
+#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+		if (a != NULL) \
+			{ \
+			ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+			f(a,&p); \
+			}
+
+#define M_ASN1_I2D_put_EXP_set_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL); \
+			}
+
+#define M_ASN1_I2D_seq_total() \
+		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+		if (pp == NULL) return(r); \
+		p= *pp; \
+		ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+		*(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+		*(p++)=0x80
+
+#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+
+#define M_ASN1_I2D_finish()	*pp=p; \
+				return(r);
+
+#ifndef NOPROTO
+int asn1_GetSequence(ASN1_CTX *c, long *length);
+#else 
+int asn1_GetSequence();
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
new file mode 100644
index 0000000000000000000000000000000000000000..c6cbe1dfa581d249d60c8f9c23c395813f7afba7
--- /dev/null
+++ b/crypto/asn1/asn1_par.c
@@ -0,0 +1,387 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "objects.h"
+#include "x509.h"
+
+#ifndef NOPROTO
+static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
+	int indent);
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
+	int offset, int depth, int indent);
+#else
+static int asn1_print_info();
+static int asn1_parse2();
+#endif
+
+static int asn1_print_info(bp, tag, xclass, constructed,indent)
+BIO *bp;
+int tag;
+int xclass;
+int constructed;
+int indent;
+	{
+	static char *fmt="%-18s";
+	static char *fmt2="%2d %-15s";
+	char *p,str[128],*p2=NULL;
+
+	if (constructed & V_ASN1_CONSTRUCTED)
+		p="cons: ";
+	else
+		p="prim: ";
+	if (BIO_write(bp,p,6) < 6) goto err;
+	if (indent)
+		{
+		if (indent > 128) indent=128;
+		memset(str,' ',indent);
+		if (BIO_write(bp,str,indent) < indent) goto err;
+		}
+
+	p=str;
+	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+		sprintf(str,"priv [ %d ] ",tag);
+	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+		sprintf(str,"cont [ %d ]",tag);
+	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+		sprintf(str,"appl [ %d ]",tag);
+	else if ((tag == V_ASN1_EOC) /* && (xclass == V_ASN1_UNIVERSAL) */)
+		p="EOC";
+	else if (tag == V_ASN1_BOOLEAN)
+		p="BOOLEAN";
+	else if (tag == V_ASN1_INTEGER)
+		p="INTEGER";
+	else if (tag == V_ASN1_BIT_STRING)
+		p="BIT STRING";
+	else if (tag == V_ASN1_OCTET_STRING)
+		p="OCTET STRING";
+	else if (tag == V_ASN1_NULL)
+		p="NULL";
+	else if (tag == V_ASN1_OBJECT)
+		p="OBJECT";
+	else if (tag == V_ASN1_SEQUENCE)
+		p="SEQUENCE";
+	else if (tag == V_ASN1_SET)
+		p="SET";
+	else if (tag == V_ASN1_PRINTABLESTRING)
+		p="PRINTABLESTRING";
+	else if (tag == V_ASN1_T61STRING)
+		p="T61STRING";
+	else if (tag == V_ASN1_IA5STRING)
+		p="IA5STRING";
+	else if (tag == V_ASN1_UTCTIME)
+		p="UTCTIME";
+
+	/* extras */
+	else if (tag == V_ASN1_NUMERICSTRING)
+		p="NUMERICSTRING";
+	else if (tag == V_ASN1_VIDEOTEXSTRING)
+		p="VIDEOTEXSTRING";
+	else if (tag == V_ASN1_GENERALIZEDTIME)
+		p="GENERALIZEDTIME";
+	else if (tag == V_ASN1_GRAPHICSTRING)
+		p="GRAPHICSTRING";
+	else if (tag == V_ASN1_ISO64STRING)
+		p="ISO64STRING";
+	else if (tag == V_ASN1_GENERALSTRING)
+		p="GENERALSTRING";
+	else if (tag == V_ASN1_UNIVERSALSTRING)
+		p="UNIVERSALSTRING";
+
+	else
+		p2="(unknown)";
+		
+	if (p2 != NULL)
+		{
+		if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
+		}
+	else
+		{
+		if (BIO_printf(bp,fmt,p) <= 0) goto err;
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+int ASN1_parse(bp, pp, len, indent)
+BIO *bp;
+unsigned char *pp;
+long len;
+int indent;
+	{
+	return(asn1_parse2(bp,&pp,len,0,0,indent));
+	}
+
+static int asn1_parse2(bp, pp, length, offset, depth, indent)
+BIO *bp;
+unsigned char **pp;
+long length;
+int offset;
+int depth;
+int indent;
+	{
+	unsigned char *p,*ep,*tot,*op,*opp;
+	long len;
+	int tag,xclass,ret=0;
+	int nl,hl,j,r;
+	ASN1_OBJECT *o=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+
+	p= *pp;
+	tot=p+length;
+	op=p-1;
+	while ((p < tot) && (op < p))
+		{
+		op=p;
+		j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+#ifdef LINT
+		j=j;
+#endif
+		if (j & 0x80)
+			{
+			if (BIO_write(bp,"Error in encoding\n",18) <= 0)
+				goto end;
+			ret=0;
+			goto end;
+			}
+		hl=(p-op);
+		length-=hl;
+		/* if j == 0x21 it is a constructed indefinite length object */
+		if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
+			<= 0) goto end;
+
+		if (j != (V_ASN1_CONSTRUCTED | 1))
+			{
+			if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
+				depth,(long)hl,len) <= 0)
+				goto end;
+			}
+		else
+			{
+			if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
+				depth,(long)hl) <= 0)
+				goto end;
+			}
+		if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
+			goto end;
+		if (j & V_ASN1_CONSTRUCTED)
+			{
+			ep=p+len;
+			if (BIO_write(bp,"\n",1) <= 0) goto end;
+			if (len > length)
+				{
+				BIO_printf(bp,
+					"length is greater than %ld\n",length);
+				ret=0;
+				goto end;
+				}
+			if ((j == 0x21) && (len == 0))
+				{
+				for (;;)
+					{
+					r=asn1_parse2(bp,&p,(long)(tot-p),
+						offset+(p - *pp),depth+1,
+						indent);
+					if (r == 0) { ret=0; goto end; }
+					if ((r == 2) || (p >= tot)) break;
+					}
+				}
+			else
+				while (p < ep)
+					{
+					r=asn1_parse2(bp,&p,(long)len,
+						offset+(p - *pp),depth+1,
+						indent);
+					if (r == 0) { ret=0; goto end; }
+					}
+			}
+		else if (xclass != 0)
+			{
+			p+=len;
+			if (BIO_write(bp,"\n",1) <= 0) goto end;
+			}
+		else
+			{
+			nl=0;
+			if (	(tag == V_ASN1_PRINTABLESTRING) ||
+				(tag == V_ASN1_T61STRING) ||
+				(tag == V_ASN1_IA5STRING) ||
+				(tag == V_ASN1_UTCTIME))
+				{
+				if (BIO_write(bp,":",1) <= 0) goto end;
+				if ((len > 0) &&
+					BIO_write(bp,(char *)p,(int)len)
+					!= (int)len)
+					goto end;
+				}
+			else if (tag == V_ASN1_OBJECT)
+				{
+				opp=op;
+				if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					i2a_ASN1_OBJECT(bp,o);
+					}
+				else
+					{
+					if (BIO_write(bp,":BAD OBJECT",11) <= 0)
+						goto end;
+					}
+				}
+			else if (tag == V_ASN1_BOOLEAN)
+				{
+				int ii;
+
+				opp=op;
+				ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
+				if (ii < 0)
+					{
+					if (BIO_write(bp,"Bad boolean\n",12))
+						goto end;
+					}
+				BIO_printf(bp,":%d",ii);
+				}
+			else if (tag == V_ASN1_OCTET_STRING)
+				{
+				int i,printable=1;
+
+				opp=op;
+				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
+				if (os != NULL)
+					{
+					opp=os->data;
+					for (i=0; ilength; i++)
+						{
+						if ((	(opp[i] < ' ') &&
+							(opp[i] != '\n') &&
+							(opp[i] != '\r') &&
+							(opp[i] != '\t')) ||
+							(opp[i] > '~'))
+							{
+							printable=0;
+							break;
+							}
+						}
+					if (printable && (os->length > 0))
+						{
+						if (BIO_write(bp,":",1) <= 0)
+							goto end;
+						if (BIO_write(bp,(char *)opp,
+							os->length) <= 0)
+							goto end;
+						}
+					ASN1_OCTET_STRING_free(os);
+					os=NULL;
+					}
+				}
+			else if (tag == V_ASN1_INTEGER)
+				{
+				ASN1_INTEGER *bs;
+				int i;
+
+				opp=op;
+				bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
+				if (bs != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					if (bs->type == V_ASN1_NEG_INTEGER)
+						if (BIO_write(bp,"-",1) <= 0)
+							goto end;
+					for (i=0; ilength; i++)
+						{
+						if (BIO_printf(bp,"%02X",
+							bs->data[i]) <= 0)
+							goto end;
+						}
+					if (bs->length == 0)
+						{
+						if (BIO_write(bp,"00",2) <= 0)
+							goto end;
+						}
+					}
+				else
+					{
+					if (BIO_write(bp,"BAD INTEGER",11) <= 0)
+						goto end;
+					}
+				ASN1_INTEGER_free(bs);
+				}
+
+			if (!nl) 
+				{
+				if (BIO_write(bp,"\n",1) <= 0) goto end;
+				}
+			p+=len;
+			if ((tag == V_ASN1_EOC) && (xclass == 0))
+				{
+				ret=2; /* End of sequence */
+				goto end;
+				}
+			}
+		length-=len;
+		}
+	ret=1;
+end:
+	if (o != NULL) ASN1_OBJECT_free(o);
+	if (os != NULL) ASN1_OCTET_STRING_free(os);
+	*pp=p;
+	return(ret);
+	}
diff --git a/crypto/asn1/d2i_dhp.c b/crypto/asn1/d2i_dhp.c
new file mode 100644
index 0000000000000000000000000000000000000000..6ae3e0efa33c85d67ded227eaf58264ad054f094
--- /dev/null
+++ b/crypto/asn1/d2i_dhp.c
@@ -0,0 +1,108 @@
+/* crypto/asn1/d2i_dhp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_DHPARAMS,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_DHPARAMS,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+DH *d2i_DHparams(a,pp,length)
+DH **a;
+unsigned char **pp;
+long length;
+	{
+	int i=ASN1_R_ERROR_STACK;
+	ASN1_INTEGER *bs=NULL;
+	long v=0;
+	M_ASN1_D2I_vars(a,DH *,DH_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+
+	if (!M_ASN1_D2I_end_sequence())
+		{
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		for (i=0; ilength; i++)
+			v=(v<<8)|(bs->data[i]);
+		ret->length=(int)v;
+		}
+
+	ASN1_BIT_STRING_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DHPARAMS,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DH_free(ret);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_dsap.c b/crypto/asn1/d2i_dsap.c
new file mode 100644
index 0000000000000000000000000000000000000000..d0732af23a35f4d86cc0f45e886f528621ba55e0
--- /dev/null
+++ b/crypto/asn1/d2i_dsap.c
@@ -0,0 +1,101 @@
+/* crypto/asn1/d2i_dsap.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_DSAPARAMS,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_DSAPARAMS,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+DSA *d2i_DSAparams(a,pp,length)
+DSA **a;
+unsigned char **pp;
+long length;
+	{
+	int i=ASN1_R_ERROR_STACK;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+
+	ASN1_BIT_STRING_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPARAMS,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
new file mode 100644
index 0000000000000000000000000000000000000000..0b60aee4c06ac4041e79a46377f7f75ffab0a4bd
--- /dev/null
+++ b/crypto/asn1/d2i_pr.c
@@ -0,0 +1,117 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+
+EVP_PKEY *d2i_PrivateKey(type,a,pp,length)
+int type;
+EVP_PKEY **a;
+unsigned char **pp;
+long length;
+	{
+	EVP_PKEY *ret;
+
+	if ((a == NULL) || (*a == NULL))
+		{
+		if ((ret=EVP_PKEY_new()) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
+			return(NULL);
+			}
+		}
+	else	ret= *a;
+
+	ret->save_type=type;
+	ret->type=EVP_PKEY_type(type);
+	switch (ret->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+	default:
+		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+		goto err;
+		break;
+		}
+	if (a != NULL) (*a)=ret;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
new file mode 100644
index 0000000000000000000000000000000000000000..142742e8449db332eece78638ab1b24423c19548
--- /dev/null
+++ b/crypto/asn1/d2i_pu.c
@@ -0,0 +1,117 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+
+EVP_PKEY *d2i_PublicKey(type,a,pp,length)
+int type;
+EVP_PKEY **a;
+unsigned char **pp;
+long length;
+	{
+	EVP_PKEY *ret;
+
+	if ((a == NULL) || (*a == NULL))
+		{
+		if ((ret=EVP_PKEY_new()) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+			return(NULL);
+			}
+		}
+	else	ret= *a;
+
+	ret->save_type=type;
+	ret->type=EVP_PKEY_type(type);
+	switch (ret->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+	default:
+		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+		goto err;
+		break;
+		}
+	if (a != NULL) (*a)=ret;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_r_pr.c b/crypto/asn1/d2i_r_pr.c
new file mode 100644
index 0000000000000000000000000000000000000000..af95f30a56b02df9eb99330c38b4188ac4f4aea2
--- /dev/null
+++ b/crypto/asn1/d2i_r_pr.c
@@ -0,0 +1,129 @@
+/* crypto/asn1/d2i_r_pr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_PARSING);
+ */
+
+static ASN1_METHOD method={
+        (int (*)())  i2d_RSAPrivateKey,
+        (char *(*)())d2i_RSAPrivateKey,
+        (char *(*)())RSA_new,
+        (void (*)()) RSA_free};
+
+ASN1_METHOD *RSAPrivateKey_asn1_meth()
+	{
+	return(&method);
+	}
+
+RSA *d2i_RSAPrivateKey(a,pp,length)
+RSA **a;
+unsigned char **pp;
+long length;
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,RSA *,RSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if (bs->length == 0)
+		ret->version=0;
+	else	ret->version=bs->data[0];
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->n=BN_bin2bn(bs->data,bs->length,ret->n)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->e=BN_bin2bn(bs->data,bs->length,ret->e)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->d=BN_bin2bn(bs->data,bs->length,ret->d)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->dmp1=BN_bin2bn(bs->data,bs->length,ret->dmp1)) == NULL)
+		goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->dmq1=BN_bin2bn(bs->data,bs->length,ret->dmq1)) == NULL)
+		goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->iqmp=BN_bin2bn(bs->data,bs->length,ret->iqmp)) == NULL)
+		goto err_bn;
+
+	ASN1_INTEGER_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) RSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_r_pu.c b/crypto/asn1/d2i_r_pu.c
new file mode 100644
index 0000000000000000000000000000000000000000..0febef6b36d9a831a7c7dc99b691c54a18f455ae
--- /dev/null
+++ b/crypto/asn1/d2i_r_pu.c
@@ -0,0 +1,100 @@
+/* crypto/asn1/d2i_r_pu.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_RSAPUBLICKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+RSA *d2i_RSAPublicKey(a,pp,length)
+RSA **a;
+unsigned char **pp;
+long length;
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,RSA *,RSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->n=BN_bin2bn(bs->data,bs->length,ret->n)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->e=BN_bin2bn(bs->data,bs->length,ret->e)) == NULL) goto err_bn;
+
+	ASN1_INTEGER_free(bs);
+	bs=NULL;
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_RSAPUBLICKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) RSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_s_pr.c b/crypto/asn1/d2i_s_pr.c
new file mode 100644
index 0000000000000000000000000000000000000000..987db4e3c296a784d7e60c2f91627e9738bf1647
--- /dev/null
+++ b/crypto/asn1/d2i_s_pr.c
@@ -0,0 +1,113 @@
+/* crypto/asn1/d2i_s_pr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_DSAPRIVATEKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_PARSING);
+ */
+
+DSA *d2i_DSAPrivateKey(a,pp,length)
+DSA **a;
+unsigned char **pp;
+long length;
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if (bs->length == 0)
+		ret->version=0;
+	else	ret->version=bs->data[0];
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
+		== NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->priv_key=BN_bin2bn(bs->data,bs->length,ret->priv_key))
+		== NULL) goto err_bn;
+
+	ASN1_INTEGER_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPRIVATEKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/d2i_s_pu.c b/crypto/asn1/d2i_s_pu.c
new file mode 100644
index 0000000000000000000000000000000000000000..dfffa82030d95deb84a34b0567d80fb86e14ca66
--- /dev/null
+++ b/crypto/asn1/d2i_s_pu.c
@@ -0,0 +1,124 @@
+/* crypto/asn1/d2i_s_pu.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_DSAPUBLICKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+DSA *d2i_DSAPublicKey(a,pp,length)
+DSA **a;
+unsigned char **pp;
+long length;
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	if ((length != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED))
+		== (V_ASN1_UNIVERSAL|(V_ASN1_INTEGER))))
+		{
+		c.slen=length;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
+                        == NULL)
+                        goto err_bn;
+		ret->write_params=0;
+		}
+	else
+		{
+		M_ASN1_D2I_start_sequence();
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
+			== NULL)
+			goto err_bn;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL)
+			goto err_bn;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL)
+			goto err_bn;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL)
+			goto err_bn;
+
+		ret->write_params=1;
+		}
+
+	ASN1_INTEGER_free(bs);
+	bs=NULL;
+	M_ASN1_D2I_Finish_2(a);
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPUBLICKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
new file mode 100644
index 0000000000000000000000000000000000000000..f786b12d6800a7def448446b86e6cda56a0a7bee
--- /dev/null
+++ b/crypto/asn1/f_int.c
@@ -0,0 +1,211 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+
+int i2a_ASN1_INTEGER(bp, a)
+BIO *bp;
+ASN1_INTEGER *a;
+	{
+	int i,n=0;
+	static char *h="0123456789ABCDEF";
+	char buf[2];
+
+	if (a == NULL) return(0);
+
+	if (a->length == 0)
+		{
+		if (BIO_write(bp,"00",2) != 2) goto err;
+		n=2;
+		}
+	else
+		{
+		for (i=0; ilength; i++)
+			{
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
+			}
+		}
+	return(n);
+err:
+	return(-1);
+	}
+
+int a2i_ASN1_INTEGER(bp,bs,buf,size)
+BIO *bp;
+ASN1_INTEGER *bs;
+char *buf;
+int size;
+	{
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
+
+	bs->type=V_ASN1_INTEGER;
+
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
+		{
+		if (bufsize < 1) goto err_sl;
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
+
+		for (j=0; j= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+				{
+				i=j;
+				break;
+				}
+			}
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
+
+		bufp=(unsigned char *)buf;
+		if (first)
+			{
+			first=0;
+			if ((bufp[0] == '0') && (buf[1] == '0'))
+				{
+				bufp+=2;
+				i-=2;
+				}
+			}
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)Malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)Realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) Free((char *)s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
+			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
+		}
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
+		{
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
new file mode 100644
index 0000000000000000000000000000000000000000..68001c324545949eddb62b7bb253690d1cb871f4
--- /dev/null
+++ b/crypto/asn1/f_string.c
@@ -0,0 +1,210 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "x509.h"
+
+int i2a_ASN1_STRING(bp, a, type)
+BIO *bp;
+ASN1_STRING *a;
+int type;
+	{
+	int i,n=0;
+	static char *h="0123456789ABCDEF";
+	char buf[2];
+
+	if (a == NULL) return(0);
+
+	if (a->length == 0)
+		{
+		if (BIO_write(bp,"0",1) != 1) goto err;
+		n=1;
+		}
+	else
+		{
+		for (i=0; ilength; i++)
+			{
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
+			}
+		}
+	return(n);
+err:
+	return(-1);
+	}
+
+int a2i_ASN1_STRING(bp,bs,buf,size)
+BIO *bp;
+ASN1_STRING *bs;
+char *buf;
+int size;
+	{
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
+
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
+		{
+		if (bufsize < 1)
+			{
+			if (first)
+				break;
+			else
+				goto err_sl;
+			}
+		first=0;
+
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
+
+		for (j=i-1; j>0; j--)
+			{
+			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+				{
+				i=j;
+				break;
+				}
+			}
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
+
+		bufp=(unsigned char *)buf;
+
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)Malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)Realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) Free((char *)s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
+			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
+		}
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
+		{
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/asn1/i2d_dhp.c b/crypto/asn1/i2d_dhp.c
new file mode 100644
index 0000000000000000000000000000000000000000..087b6b8f6c24b1db07f54d25abf20259a4d78d1d
--- /dev/null
+++ b/crypto/asn1/i2d_dhp.c
@@ -0,0 +1,128 @@
+/* crypto/asn1/i2d_dhp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "asn1_mac.h"
+#include "dh.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_DHPARAMS,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_DHPARAMS_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_DHparams(a,pp)
+DH *a;
+unsigned char **pp;
+	{
+	BIGNUM *num[3];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0;
+	int t,ret= -1;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+	num[0]=a->p;
+	num[1]=a->g;
+	if (a->length != 0)
+		{
+		if ((num[2]=BN_new()) == NULL) goto err;
+		if (!BN_set_word(num[2],a->length)) goto err;
+		}
+	else	
+		num[2]=NULL;
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	ret=t;
+err:
+	if (num[2] != NULL) BN_free(num[2]);
+	*pp=p;
+	return(ret);
+	}
diff --git a/crypto/asn1/i2d_dsap.c b/crypto/asn1/i2d_dsap.c
new file mode 100644
index 0000000000000000000000000000000000000000..e051c99886391c6d3c87df0a3f47d1a0869b6b74
--- /dev/null
+++ b/crypto/asn1/i2d_dsap.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/i2d_dsap.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "asn1_mac.h"
+#include "dsa.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_DSAPARAMS,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_DSAparams(a,pp)
+DSA *a;
+unsigned char **pp;
+	{
+	BIGNUM *num[3];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0;
+	int t,ret= -1;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+	num[0]=a->p;
+	num[1]=a->q;
+	num[2]=a->g;
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	ret=t;
+err:
+	*pp=p;
+	return(ret);
+	}
+
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
new file mode 100644
index 0000000000000000000000000000000000000000..361beb9fddf942916aa0b31855cc4a0214a08b92
--- /dev/null
+++ b/crypto/asn1/i2d_pr.c
@@ -0,0 +1,86 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+
+int i2d_PrivateKey(a,pp)
+EVP_PKEY *a;
+unsigned char **pp;
+	{
+#ifndef NO_RSA
+	if (a->type == EVP_PKEY_RSA)
+		{
+		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+		}
+	else
+#endif
+#ifndef NO_DSA
+	if (a->type == EVP_PKEY_DSA)
+		{
+		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+		}
+#endif
+
+	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+	return(-1);
+	}
+
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
new file mode 100644
index 0000000000000000000000000000000000000000..2694cd442311de3621b92334e9b172e43a7e174c
--- /dev/null
+++ b/crypto/asn1/i2d_pu.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "evp.h"
+#include "objects.h"
+
+int i2d_PublicKey(a,pp)
+EVP_PKEY *a;
+unsigned char **pp;
+	{
+	switch (a->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+#endif
+	default:
+		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+		return(-1);
+		}
+	}
+
diff --git a/crypto/asn1/i2d_r_pr.c b/crypto/asn1/i2d_r_pr.c
new file mode 100644
index 0000000000000000000000000000000000000000..fa9389760ae2d15046f2340f273a0dd542c5f6da
--- /dev/null
+++ b/crypto/asn1/i2d_r_pr.c
@@ -0,0 +1,132 @@
+/* crypto/asn1/i2d_r_pr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+int i2d_RSAPrivateKey(a,pp)
+RSA *a;
+unsigned char **pp;
+	{
+	BIGNUM *num[9];
+	unsigned char data[1];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot,t,len,max=0;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	num[1]=a->n;
+	num[2]=a->e;
+	num[3]=a->d;
+	num[4]=a->p;
+	num[5]=a->q;
+	num[6]=a->dmp1;
+	num[7]=a->dmq1;
+	num[8]=a->iqmp;
+
+	bs.length=1;
+	bs.data=data;
+	bs.type=V_ASN1_INTEGER;
+	data[0]=a->version&0x7f;
+
+	tot=i2d_ASN1_INTEGER(&(bs),NULL);
+	for (i=1; i<9; i++)
+		{
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	i2d_ASN1_INTEGER(&bs,&p);
+
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=1; i<9; i++)
+		{
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	*pp=p;
+	return(t);
+	}
+
diff --git a/crypto/asn1/i2d_r_pu.c b/crypto/asn1/i2d_r_pu.c
new file mode 100644
index 0000000000000000000000000000000000000000..31dc8363ba1ecb1d50f09529e01e25f3adec5a70
--- /dev/null
+++ b/crypto/asn1/i2d_r_pu.c
@@ -0,0 +1,118 @@
+/* crypto/asn1/i2d_r_pu.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "rsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_RSAPUBLICKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+int i2d_RSAPublicKey(a,pp)
+RSA *a;
+unsigned char **pp;
+	{
+	BIGNUM *num[2];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0,t;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	num[0]=a->n;
+	num[1]=a->e;
+
+	for (i=0; i<2; i++)
+		{
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=0; i<2; i++)
+		{
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	*pp=p;
+	return(t);
+	}
+
diff --git a/crypto/asn1/i2d_s_pr.c b/crypto/asn1/i2d_s_pr.c
new file mode 100644
index 0000000000000000000000000000000000000000..0c0a5c6f57ed2f3d6cbb9b731afa421e91b13ada
--- /dev/null
+++ b/crypto/asn1/i2d_s_pr.c
@@ -0,0 +1,128 @@
+/* crypto/asn1/i2d_s_pr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+int i2d_DSAPrivateKey(a,pp)
+DSA *a;
+unsigned char **pp;
+	{
+	BIGNUM *num[6];
+	unsigned char data[1];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot,t,len,max=0;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	num[1]=a->p;
+	num[2]=a->q;
+	num[3]=a->g;
+	num[4]=a->pub_key;
+	num[5]=a->priv_key;
+
+	bs.length=1;
+	bs.data=data;
+	bs.type=V_ASN1_INTEGER;
+	data[0]=a->version&0x7f;
+
+	tot=i2d_ASN1_INTEGER(&(bs),NULL);
+	for (i=1; i<6; i++)
+		{
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	i2d_ASN1_INTEGER(&bs,&p);
+
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=1; i<6; i++)
+		{
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	*pp=p;
+	return(t);
+	}
+
diff --git a/crypto/asn1/i2d_s_pu.c b/crypto/asn1/i2d_s_pu.c
new file mode 100644
index 0000000000000000000000000000000000000000..cfb7c11f8ba19ceb5afeb65a2b2cc39f5bbf04d0
--- /dev/null
+++ b/crypto/asn1/i2d_s_pu.c
@@ -0,0 +1,133 @@
+/* crypto/asn1/i2d_s_pu.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+int i2d_DSAPublicKey(a,pp)
+DSA *a;
+unsigned char **pp;
+	{
+	BIGNUM *num[4];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0,t=0,all,n=1;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	all=a->write_params;
+
+	num[0]=a->pub_key;
+	if (all)
+		{
+		num[1]=a->p;
+		num[2]=a->q;
+		num[3]=a->g;
+		n=4;
+		}
+
+	for (i=0; i max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	if (all)
+		{
+		t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+		if (pp == NULL) return(t);
+		}
+	else
+		{
+		if (pp == NULL) return(tot);
+		}
+
+	p= *pp;
+	if (all)
+		ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=0; i
+#include "cryptlib.h"
+#include "rsa.h"
+#include "objects.h"
+#include "asn1_mac.h"
+#include "evp.h"
+#include "x509.h"
+
+
+#ifndef NO_RC4
+
+typedef struct netscape_pkey_st
+	{
+	ASN1_INTEGER *version;
+	X509_ALGOR *algor;
+	ASN1_OCTET_STRING *private_key;
+	} NETSCAPE_PKEY;
+
+/*
+ * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+ * ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR);
+ * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);
+ */
+#ifndef NOPROTO
+static RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
+	int (*cb)());
+static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
+static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+#else
+static RSA *d2i_Netscape_RSA_2();
+static int i2d_NETSCAPE_PKEY();
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new();
+static void NETSCAPE_PKEY_free();
+#endif
+
+int i2d_Netscape_RSA(a,pp,cb)
+RSA *a;
+unsigned char **pp;
+int (*cb)();
+	{
+	int i,j,l[6];
+	NETSCAPE_PKEY *pkey;
+	unsigned char buf[256],*zz;
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	EVP_CIPHER_CTX ctx;
+	X509_ALGOR *alg=NULL;
+	ASN1_OCTET_STRING os,os2;
+	M_ASN1_I2D_vars(a);
+
+	if (a == NULL) return(0);
+
+#ifdef WIN32
+	r=r; /* shut the damn compiler up :-) */
+#endif
+
+	os.data=os2.data=NULL;
+	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+
+	if (pkey->algor->algorithm != NULL)
+		ASN1_OBJECT_free(pkey->algor->algorithm);
+	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	pkey->algor->parameter->type=V_ASN1_NULL;
+
+	l[0]=i2d_RSAPrivateKey(a,NULL);
+	pkey->private_key->length=l[0];
+
+	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
+	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+
+	if ((alg=X509_ALGOR_new()) == NULL) goto err;
+	if (alg->algorithm != NULL)
+		ASN1_OBJECT_free(alg->algorithm);
+	alg->algorithm=OBJ_nid2obj(NID_rc4);
+	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	alg->parameter->type=V_ASN1_NULL;
+
+	l[2]=i2d_X509_ALGOR(alg,NULL);
+	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+
+	os.data=(unsigned char *)"private-key";
+	os.length=11;
+	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+
+	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+
+	if (pp == NULL)
+		{
+		if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+		if (alg != NULL) X509_ALGOR_free(alg);
+		return(l[5]);
+		}
+
+	if (pkey->private_key->data != NULL)
+		Free((char *)pkey->private_key->data);
+	if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	zz=pkey->private_key->data;
+	i2d_RSAPrivateKey(a,&zz);
+
+	if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	zz=os2.data;
+	i2d_NETSCAPE_PKEY(pkey,&zz);
+		
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	i=cb(buf,256,"Enter Private Key password:",1);
+	if (i != 0)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
+		goto err;
+		}
+	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+		strlen((char *)buf),1,key,NULL);
+	memset(buf,0,256);
+	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
+	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+	EVP_CIPHER_CTX_cleanup(&ctx);
+
+	p= *pp;
+	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(&os,&p);
+	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_X509_ALGOR(alg,&p);
+	i2d_ASN1_OCTET_STRING(&os2,&p);
+	ret=l[5];
+err:
+	if (os2.data != NULL) Free((char *)os2.data);
+	if (alg != NULL) X509_ALGOR_free(alg);
+	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+	r=r;
+	return(ret);
+	}
+
+RSA *d2i_Netscape_RSA(a,pp,length,cb)
+RSA **a;
+unsigned char **pp;
+long length;
+int (*cb)();
+	{
+	RSA *ret=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+	ASN1_CTX c;
+
+	c.pp=pp;
+	c.error=ASN1_R_DECODING_ERROR;
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
+	if ((os->length != 11) || (strncmp("private-key",
+		(char *)os->data,os->length) != 0))
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+		ASN1_BIT_STRING_free(os);
+		goto err;
+		}
+	ASN1_BIT_STRING_free(os);
+	c.q=c.p;
+	if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
+	c.slen-=(c.p-c.q);
+
+	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
+	}
+
+static RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
+RSA **a;
+unsigned char **pp;
+long length;
+int (*cb)();
+	{
+	NETSCAPE_PKEY *pkey=NULL;
+	RSA *ret=NULL;
+	int i,j;
+	unsigned char buf[256],*zz;
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	EVP_CIPHER_CTX ctx;
+	X509_ALGOR *alg=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+	ASN1_CTX c;
+
+	c.error=ASN1_R_ERROR_STACK;
+	c.pp=pp;
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
+	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+		goto err;
+		}
+	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	i=cb(buf,256,"Enter Private Key password:",0);
+	if (i != 0)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ);
+		goto err;
+		}
+
+	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+		strlen((char *)buf),1,key,NULL);
+	memset(buf,0,256);
+	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
+	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	os->length=i+j;
+
+	zz=os->data;
+
+	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+		goto err;
+		}
+		
+	zz=pkey->private_key->data;
+	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+		goto err;
+		}
+	if (!asn1_Finish(&c)) goto err;
+	*pp=c.p;
+err:
+	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+	if (os != NULL) ASN1_BIT_STRING_free(os);
+	if (alg != NULL) X509_ALGOR_free(alg);
+	return(ret);
+	}
+
+static int i2d_NETSCAPE_PKEY(a,pp)
+NETSCAPE_PKEY *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+
+	M_ASN1_I2D_len(a->version,	i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->private_key,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,	i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->private_key,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length)
+NETSCAPE_PKEY **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
+	}
+
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
+	{
+	NETSCAPE_PKEY *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->algor,X509_ALGOR_new);
+	M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
+	}
+
+static void NETSCAPE_PKEY_free(a)
+NETSCAPE_PKEY *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_ALGOR_free(a->algor);
+	ASN1_OCTET_STRING_free(a->private_key);
+	Free((char *)a);
+	}
+
+#endif /* NO_RC4 */
+
diff --git a/crypto/asn1/p7_dgst.c b/crypto/asn1/p7_dgst.c
new file mode 100644
index 0000000000000000000000000000000000000000..206c2a6bb3acf3f8ead31b7c0294dbe50bb53444
--- /dev/null
+++ b/crypto/asn1/p7_dgst.c
@@ -0,0 +1,130 @@
+/* crypto/asn1/p7_dgst.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_DIGEST_NEW,ASN1_R_MISSING_EOS);
+ * ASN1err(ASN1_F_D2I_PKCS7_DIGEST,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_DIGEST(a,pp)
+PKCS7_DIGEST *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->md,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_len(a->digest,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->md,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_put(a->digest,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_DIGEST *d2i_PKCS7_DIGEST(a,pp,length)
+PKCS7_DIGEST **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_DIGEST *,PKCS7_DIGEST_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->md,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
+	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,PKCS7_DIGEST_free,ASN1_F_D2I_PKCS7_DIGEST);
+	}
+
+PKCS7_DIGEST *PKCS7_DIGEST_new()
+	{
+	PKCS7_DIGEST *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_DIGEST);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->md,X509_ALGOR_new);
+	M_ASN1_New(ret->contents,PKCS7_new);
+	M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_DIGEST_NEW);
+	}
+
+void PKCS7_DIGEST_free(a)
+PKCS7_DIGEST *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_ALGOR_free(a->md);
+	PKCS7_free(a->contents);
+	ASN1_OCTET_STRING_free(a->digest);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_enc.c b/crypto/asn1/p7_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..ce4bedb113b421245c8481185ec78f1264b7fd3a
--- /dev/null
+++ b/crypto/asn1/p7_enc.c
@@ -0,0 +1,120 @@
+/* crypto/asn1/p7_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_ENCRYPT_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_ENCRYPT,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_ENCRYPT(a,pp)
+PKCS7_ENCRYPT *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(a,pp,length)
+PKCS7_ENCRYPT **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ENCRYPT *,PKCS7_ENCRYPT_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
+
+	M_ASN1_D2I_Finish(a,PKCS7_ENCRYPT_free,ASN1_F_D2I_PKCS7_ENCRYPT);
+	}
+
+PKCS7_ENCRYPT *PKCS7_ENCRYPT_new()
+	{
+	PKCS7_ENCRYPT *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ENCRYPT);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ENCRYPT_NEW);
+	}
+
+void PKCS7_ENCRYPT_free(a)
+PKCS7_ENCRYPT *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	PKCS7_ENC_CONTENT_free(a->enc_data);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_enc_c.c b/crypto/asn1/p7_enc_c.c
new file mode 100644
index 0000000000000000000000000000000000000000..b27d443533879d262a058ecf0a65341ab6f0e193
--- /dev/null
+++ b/crypto/asn1/p7_enc_c.c
@@ -0,0 +1,127 @@
+/* crypto/asn1/p7_enc_c.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_ENC_CONTENT_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_ENC_CONTENT,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_ENC_CONTENT(a,pp)
+PKCS7_ENC_CONTENT *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->content_type,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len(a->algorithm,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->content_type,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put(a->algorithm,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING,0);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(a,pp,length)
+PKCS7_ENC_CONTENT **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ENC_CONTENT *,PKCS7_ENC_CONTENT_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->content_type,d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get(ret->algorithm,d2i_X509_ALGOR);
+	M_ASN1_D2I_get_IMP_opt(ret->enc_data,d2i_ASN1_OCTET_STRING,0,
+		V_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,PKCS7_ENC_CONTENT_free,
+		ASN1_F_D2I_PKCS7_ENC_CONTENT);
+	}
+
+PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new()
+	{
+	PKCS7_ENC_CONTENT *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ENC_CONTENT);
+	M_ASN1_New(ret->content_type,ASN1_OBJECT_new);
+	M_ASN1_New(ret->algorithm,X509_ALGOR_new);
+	ret->enc_data=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ENC_CONTENT_NEW);
+	}
+
+void PKCS7_ENC_CONTENT_free(a)
+PKCS7_ENC_CONTENT *a;
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->content_type);
+	X509_ALGOR_free(a->algorithm);
+	ASN1_OCTET_STRING_free(a->enc_data);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_evp.c b/crypto/asn1/p7_evp.c
new file mode 100644
index 0000000000000000000000000000000000000000..a41d09db77251357bc6834b5b1f06257e151b8f8
--- /dev/null
+++ b/crypto/asn1/p7_evp.c
@@ -0,0 +1,125 @@
+/* crypto/asn1/p7_evp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_ENVELOPE_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_ENVELOPE,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_ENVELOPE(a,pp)
+PKCS7_ENVELOPE *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(a,pp,length)
+PKCS7_ENVELOPE **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ENVELOPE *,PKCS7_ENVELOPE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO);
+	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
+
+	M_ASN1_D2I_Finish(a,PKCS7_ENVELOPE_free,ASN1_F_D2I_PKCS7_ENVELOPE);
+	}
+
+PKCS7_ENVELOPE *PKCS7_ENVELOPE_new()
+	{
+	PKCS7_ENVELOPE *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ENVELOPE);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->recipientinfo,sk_new_null);
+	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ENVELOPE_NEW);
+	}
+
+void PKCS7_ENVELOPE_free(a)
+PKCS7_ENVELOPE *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	PKCS7_ENC_CONTENT_free(a->enc_data);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_i_s.c b/crypto/asn1/p7_i_s.c
new file mode 100644
index 0000000000000000000000000000000000000000..413c7e1e697dd6972b2d37408301ffd73225ccad
--- /dev/null
+++ b/crypto/asn1/p7_i_s.c
@@ -0,0 +1,120 @@
+/* crypto/asn1/p7_i_s.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_ISSUER_AND_SERIAL(a,pp)
+PKCS7_ISSUER_AND_SERIAL *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_len(a->serial,i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_put(a->serial,i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(a,pp,length)
+PKCS7_ISSUER_AND_SERIAL **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ISSUER_AND_SERIAL *,PKCS7_ISSUER_AND_SERIAL_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->serial,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a,PKCS7_ISSUER_AND_SERIAL_free,
+		ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL);
+	}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new()
+	{
+	PKCS7_ISSUER_AND_SERIAL *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_New(ret->issuer,X509_NAME_new);
+	M_ASN1_New(ret->serial,ASN1_INTEGER_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW);
+	}
+
+void PKCS7_ISSUER_AND_SERIAL_free(a)
+PKCS7_ISSUER_AND_SERIAL *a;
+	{
+	if (a == NULL) return;
+	X509_NAME_free(a->issuer);
+	ASN1_INTEGER_free(a->serial);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c
new file mode 100644
index 0000000000000000000000000000000000000000..b745df09446931573b74e71cee9d849cce52f95d
--- /dev/null
+++ b/crypto/asn1/p7_lib.c
@@ -0,0 +1,299 @@
+/* crypto/asn1/p7_lib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "objects.h"
+
+/* ASN1err(ASN1_F_D2I_PKCS7,ASN1_R_BAD_PKCS7_CONTENT);
+ * ASN1err(ASN1_F_I2D_PKCS7,ASN1_R_BAD_PKCS7_TYPE);
+ * ASN1err(ASN1_F_PKCS7_NEW,ASN1_R_BAD_PKCS7_TYPE);
+ */
+
+int i2d_PKCS7(a,pp)
+PKCS7 *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	if (a->asn1 != NULL)
+		{
+		if (pp == NULL)
+			return((int)a->length);
+		memcpy(*pp,a->asn1,(int)a->length);
+		*pp+=a->length;
+		return((int)a->length);
+		}
+
+	ret+=4; /* sequence, BER header plus '0 0' end padding */
+	M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
+	if (a->d.ptr != NULL)
+		{
+		ret+=4; /* explicit tag [ 0 ] BER plus '0 0' */
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_len(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		}
+	r=ret;
+	if (pp == NULL) return(r);
+	p= *pp;
+	M_ASN1_I2D_INF_seq_start(V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
+
+	if (a->d.ptr != NULL)
+		{
+		M_ASN1_I2D_INF_seq_start(0,V_ASN1_CONTEXT_SPECIFIC);
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_put(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		M_ASN1_I2D_INF_seq_end();
+		}
+	M_ASN1_I2D_INF_seq_end();
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7 *d2i_PKCS7(a,pp,length)
+PKCS7 **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
+
+	if ((a != NULL) && ((*a) != NULL))
+		{
+		if ((*a)->asn1 != NULL)
+			{
+			Free((char *)(*a)->asn1);
+			(*a)->asn1=NULL;
+			}
+		(*a)->length=0;
+		}
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->type,d2i_ASN1_OBJECT);
+	if (!M_ASN1_D2I_end_sequence())
+		{
+		int Tinf,Ttag,Tclass;
+		long Tlen;
+
+		if (M_ASN1_next != (V_ASN1_CONSTRUCTED|
+			V_ASN1_CONTEXT_SPECIFIC|0))
+			{
+			c.error=ASN1_R_BAD_PKCS7_CONTENT;
+			goto err;
+			}
+
+		ret->detached=0;
+
+		c.q=c.p;
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,
+			(c.inf & 1)?(length+ *pp-c.q):c.slen);
+		if (Tinf & 0x80) goto err;
+		c.slen-=(c.p-c.q);
+
+		switch (OBJ_obj2nid(ret->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_D2I_get(ret->d.data,d2i_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_D2I_get(ret->d.sign,d2i_PKCS7_SIGNED);
+			if (ret->d.sign->contents->d.ptr == NULL)
+				ret->detached=1;
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_D2I_get(ret->d.enveloped,d2i_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_D2I_get(ret->d.signed_and_enveloped,
+				d2i_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_D2I_get(ret->d.digest,d2i_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_D2I_get(ret->d.encrypted,d2i_PKCS7_ENCRYPT);
+			break;
+		default:
+			c.error=ASN1_R_BAD_PKCS7_TYPE;
+			goto err;
+			break;
+			}
+		if (Tinf == (1|V_ASN1_CONSTRUCTED))
+			{
+			if (!ASN1_check_infinite_end(&c.p,c.slen))
+				{
+				c.error=ASN1_R_MISSING_EOS;
+				goto err;
+				}
+			}
+		}
+	else
+		ret->detached=1;
+		
+	M_ASN1_D2I_Finish(a,PKCS7_free,ASN1_F_D2I_PKCS7);
+	}
+
+PKCS7 *PKCS7_new()
+	{
+	PKCS7 *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7);
+	ret->type=ASN1_OBJECT_new();
+	ret->asn1=NULL;
+	ret->length=0;
+	ret->detached=0;
+	ret->d.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_NEW);
+	}
+
+void PKCS7_free(a)
+PKCS7 *a;
+	{
+	if (a == NULL) return;
+
+	PKCS7_content_free(a);
+	if (a->type != NULL)
+		{
+		ASN1_OBJECT_free(a->type);
+		}
+	Free((char *)(char *)a);
+	}
+
+void PKCS7_content_free(a)
+PKCS7 *a;
+	{
+	if (a->asn1 != NULL) Free((char *)a->asn1);
+
+	if (a->d.ptr != NULL)
+		{
+		if (a->type == NULL) return;
+
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			ASN1_OCTET_STRING_free(a->d.data);
+			break;
+		case NID_pkcs7_signed:
+			PKCS7_SIGNED_free(a->d.sign);
+			break;
+		case NID_pkcs7_enveloped:
+			PKCS7_ENVELOPE_free(a->d.enveloped);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			PKCS7_SIGN_ENVELOPE_free(a->d.signed_and_enveloped);
+			break;
+		case NID_pkcs7_digest:
+			PKCS7_DIGEST_free(a->d.digest);
+			break;
+		case NID_pkcs7_encrypted:
+			PKCS7_ENCRYPT_free(a->d.encrypted);
+			break;
+		default:
+			/* MEMORY LEAK */
+			break;
+			}
+		}
+	a->d.ptr=NULL;
+	}
+
diff --git a/crypto/asn1/p7_recip.c b/crypto/asn1/p7_recip.c
new file mode 100644
index 0000000000000000000000000000000000000000..e4ebda0060523e79e46d5928acfc16b7b2e1d290
--- /dev/null
+++ b/crypto/asn1/p7_recip.c
@@ -0,0 +1,130 @@
+/* crypto/asn1/p7_recip.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_RECIP_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_RECIP_INFO,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_RECIP_INFO(a,pp)
+PKCS7_RECIP_INFO *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_len(a->key_enc_algor,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->enc_key,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_put(a->key_enc_algor,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->enc_key,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(a,pp,length)
+PKCS7_RECIP_INFO **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_RECIP_INFO *,PKCS7_RECIP_INFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_D2I_get(ret->key_enc_algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_key,d2i_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,PKCS7_RECIP_INFO_free,ASN1_F_D2I_PKCS7_RECIP_INFO);
+	}
+
+PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new()
+	{
+	PKCS7_RECIP_INFO *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_RECIP_INFO);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
+	M_ASN1_New(ret->key_enc_algor,X509_ALGOR_new);
+	M_ASN1_New(ret->enc_key,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_RECIP_INFO_NEW);
+	}
+
+void PKCS7_RECIP_INFO_free(a)
+PKCS7_RECIP_INFO *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
+	X509_ALGOR_free(a->key_enc_algor);
+	ASN1_OCTET_STRING_free(a->enc_key);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_s_e.c b/crypto/asn1/p7_s_e.c
new file mode 100644
index 0000000000000000000000000000000000000000..df5fa3ff8c3cd02743880936bfe8d3c9ad702197
--- /dev/null
+++ b/crypto/asn1/p7_s_e.c
@@ -0,0 +1,146 @@
+/* crypto/asn1/p7_s_e.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_SIGN_ENVELOPE(a,pp)
+PKCS7_SIGN_ENVELOPE *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+	M_ASN1_I2D_len_IMP_set_opt(a->cert,i2d_X509,0);
+	M_ASN1_I2D_len_IMP_set_opt(a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+	M_ASN1_I2D_put_IMP_set_opt(a->cert,i2d_X509,0);
+	M_ASN1_I2D_put_IMP_set_opt(a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(a,pp,length)
+PKCS7_SIGN_ENVELOPE **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_SIGN_ENVELOPE *,PKCS7_SIGN_ENVELOPE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO);
+	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
+	M_ASN1_D2I_get_IMP_set_opt(ret->cert,d2i_X509,0);
+	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,1);
+	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO);
+
+	M_ASN1_D2I_Finish(a,PKCS7_SIGN_ENVELOPE_free,
+		ASN1_F_D2I_PKCS7_SIGN_ENVELOPE);
+	}
+
+PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new()
+	{
+	PKCS7_SIGN_ENVELOPE *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_SIGN_ENVELOPE);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->recipientinfo,sk_new_null);
+	M_ASN1_New(ret->md_algs,sk_new_null);
+	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
+	ret->cert=NULL;
+	ret->crl=NULL;
+	M_ASN1_New(ret->signer_info,sk_new_null);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW);
+	}
+
+void PKCS7_SIGN_ENVELOPE_free(a)
+PKCS7_SIGN_ENVELOPE *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	sk_pop_free(a->md_algs,X509_ALGOR_free);
+	PKCS7_ENC_CONTENT_free(a->enc_data);
+	sk_pop_free(a->cert,X509_free);
+	sk_pop_free(a->crl,X509_CRL_free);
+	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_signd.c b/crypto/asn1/p7_signd.c
new file mode 100644
index 0000000000000000000000000000000000000000..23dc7ce268bbf1a7e77e03c75b0da8ff061e9465
--- /dev/null
+++ b/crypto/asn1/p7_signd.c
@@ -0,0 +1,140 @@
+/* crypto/asn1/p7_signd.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_SIGNED_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_SIGNED,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_SIGNED(a,pp)
+PKCS7_SIGNED *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_len_IMP_set_opt(a->cert,i2d_X509,0);
+	M_ASN1_I2D_len_IMP_set_opt(a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_put_IMP_set_opt(a->cert,i2d_X509,0);
+	M_ASN1_I2D_put_IMP_set_opt(a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_SIGNED *d2i_PKCS7_SIGNED(a,pp,length)
+PKCS7_SIGNED **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_SIGNED *,PKCS7_SIGNED_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
+	M_ASN1_D2I_get_IMP_set_opt(ret->cert,d2i_X509,0);
+	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,1);
+	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO);
+
+	M_ASN1_D2I_Finish(a,PKCS7_SIGNED_free,ASN1_F_D2I_PKCS7_SIGNED);
+	}
+
+PKCS7_SIGNED *PKCS7_SIGNED_new()
+	{
+	PKCS7_SIGNED *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_SIGNED);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->md_algs,sk_new_null);
+	M_ASN1_New(ret->contents,PKCS7_new);
+	ret->cert=NULL;
+	ret->crl=NULL;
+	M_ASN1_New(ret->signer_info,sk_new_null);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNED_NEW);
+	}
+
+void PKCS7_SIGNED_free(a)
+PKCS7_SIGNED *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_pop_free(a->md_algs,X509_ALGOR_free);
+	PKCS7_free(a->contents);
+	sk_pop_free(a->cert,X509_free);
+	sk_pop_free(a->crl,X509_CRL_free);
+	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/p7_signi.c b/crypto/asn1/p7_signi.c
new file mode 100644
index 0000000000000000000000000000000000000000..d6682e0359b1d6ce9c34ad5892680fc12b74490a
--- /dev/null
+++ b/crypto/asn1/p7_signi.c
@@ -0,0 +1,149 @@
+/* crypto/asn1/p7_signi.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_PKCS7_SIGNER_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_PKCS7_SIGNER_INFO,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_PKCS7_SIGNER_INFO(a,pp)
+PKCS7_SIGNER_INFO *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_len(a->digest_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_IMP_set_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_len(a->digest_enc_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->enc_digest,i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len_IMP_set_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_put(a->digest_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_IMP_set_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_put(a->digest_enc_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->enc_digest,i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put_IMP_set_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(a,pp,length)
+PKCS7_SIGNER_INFO **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,PKCS7_SIGNER_INFO *,PKCS7_SIGNER_INFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_D2I_get(ret->digest_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get_IMP_set_opt(ret->auth_attr,d2i_X509_ATTRIBUTE,0);
+	M_ASN1_D2I_get(ret->digest_enc_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_digest,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_IMP_set_opt(ret->unauth_attr,d2i_X509_ATTRIBUTE,1);
+
+	M_ASN1_D2I_Finish(a,PKCS7_SIGNER_INFO_free,
+		ASN1_F_D2I_PKCS7_SIGNER_INFO);
+	}
+
+PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new()
+	{
+	PKCS7_SIGNER_INFO *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,PKCS7_SIGNER_INFO);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
+	M_ASN1_New(ret->digest_alg,X509_ALGOR_new);
+	ret->auth_attr=NULL;
+	M_ASN1_New(ret->digest_enc_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->enc_digest,ASN1_OCTET_STRING_new);
+	ret->unauth_attr=NULL;
+	ret->pkey=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNER_INFO_NEW);
+	}
+
+void PKCS7_SIGNER_INFO_free(a)
+PKCS7_SIGNER_INFO *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
+	X509_ALGOR_free(a->digest_alg);
+	sk_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
+	X509_ALGOR_free(a->digest_enc_alg);
+	ASN1_OCTET_STRING_free(a->enc_digest);
+	sk_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
+	if (a->pkey != NULL)
+		EVP_PKEY_free(a->pkey);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/pk.c b/crypto/asn1/pk.c
new file mode 100644
index 0000000000000000000000000000000000000000..b96f22d1394e96e7db36e75f702d169511bd7a9f
--- /dev/null
+++ b/crypto/asn1/pk.c
@@ -0,0 +1,117 @@
+/* crypto/asn1/pk.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "../error/err.h"
+#include "./asn1.h"
+#include "rsa.h"
+#include "x509.h"
+#include "pkcs7.h"
+
+main()
+	{
+	PKCS7 *x;
+	FILE *in;
+	unsigned char buf[10240],buf2[10240],*p;
+	int num,i;
+
+	PKCS7 *nx=NULL,*mx=NULL;
+
+	in=fopen("pkcs7.der","r");
+	if (in == NULL)
+		{
+		perror("pkcs7.der");
+		exit(1);
+		}
+	num=fread(buf,1,10240,in);
+	fclose(in);
+
+
+		p=buf;
+		if (d2i_PKCS7(&nx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf);
+
+exit(0);
+		p=buf2;
+		num=i2d_PKCS7(nx,&p);
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+		if (memcmp(buf,buf2,num) != 0)
+			{
+			fprintf(stderr,"data difference\n");
+			for (i=0; i\n",
+					(buf[i] == buf2[i])?' ':'*',i,
+					buf[i],buf2[i]);
+			fprintf(stderr,"\n");
+			exit(1);
+			}
+
+		p=buf2;
+		if (d2i_PKCS7(&mx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+/*		X509_print(stdout,mx);*/
+
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(stderr);
+	exit(1);
+	}
+
diff --git a/crypto/asn1/pkcs8.c b/crypto/asn1/pkcs8.c
new file mode 100644
index 0000000000000000000000000000000000000000..bd0d191530d4410ed31b71f950f2d266a8554be1
--- /dev/null
+++ b/crypto/asn1/pkcs8.c
@@ -0,0 +1,139 @@
+/* crypto/asn1/pkcs8.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "objects.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_KEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_KEY_NEW,ASN1_R_BAD_GET_OBJECT);
+ */
+
+int i2d_X509_KEY(a,pp)
+X509 *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509 *d2i_X509_KEY(a,pp,length)
+X509 **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+	}
+
+X509 *X509_KEY_new()
+	{
+	X509_KEY *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_KEY);
+	ret->references=1;
+	ret->type=NID
+	M_ASN1_New(ret->cert_info,X509_CINF_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NEW);
+	}
+
+void X509_KEY_free(a)
+X509 *a;
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_KEY_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_CINF_free(a->cert_info);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
new file mode 100644
index 0000000000000000000000000000000000000000..09a5abec672e49332c836f2c25fb18a28e6eaffb
--- /dev/null
+++ b/crypto/asn1/t_pkey.c
@@ -0,0 +1,389 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#ifndef NO_DH
+#include "dh.h"
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#endif
+
+/* DHerr(DH_F_DHPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+ * DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+ */
+
+#ifndef NOPROTO
+static int print(BIO *fp,char *str,BIGNUM *num,
+		unsigned char *buf,int off);
+#else
+static int print();
+#endif
+
+#ifndef NO_RSA
+#ifndef WIN16
+int RSA_print_fp(fp,x,off)
+FILE *fp;
+RSA *x;
+int off;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int RSA_print(bp,x,off)
+BIO *bp;
+RSA *x;
+int off;
+	{
+	char str[128],*s;
+	unsigned char *m=NULL;
+	int i,ret=0;
+
+	i=RSA_size(x);
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (off)
+		{
+		if (off > 128) off=128;
+		memset(str,' ',off);
+		}
+	if (x->d != NULL)
+		{
+		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+			<= 0) goto err;
+		}
+
+	if (x->d == NULL)
+		sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
+	else
+		strcpy(str,"modulus:");
+	if (!print(bp,str,x->n,m,off)) goto err;
+	s=(x->d == NULL)?"Exponent:":"publicExponent:";
+	if (!print(bp,s,x->e,m,off)) goto err;
+	if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
+	if (!print(bp,"prime1:",x->p,m,off)) goto err;
+	if (!print(bp,"prime2:",x->q,m,off)) goto err;
+	if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
+	if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
+	if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	return(ret);
+	}
+#endif /* NO_RSA */
+
+#ifndef NO_DSA
+#ifndef WIN16
+int DSA_print_fp(fp,x,off)
+FILE *fp;
+DSA *x;
+int off;
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+		return(0);
+		}
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=DSA_print(b,x,off);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int DSA_print(bp,x,off)
+BIO *bp;
+DSA *x;
+int off;
+	{
+	char str[128];
+	unsigned char *m=NULL;
+	int i,ret=0;
+	BIGNUM *bn=NULL;
+
+	if (x->p != NULL)
+		bn=x->p;
+	else if (x->priv_key != NULL)
+		bn=x->priv_key;
+	else if (x->pub_key != NULL)
+		bn=x->pub_key;
+		
+	/* larger than needed but what the hell :-) */
+	if (bn != NULL)
+		i=BN_num_bytes(bn)*2;
+	else
+		i=256;
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (off)
+		{
+		if (off > 128) off=128;
+		memset(str,' ',off);
+		}
+	if (x->priv_key != NULL)
+		{
+		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
+			<= 0) goto err;
+		}
+
+	if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
+		goto err;
+	if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
+		goto err;
+	if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
+	if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
+	if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	return(ret);
+	}
+#endif /* !NO_DSA */
+
+static int print(bp,number,num,buf,off)
+BIO *bp;
+char *number;
+BIGNUM *num;
+unsigned char *buf;
+int off;
+	{
+	int n,i;
+	char str[128],*neg;
+
+	if (num == NULL) return(1);
+	neg=(num->neg)?"-":"";
+	if (off)
+		{
+		if (off > 128) off=128;
+		memset(str,' ',off);
+		if (BIO_write(bp,str,off) <= 0) return(0);
+		}
+
+	if (BN_num_bytes(num) <= BN_BYTES)
+		{
+		if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+			(unsigned long)num->d[0],neg,(unsigned long)num->d[0])
+			<= 0) return(0);
+		}
+	else
+		{
+		buf[0]=0;
+		if (BIO_printf(bp,"%s%s",number,
+			(neg[0] == '-')?" (Negative)":"") <= 0)
+			return(0);
+		n=BN_bn2bin(num,&buf[1]);
+	
+		if (buf[1] & 0x80)
+			n++;
+		else	buf++;
+
+		for (i=0; ip);
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		reason=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+
+	if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
+		BN_num_bits(x->p)) <= 0)
+		goto err;
+	if (!print(bp,"prime:",x->p,m,4)) goto err;
+	if (!print(bp,"generator:",x->g,m,4)) goto err;
+	if (x->length != 0)
+		{
+		if (BIO_printf(bp,"    recomented-private-length: %d bits\n",
+			(int)x->length) <= 0) goto err;
+		}
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	DHerr(DH_F_DHPARAMS_PRINT,reason);
+	return(ret);
+	}
+#endif
+
+#ifndef NO_DSA
+#ifndef WIN16
+int DSAparams_print_fp(fp,x)
+FILE *fp;
+DSA *x;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSAparams_print(bp,x)
+BIO *bp;
+DSA *x;
+	{
+	unsigned char *m=NULL;
+	int reason=ERR_R_BUF_LIB,i,ret=0;
+
+	i=BN_num_bytes(x->p);
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		reason=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+
+	if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
+		BN_num_bits(x->p)) <= 0)
+		goto err;
+	if (!print(bp,"p:",x->p,m,4)) goto err;
+	if (!print(bp,"q:",x->q,m,4)) goto err;
+	if (!print(bp,"g:",x->g,m,4)) goto err;
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
+	return(ret);
+	}
+
+#endif /* !NO_DSA */
+
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
new file mode 100644
index 0000000000000000000000000000000000000000..922f6b392315c281003ed6f8b00da7e46498591b
--- /dev/null
+++ b/crypto/asn1/t_req.c
@@ -0,0 +1,226 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#include "objects.h"
+#include "x509.h"
+
+#ifndef WIN16
+int X509_REQ_print_fp(fp,x)
+FILE *fp;
+X509_REQ *x;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_REQ_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_REQ_print(bp,x)
+BIO *bp;
+X509_REQ *x;
+	{
+	unsigned long l;
+	int i,n;
+	char *s,*neg;
+	X509_REQ_INFO *ri;
+	EVP_PKEY *pkey;
+	STACK *sk;
+	char str[128];
+
+	ri=x->req_info;
+	sprintf(str,"Certificate Request:\n");
+	if (BIO_puts(bp,str) <= 0) goto err;
+	sprintf(str,"%4sData:\n","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+	l=0;
+	for (i=0; iversion->length; i++)
+		{ l<<=8; l+=ri->version->data[i]; }
+	sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+	if (BIO_puts(bp,str) <= 0) goto err;
+	sprintf(str,"%8sSubject: ","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	X509_NAME_print(bp,ri->subject,16);
+	sprintf(str,"\n%8sSubject Public Key Info:\n","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+	i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
+	sprintf(str,"%12sPublic Key Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	pkey=X509_REQ_get_pubkey(x);
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+		RSA_print(bp,pkey->pkey.rsa,16);
+		}
+	else 
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		DSA_print(bp,pkey->pkey.dsa,16);
+		}
+	else
+#endif
+		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+	/* may not be */
+	sprintf(str,"%8sAttributes:\n","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	sk=x->req_info->attributes;
+	if ((sk == NULL) || (sk_num(sk) == 0))
+		{
+		if (!x->req_info->req_kludge)
+			{
+			sprintf(str,"%12sa0:00\n","");
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+		}
+	else
+		{
+		for (i=0; iobject)) > 0)
+
+			if (a->set)
+				{
+				ii=0;
+				count=sk_num(a->value.set);
+get_next:
+				at=(ASN1_TYPE *)sk_value(a->value.set,ii);
+				type=at->type;
+				bs=at->value.asn1_string;
+				}
+			else
+				{
+				t=a->value.single;
+				type=t->type;
+				bs=t->value.bit_string;
+				}
+			for (j=25-j; j>0; j--)
+				if (BIO_write(bp," ",1) != 1) goto err;
+			if (BIO_puts(bp,":") <= 0) goto err;
+			if (	(type == V_ASN1_PRINTABLESTRING) ||
+				(type == V_ASN1_T61STRING) ||
+				(type == V_ASN1_IA5STRING))
+				{
+				if (BIO_write(bp,(char *)bs->data,bs->length)
+					!= bs->length)
+					goto err;
+				BIO_puts(bp,"\n");
+				}
+			else
+				{
+				BIO_puts(bp,"unable to print attribute\n");
+				}
+			if (++ii < count) goto get_next;
+			}
+		}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	sprintf(str,"%4sSignature Algorithm: %s","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	n=x->signature->length;
+	s=(char *)x->signature->data;
+	for (i=0; i
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#endif
+#include "objects.h"
+#include "x509.h"
+
+#ifndef WIN16
+int X509_print_fp(fp,x)
+FILE *fp;
+X509 *x;
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_print(bp,x)
+BIO *bp;
+X509 *x;
+	{
+	long l;
+	int ret=0,i,j,n;
+	char *m=NULL,*s;
+	X509_CINF *ci;
+	ASN1_INTEGER *bs;
+	EVP_PKEY *pkey=NULL;
+	char *neg;
+	X509_EXTENSION *ex;
+	ASN1_STRING *str=NULL;
+
+	ci=x->cert_info;
+	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+	l=X509_get_version(x);
+	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+	bs=X509_get_serialNumber(x);
+	if (bs->length <= 4)
+		{
+		l=ASN1_INTEGER_get(bs);
+		if (l < 0)
+			{
+			l= -l;
+			neg="-";
+			}
+		else
+			neg="";
+		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+			goto err;
+		}
+	else
+		{
+		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+		for (i=0; ilength; i++)
+			{
+			if (BIO_printf(bp,"%02x%c",bs->data[i],
+				((i+1 == bs->length)?'\n':':')) <= 0)
+				goto err;
+			}
+		}
+
+	i=OBJ_obj2nid(ci->signature->algorithm);
+	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+		goto err;
+
+	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+	if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
+	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+	if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
+	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+		goto err;
+	i=OBJ_obj2nid(ci->key->algor->algorithm);
+	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+
+	pkey=X509_get_pubkey(x);
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+		BN_num_bits(pkey->pkey.rsa->n));
+		RSA_print(bp,pkey->pkey.rsa,16);
+		}
+	else
+#endif
+#ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		DSA_print(bp,pkey->pkey.dsa,16);
+		}
+	else
+#endif
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+
+	n=X509_get_ext_count(x);
+	if (n > 0)
+		{
+		BIO_printf(bp,"%8sX509v3 extensions:\n","");
+		for (i=0; idata,
+							str->length) <= 0)
+						goto err;
+					}
+				else if (data_type == V_ASN1_BIT_STRING)
+					{
+					BIO_printf(bp,"0x");
+					for (j=0; jlength; j++)
+						{
+						BIO_printf(bp,"%02X",
+							str->data[j]);
+						}
+					}
+				}
+			else
+				{
+				ASN1_OCTET_STRING_print(bp,ex->value);
+				}
+			if (BIO_write(bp,"\n",1) <= 0) goto err;
+			}
+		}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+
+	n=x->signature->length;
+	s=(char *)x->signature->data;
+	for (i=0; idata;
+	for (i=0; ilength; i++)
+		{
+		if ((p[i] > '~') || ((p[i] < ' ') &&
+			(p[i] != '\n') && (p[i] != '\r')))
+			buf[n]='.';
+		else
+			buf[n]=p[i];
+		n++;
+		if (n >= 80)
+			{
+			if (BIO_write(bp,buf,n) <= 0)
+				return(0);
+			n=0;
+			}
+		}
+	if (n > 0)
+		if (BIO_write(bp,buf,n) <= 0)
+			return(0);
+	return(1);
+	}
+
+int ASN1_UTCTIME_print(bp,tm)
+BIO *bp;
+ASN1_UTCTIME *tm;
+	{
+	char *v;
+	int gmt=0;
+	static char *mon[12]={
+		"Jan","Feb","Mar","Apr","May","Jun",
+		"Jul","Aug","Sep","Oct","Nov","Dec"};
+	int i;
+	int y=0,M=0,d=0,h=0,m=0,s=0;
+
+	i=tm->length;
+	v=(char *)tm->data;
+
+	if (i < 10) goto err;
+	if (v[i-1] == 'Z') gmt=1;
+	for (i=0; i<10; i++)
+		if ((v[i] > '9') || (v[i] < '0')) goto err;
+	y= (v[0]-'0')*10+(v[1]-'0');
+	if (y < 70) y+=100;
+	M= (v[2]-'0')*10+(v[3]-'0');
+	if ((M > 12) || (M < 1)) goto err;
+	d= (v[4]-'0')*10+(v[5]-'0');
+	h= (v[6]-'0')*10+(v[7]-'0');
+	m=  (v[8]-'0')*10+(v[9]-'0');
+	if (	(v[10] >= '0') && (v[10] <= '9') &&
+		(v[11] >= '0') && (v[11] <= '9'))
+		s=  (v[10]-'0')*10+(v[11]-'0');
+
+	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+		mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
+		return(0);
+	else
+		return(1);
+err:
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+	}
+
+int X509_NAME_print(bp,name,obase)
+BIO *bp;
+X509_NAME *name;
+int obase;
+	{
+	char *s,*c;
+	int ret=0,l,ll,i,first=1;
+	char buf[256];
+
+	ll=80-2-obase;
+
+	s=X509_NAME_oneline(name,buf,256);
+	s++; /* skip the first slash */
+
+	l=ll;
+	c=s;
+	for (;;)
+		{
+		if (	((*s == '/') &&
+				((s[1] >= 'A') && (s[1] <= 'Z') && (
+					(s[2] == '=') ||
+					((s[2] >= 'A') && (s[2] <= 'Z') &&
+					(s[3] == '='))
+				 ))) ||
+			(*s == '\0'))
+			{
+			if ((l <= 0) && !first)
+				{
+				first=0;
+				if (BIO_write(bp,"\n",1) != 1) goto err;
+				for (i=0; i
+#include "../error/err.h"
+#include "./asn1.h"
+#include "rsa.h"
+#include "../x509/x509.h"
+#include "x509.h"
+
+main()
+	{
+	main1();
+	main2();
+	main3();
+	main4();
+	}
+
+main1()
+	{
+	FILE *in;
+	unsigned char buf[10240],buf2[10240],*p;
+	int num,i;
+
+	X509 *nx=NULL,*mx=NULL;
+
+	in=fopen("x.der","r");
+	if (in == NULL)
+		{
+		perror("x.der");
+		exit(1);
+		}
+	num=fread(buf,1,10240,in);
+	fclose(in);
+
+
+		p=buf;
+		if (d2i_X509(&nx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf);
+
+		p=buf2;
+		num=i2d_X509(nx,&p);
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+		if (memcmp(buf,buf2,num) != 0)
+			{
+			fprintf(stderr,"data difference\n");
+			for (i=0; i\n",
+					(buf[i] == buf2[i])?' ':'*',i,
+					buf[i],buf2[i]);
+			fprintf(stderr,"\n");
+			exit(1);
+			}
+
+		p=buf2;
+		if (d2i_X509(&mx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+	return(1);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(stderr);
+	return(0);
+	}
+
+main2()
+	{
+	FILE *in;
+	unsigned char buf[10240],buf2[10240],*p;
+	int num,i;
+
+	X509_CRL *nx=NULL,*mx=NULL;
+
+	in=fopen("crl.der","r");
+	if (in == NULL)
+		{
+		perror("crl.der");
+		exit(1);
+		}
+	num=fread(buf,1,10240,in);
+	fclose(in);
+
+
+		p=buf;
+		if (d2i_X509_CRL(&nx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf);
+
+		p=buf2;
+		num=i2d_X509_CRL(nx,&p);
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+		if (memcmp(buf,buf2,num) != 0)
+			{
+			fprintf(stderr,"data difference\n");
+			for (i=0; i\n",
+					(buf[i] == buf2[i])?' ':'*',i,
+					buf[i],buf2[i]);
+			fprintf(stderr,"\n");
+			exit(1);
+			}
+
+	return(1);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(stderr);
+	return(0);
+	}
+
+main3()
+	{
+	FILE *in;
+	unsigned char buf[10240],buf2[10240],*p;
+	int num,i;
+
+	X509_REQ *nx=NULL,*mx=NULL;
+
+	in=fopen("req.der","r");
+	if (in == NULL)
+		{
+		perror("req.der");
+		exit(1);
+		}
+	num=fread(buf,1,10240,in);
+	fclose(in);
+
+
+		p=buf;
+		if (d2i_X509_REQ(&nx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf);
+
+		p=buf2;
+		num=i2d_X509_REQ(nx,&p);
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+		if (memcmp(buf,buf2,num) != 0)
+			{
+			fprintf(stderr,"data difference\n");
+			for (i=0; i\n",
+					(buf[i] == buf2[i])?' ':'*',i,
+					buf[i],buf2[i]);
+			fprintf(stderr,"\n");
+			exit(1);
+			}
+
+	return(1);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(stderr);
+	return(0);
+	}
+
+main4()
+	{
+	FILE *in;
+	unsigned char buf[10240],buf2[10240],*p;
+	int num,i;
+
+	RSA *nx=NULL,*mx=NULL;
+
+	in=fopen("rsa.der","r");
+	if (in == NULL)
+		{
+		perror("rsa.der");
+		exit(1);
+		}
+	num=fread(buf,1,10240,in);
+	fclose(in);
+
+
+		p=buf;
+		if (d2i_RSAPrivateKey(&nx,&p,num) == NULL) goto err;
+		printf("num=%d p-buf=%d\n",num,p-buf);
+
+		p=buf2;
+		num=i2d_RSAPrivateKey(nx,&p);
+		printf("num=%d p-buf=%d\n",num,p-buf2);
+
+		if (memcmp(buf,buf2,num) != 0)
+			{
+			fprintf(stderr,"data difference\n");
+			for (i=0; i\n",
+					(buf[i] == buf2[i])?' ':'*',i,
+					buf[i],buf2[i]);
+			fprintf(stderr,"\n");
+			exit(1);
+			}
+
+	return(1);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(stderr);
+	return(0);
+	}
+
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
new file mode 100644
index 0000000000000000000000000000000000000000..1a23812c965dd79f5a473e242de836b7fd80a307
--- /dev/null
+++ b/crypto/asn1/x_algor.c
@@ -0,0 +1,126 @@
+/* crypto/asn1/x_algor.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_ALGOR_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
+ * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_ALGOR(a,pp)
+X509_ALGOR *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
+	if (a->parameter != NULL)
+		{ M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
+
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
+	if (a->parameter != NULL)
+		{ M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_ALGOR *d2i_X509_ALGOR(a,pp,length)
+X509_ALGOR **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
+	if (!M_ASN1_D2I_end_sequence())
+		{ M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
+	else
+		{
+		ASN1_TYPE_free(ret->parameter);
+		ret->parameter=NULL;
+		}
+	M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
+	}
+
+X509_ALGOR *X509_ALGOR_new()
+	{
+	X509_ALGOR *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_ALGOR);
+	M_ASN1_New(ret->algorithm,ASN1_OBJECT_new);
+	ret->parameter=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
+	}
+
+void X509_ALGOR_free(a)
+X509_ALGOR *a;
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->algorithm);
+	ASN1_TYPE_free(a->parameter);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c
new file mode 100644
index 0000000000000000000000000000000000000000..bce6f3aad53cee21f18617b5ef9dd1afa2bea175
--- /dev/null
+++ b/crypto/asn1/x_attrib.c
@@ -0,0 +1,152 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_ATTRIBUTE,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_ATTRIBUTE_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ * ASN1err(ASN1_F_I2D_X509_ATTRIBUTE,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+/* sequence */
+int i2d_X509_ATTRIBUTE(a,pp)
+X509_ATTRIBUTE *a;
+unsigned char **pp;
+	{
+	int k=0;
+	int r=0,ret=0;
+	unsigned char **p=NULL;
+
+	if (a == NULL) return(0);
+
+	p=NULL;
+	for (;;)
+		{
+		if (k)
+			{
+			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+			if (pp == NULL) return(r);
+			p=pp;
+			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
+				V_ASN1_UNIVERSAL);
+			}
+
+		ret+=i2d_ASN1_OBJECT(a->object,p);
+		if (a->set)
+			ret+=i2d_ASN1_SET(a->value.set,p,i2d_ASN1_TYPE,
+				V_ASN1_SET,V_ASN1_UNIVERSAL);
+		else
+			ret+=i2d_ASN1_TYPE(a->value.single,p);
+		if (k++) return(r);
+		}
+	}
+
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(a,pp,length)
+X509_ATTRIBUTE **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+
+	if ((c.slen != 0) &&
+		(M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
+		{
+		ret->set=1;
+		M_ASN1_D2I_get_set(ret->value.set,d2i_ASN1_TYPE);
+		}
+	else
+		{
+		ret->set=0;
+		M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
+		}
+
+	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
+	}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new()
+	{
+	X509_ATTRIBUTE *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
+	M_ASN1_New(ret->object,ASN1_OBJECT_new);
+	ret->set=0;
+	ret->value.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
+	}
+	
+void X509_ATTRIBUTE_free(a)
+X509_ATTRIBUTE *a;
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->object);
+	if (a->set)
+		sk_pop_free(a->value.set,ASN1_TYPE_free);
+	else
+		ASN1_TYPE_free(a->value.single);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/x_cinf.c b/crypto/asn1/x_cinf.c
new file mode 100644
index 0000000000000000000000000000000000000000..e5cc2af722e4c42561d40d33ab83b4d2e0d43393
--- /dev/null
+++ b/crypto/asn1/x_cinf.c
@@ -0,0 +1,197 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_CINF,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CINF_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_CINF(a,pp)
+X509_CINF *a;
+unsigned char **pp;
+	{
+	int v1=0,v2=0;
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+	M_ASN1_I2D_len(a->serialNumber,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->signature,		i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->issuer,		i2d_X509_NAME);
+	M_ASN1_I2D_len(a->validity,		i2d_X509_VAL);
+	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_len(a->key,			i2d_X509_PUBKEY);
+	M_ASN1_I2D_len_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+	M_ASN1_I2D_put(a->serialNumber,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->signature,		i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->issuer,		i2d_X509_NAME);
+	M_ASN1_I2D_put(a->validity,		i2d_X509_VAL);
+	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_put(a->key,			i2d_X509_PUBKEY);
+	M_ASN1_I2D_put_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING,1);
+	M_ASN1_I2D_put_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING,2);
+	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_CINF *d2i_X509_CINF(a,pp,length)
+X509_CINF **a;
+unsigned char **pp;
+long length;
+	{
+	int ver=0;
+	M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	/* we have the optional version field */
+	if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+		{
+		M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+		if (ret->version->data != NULL)
+			ver=ret->version->data[0];
+		}
+	else
+		{
+		if (ret->version != NULL)
+			{
+			ASN1_INTEGER_free(ret->version);
+			ret->version=NULL;
+			}
+		}
+	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+	if (ver >= 1) /* version 2 extensions */
+		{
+		if (ret->issuerUID != NULL)
+			{
+			ASN1_BIT_STRING_free(ret->issuerUID);
+			ret->issuerUID=NULL;
+			}
+		if (ret->subjectUID != NULL)
+			{
+			ASN1_BIT_STRING_free(ret->subjectUID);
+			ret->issuerUID=NULL;
+			}
+		M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+			V_ASN1_BIT_STRING);
+		M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+			V_ASN1_BIT_STRING);
+		}
+	if (ver >= 2) /* version 3 extensions */
+		{
+		if (ret->extensions != NULL)
+			while (sk_num(ret->extensions))
+				X509_EXTENSION_free((X509_EXTENSION *)
+					sk_pop(ret->extensions));
+		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,3,
+			V_ASN1_SEQUENCE);
+		}
+	M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+	}
+
+X509_CINF *X509_CINF_new()
+	{
+	X509_CINF *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_CINF);
+	ret->version=NULL;
+	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+	M_ASN1_New(ret->signature,X509_ALGOR_new);
+	M_ASN1_New(ret->issuer,X509_NAME_new);
+	M_ASN1_New(ret->validity,X509_VAL_new);
+	M_ASN1_New(ret->subject,X509_NAME_new);
+	M_ASN1_New(ret->key,X509_PUBKEY_new);
+	ret->issuerUID=NULL;
+	ret->subjectUID=NULL;
+	ret->extensions=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+	}
+
+void X509_CINF_free(a)
+X509_CINF *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	ASN1_INTEGER_free(a->serialNumber);
+	X509_ALGOR_free(a->signature);
+	X509_NAME_free(a->issuer);
+	X509_VAL_free(a->validity);
+	X509_NAME_free(a->subject);
+	X509_PUBKEY_free(a->key);
+	ASN1_BIT_STRING_free(a->issuerUID);
+	ASN1_BIT_STRING_free(a->subjectUID);
+	sk_pop_free(a->extensions,X509_EXTENSION_free);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
new file mode 100644
index 0000000000000000000000000000000000000000..22cb99fb0001389f1092a65e58326ff143700274
--- /dev/null
+++ b/crypto/asn1/x_crl.c
@@ -0,0 +1,347 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE);
+ * ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
+ * ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+#ifndef NOPROTO
+static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
+static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
+#else
+static int X509_REVOKED_cmp();
+static int X509_REVOKED_seq_cmp();
+#endif
+
+int i2d_X509_REVOKED(a,pp)
+X509_REVOKED *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
+X509_REVOKED **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION);
+	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
+	}
+
+int i2d_X509_CRL_INFO(a,pp)
+X509_CRL_INFO *a;
+unsigned char **pp;
+	{
+	int v1=0;
+	long l=0;
+	M_ASN1_I2D_vars(a);
+
+	if (sk_num(a->revoked) != 0)
+		qsort((char *)a->revoked->data,sk_num(a->revoked),
+			sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp);
+	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
+		{
+		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+		}
+	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
+	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
+		V_ASN1_SEQUENCE,v1);
+
+	M_ASN1_I2D_seq_total();
+
+	if ((a->version != NULL) && (l != 0))
+		{
+		M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+		}
+	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
+	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
+		V_ASN1_SEQUENCE,v1);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
+X509_CRL_INFO **a;
+unsigned char **pp;
+long length;
+	{
+	int i,ver=0;
+	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
+
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
+	if (ret->version != NULL)
+		ver=ret->version->data[0];
+	
+	if ((ver == 0) && (ret->version != NULL))
+		{
+		ASN1_INTEGER_free(ret->version);
+		ret->version=NULL;
+		}
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_UTCTIME);
+	if (ret->revoked != NULL)
+		{
+		while (sk_num(ret->revoked))
+			X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
+		}
+	M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED);
+
+	if (ret->revoked != NULL)
+		{
+		for (i=0; irevoked); i++)
+			{
+			((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
+			}
+		}
+
+	if (ver >= 1)
+		{
+		if (ret->extensions != NULL)
+			{
+			while (sk_num(ret->extensions))
+				X509_EXTENSION_free((X509_EXTENSION *)
+				sk_pop(ret->extensions));
+			}
+			
+		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
+			0,V_ASN1_SEQUENCE);
+		}
+
+	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
+	}
+
+int i2d_X509_CRL(a,pp)
+X509_CRL *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
+	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
+	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_CRL *d2i_X509_CRL(a,pp,length)
+X509_CRL **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+
+	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
+	}
+
+
+X509_REVOKED *X509_REVOKED_new()
+	{
+	X509_REVOKED *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_REVOKED);
+	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+	M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
+	ret->extensions=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
+	}
+
+X509_CRL_INFO *X509_CRL_INFO_new()
+	{
+	X509_CRL_INFO *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
+	ret->version=NULL;
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->issuer,X509_NAME_new);
+	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
+	M_ASN1_New(ret->nextUpdate,ASN1_UTCTIME_new);
+	M_ASN1_New(ret->revoked,sk_new_null);
+	M_ASN1_New(ret->extensions,sk_new_null);
+	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
+	}
+
+X509_CRL *X509_CRL_new()
+	{
+	X509_CRL *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_CRL);
+	ret->references=1;
+	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
+	}
+
+void X509_REVOKED_free(a)
+X509_REVOKED *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->serialNumber);
+	ASN1_UTCTIME_free(a->revocationDate);
+	sk_pop_free(a->extensions,X509_EXTENSION_free);
+	Free((char *)a);
+	}
+
+void X509_CRL_INFO_free(a)
+X509_CRL_INFO *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_ALGOR_free(a->sig_alg);
+	X509_NAME_free(a->issuer);
+	ASN1_UTCTIME_free(a->lastUpdate);
+	ASN1_UTCTIME_free(a->nextUpdate);
+	sk_pop_free(a->revoked,X509_REVOKED_free);
+	sk_pop_free(a->extensions,X509_EXTENSION_free);
+	Free((char *)a);
+	}
+
+void X509_CRL_free(a)
+X509_CRL *a;
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_CRL_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_CRL_INFO_free(a->crl);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
+static int X509_REVOKED_cmp(a,b)
+X509_REVOKED **a,**b;
+	{
+	return(ASN1_STRING_cmp(
+		(ASN1_STRING *)(*a)->serialNumber,
+		(ASN1_STRING *)(*b)->serialNumber));
+	}
+
+static int X509_REVOKED_seq_cmp(a,b)
+X509_REVOKED **a,**b;
+	{
+	return((*a)->sequence-(*b)->sequence);
+	}
diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c
new file mode 100644
index 0000000000000000000000000000000000000000..89daf3f226612a51f0785a4038cc35eeb6bd23e2
--- /dev/null
+++ b/crypto/asn1/x_exten.c
@@ -0,0 +1,147 @@
+/* crypto/asn1/x_exten.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_EXTENSION,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_EXTENSION_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_EXTENSION(a,pp)
+X509_EXTENSION *a;
+unsigned char **pp;
+	{
+	int k=0;
+	int r=0,ret=0;
+	unsigned char **p=NULL;
+
+	if (a == NULL) return(0);
+
+	p=NULL;
+	for (;;)
+		{
+		if (k)
+			{
+			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+			if (pp == NULL) return(r);
+			p=pp;
+			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
+				V_ASN1_UNIVERSAL);
+			}
+
+		ret+=i2d_ASN1_OBJECT(a->object,p);
+		if ((a->critical) || a->netscape_hack)
+			ret+=i2d_ASN1_BOOLEAN(a->critical,p);
+		ret+=i2d_ASN1_OCTET_STRING(a->value,p);
+		if (k++) return(r);
+		}
+	}
+
+X509_EXTENSION *d2i_X509_EXTENSION(a,pp,length)
+X509_EXTENSION **a;
+unsigned char **pp;
+long length;
+	{
+	int i;
+	M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+
+	ret->netscape_hack=0;
+	if ((c.slen != 0) &&
+		(M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
+		{
+		c.q=c.p;
+		if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
+		ret->critical=i;
+		c.slen-=(c.p-c.q);
+		if (ret->critical == 0) ret->netscape_hack=1;
+		}
+	M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
+	}
+
+X509_EXTENSION *X509_EXTENSION_new()
+	{
+	X509_EXTENSION *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_EXTENSION);
+	M_ASN1_New(ret->object,ASN1_OBJECT_new);
+	M_ASN1_New(ret->value,ASN1_OCTET_STRING_new);
+	ret->critical=0;
+	ret->netscape_hack=0;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
+	}
+	
+void X509_EXTENSION_free(a)
+X509_EXTENSION *a;
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->object);
+	ASN1_OCTET_STRING_free(a->value);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
new file mode 100644
index 0000000000000000000000000000000000000000..e46c67298f3ab31d33945c3504b8555ce450ed03
--- /dev/null
+++ b/crypto/asn1/x_info.c
@@ -0,0 +1,108 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "evp.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+X509_INFO *X509_INFO_new()
+	{
+	X509_INFO *ret=NULL;
+
+	ret=(X509_INFO *)Malloc(sizeof(X509_INFO));
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+ 
+        ret->enc_cipher.cipher=NULL;
+        ret->enc_len=0;
+        ret->enc_data=NULL;
+ 
+	ret->references=1;
+	ret->x509=NULL;
+	ret->crl=NULL;
+	ret->x_pkey=NULL;
+	return(ret);
+	}
+
+void X509_INFO_free(x)
+X509_INFO *x;
+	{
+	int i;
+
+	if (x == NULL) return;
+
+	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_INFO_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (x->x509 != NULL) X509_free(x->x509);
+	if (x->crl != NULL) X509_CRL_free(x->crl);
+	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+	Free((char *)x);
+	}
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
new file mode 100644
index 0000000000000000000000000000000000000000..c03f9169cb212a20f2179dea6214ce56759f26ed
--- /dev/null
+++ b/crypto/asn1/x_name.c
@@ -0,0 +1,295 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_NAME,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_NAME_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ * ASN1err(ASN1_F_D2I_X509_NAME_ENTRY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_NAME_ENTRY_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+ */
+
+#ifndef NOPROTO
+static int i2d_X509_NAME_entries(X509_NAME *a);
+#else
+static int i2d_X509_NAME_entries();
+#endif
+
+int i2d_X509_NAME_ENTRY(a,pp)
+X509_NAME_ENTRY *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(a,pp,length)
+X509_NAME_ENTRY **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
+	ret->set=0;
+	M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
+	}
+
+int i2d_X509_NAME(a,pp)
+X509_NAME *a;
+unsigned char **pp;
+	{
+	int ret;
+
+	if (a == NULL) return(0);
+	if (a->modified)
+		{
+		ret=i2d_X509_NAME_entries(a);
+		if (ret < 0) return(ret);
+		}
+
+	ret=a->bytes->length;
+	if (pp != NULL)
+		{
+		memcpy(*pp,a->bytes->data,ret);
+		*pp+=ret;
+		}
+	return(ret);
+	}
+
+static int i2d_X509_NAME_entries(a)
+X509_NAME *a;
+	{
+	X509_NAME_ENTRY *ne,*fe=NULL;
+	STACK *sk;
+	BUF_MEM *buf=NULL;
+	int set=0,r,ret=0;
+	int i;
+	unsigned char *p;
+	int size=0;
+
+	sk=a->entries;
+	for (i=0; iset != set)
+			{
+			ret+=ASN1_object_size(1,size,V_ASN1_SET);
+			fe->size=size;
+			fe=ne;
+			size=0;
+			set=ne->set;
+			}
+		size+=i2d_X509_NAME_ENTRY(ne,NULL);
+		}
+
+	ret+=ASN1_object_size(1,size,V_ASN1_SET);
+	if (fe != NULL)
+		fe->size=size;
+
+	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+
+	buf=a->bytes;
+	if (!BUF_MEM_grow(buf,r)) goto err;
+	p=(unsigned char *)buf->data;
+
+	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	set= -1;
+	for (i=0; iset)
+			{
+			set=ne->set;
+			ASN1_put_object(&p,1,ne->size,
+				V_ASN1_SET,V_ASN1_UNIVERSAL);
+			}
+		i2d_X509_NAME_ENTRY(ne,&p);
+		}
+	a->modified=0;
+	return(r);
+err:
+	return(-1);
+	}
+
+X509_NAME *d2i_X509_NAME(a,pp,length)
+X509_NAME **a;
+unsigned char **pp;
+long length;
+	{
+	int set=0,i;
+	int idx=0;
+	unsigned char *orig;
+	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+
+	orig= *pp;
+	if (sk_num(ret->entries) > 0)
+		{
+		while (sk_num(ret->entries) > 0)
+			X509_NAME_ENTRY_free((X509_NAME_ENTRY *)
+				sk_pop(ret->entries));
+		}
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	for (;;)
+		{
+		if (M_ASN1_D2I_end_sequence()) break;
+		M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY);
+		for (; idx < sk_num(ret->entries); idx++)
+			{
+			((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set=
+				set;
+			}
+		set++;
+		}
+
+	i=(int)(c.p-orig);
+	if (!BUF_MEM_grow(ret->bytes,i)) goto err;
+	memcpy(ret->bytes->data,orig,i);
+	ret->bytes->length=i;
+	ret->modified=0;
+
+	M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+	}
+
+X509_NAME *X509_NAME_new()
+	{
+	X509_NAME *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_NAME);
+	if ((ret->entries=sk_new(NULL)) == NULL) goto err2;
+	M_ASN1_New(ret->bytes,BUF_MEM_new);
+	ret->modified=1;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+	}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_new()
+	{
+	X509_NAME_ENTRY *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
+/*	M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
+	ret->object=NULL;
+	ret->set=0;
+	M_ASN1_New(ret->value,ASN1_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+	}
+
+void X509_NAME_free(a)
+X509_NAME *a;
+	{
+	BUF_MEM_free(a->bytes);
+	sk_pop_free(a->entries,X509_NAME_ENTRY_free);
+	Free((char *)a);
+	}
+
+void X509_NAME_ENTRY_free(a)
+X509_NAME_ENTRY *a;
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->object);
+	ASN1_BIT_STRING_free(a->value);
+	Free((char *)a);
+	}
+
+int X509_NAME_set(xn,name)
+X509_NAME **xn;
+X509_NAME *name;
+	{
+	X509_NAME *in;
+
+	if (*xn == NULL) return(0);
+
+	if (*xn != name)
+		{
+		in=X509_NAME_dup(name);
+		if (in != NULL)
+			{
+			X509_NAME_free(*xn);
+			*xn=in;
+			}
+		}
+	return(*xn != NULL);
+	}
+	
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
new file mode 100644
index 0000000000000000000000000000000000000000..ced975b40ee5017a8d90c510378ea00ef190c6c8
--- /dev/null
+++ b/crypto/asn1/x_pkey.c
@@ -0,0 +1,153 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "evp.h"
+#include "objects.h"
+#include "asn1_mac.h"
+
+/* ASN1err(ASN1_F_D2I_X509_PKEY,ASN1_R_UNSUPPORTED_CIPHER); */
+/* ASN1err(ASN1_F_X509_PKEY_NEW,ASN1_R_IV_TOO_LARGE); */
+
+/* need to implement */
+int i2d_X509_PKEY(a,pp)
+X509_PKEY *a;
+unsigned char **pp;
+	{
+	return(0);
+	}
+
+X509_PKEY *d2i_X509_PKEY(a,pp,length)
+X509_PKEY **a;
+unsigned char **pp;
+long length;
+	{
+	int i;
+	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+
+	ret->cipher.cipher=EVP_get_cipherbyname(
+		OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+	if (ret->cipher.cipher == NULL)
+		{
+		c.error=ASN1_R_UNSUPPORTED_CIPHER;
+		goto err;
+		}
+	if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
+		{
+		i=ret->enc_algor->parameter->value.octet_string->length;
+		if (i > EVP_MAX_IV_LENGTH)
+			{
+			c.error=ASN1_R_IV_TOO_LARGE;
+			goto err;
+			}
+		memcpy(ret->cipher.iv,
+			ret->enc_algor->parameter->value.octet_string->data,i);
+		}
+	else
+		memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+	}
+
+X509_PKEY *X509_PKEY_new()
+	{
+	X509_PKEY *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_PKEY);
+	ret->version=0;
+	M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+	M_ASN1_New(ret->enc_pkey,ASN1_OCTET_STRING_new);
+	ret->dec_pkey=NULL;
+	ret->key_length=0;
+	ret->key_data=NULL;
+	ret->key_free=0;
+	ret->cipher.cipher=NULL;
+	memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+	ret->references=1;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+	}
+
+void X509_PKEY_free(x)
+X509_PKEY *x;
+	{
+	int i;
+
+	if (x == NULL) return;
+
+	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_PKEY_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+	if (x->enc_pkey != NULL) ASN1_OCTET_STRING_free(x->enc_pkey);
+	if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+	if ((x->key_data != NULL) && (x->key_free)) Free((char *)x->key_data);
+	Free((char *)(char *)x);
+	}
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
new file mode 100644
index 0000000000000000000000000000000000000000..b1a2499d349425345116a2b4bb69f0393850902e
--- /dev/null
+++ b/crypto/asn1/x_pubkey.c
@@ -0,0 +1,252 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_PUBKEY,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_PUBKEY_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_PUBKEY(a,pp)
+X509_PUBKEY *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->public_key,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->public_key,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_PUBKEY *d2i_X509_PUBKEY(a,pp,length)
+X509_PUBKEY **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
+	if (ret->pkey != NULL)
+		{
+		EVP_PKEY_free(ret->pkey);
+		ret->pkey=NULL;
+		}
+	M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+	}
+
+X509_PUBKEY *X509_PUBKEY_new()
+	{
+	X509_PUBKEY *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_PUBKEY);
+	M_ASN1_New(ret->algor,X509_ALGOR_new);
+	M_ASN1_New(ret->public_key,ASN1_BIT_STRING_new);
+	ret->pkey=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
+	}
+
+void X509_PUBKEY_free(a)
+X509_PUBKEY *a;
+	{
+	if (a == NULL) return;
+	X509_ALGOR_free(a->algor);
+	ASN1_BIT_STRING_free(a->public_key);
+	if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
+	Free((char *)a);
+	}
+
+int X509_PUBKEY_set(x,pkey)
+X509_PUBKEY **x;
+EVP_PKEY *pkey;
+	{
+	int ok=0;
+	X509_PUBKEY *pk;
+	X509_ALGOR *a;
+	ASN1_OBJECT *o;
+	unsigned char *s,*p;
+	int i;
+
+	if (x == NULL) return(0);
+
+	if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+	a=pk->algor;
+
+	/* set the algorithm id */
+	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+	ASN1_OBJECT_free(a->algorithm);
+	a->algorithm=o;
+
+	/* Set the parameter list */
+	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+		{
+		if ((a->parameter == NULL) ||
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			a->parameter=ASN1_TYPE_new();
+			a->parameter->type=V_ASN1_NULL;
+			}
+		}
+	else
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		{
+		unsigned char *pp;
+		DSA *dsa;
+
+		dsa=pkey->pkey.dsa;
+		dsa->write_params=0;
+		ASN1_TYPE_free(a->parameter);
+		i=i2d_DSAparams(dsa,NULL);
+		p=(unsigned char *)Malloc(i);
+		pp=p;
+		i2d_DSAparams(dsa,&pp);
+		a->parameter=ASN1_TYPE_new();
+		a->parameter->type=V_ASN1_SEQUENCE;
+		a->parameter->value.sequence=ASN1_STRING_new();
+		ASN1_STRING_set(a->parameter->value.sequence,p,i);
+		Free(p);
+		}
+	else
+#endif
+		{
+		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+		goto err;
+		}
+
+	i=i2d_PublicKey(pkey,NULL);
+	if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err;
+	p=s;
+	i2d_PublicKey(pkey,&p);
+	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	Free(s);
+
+	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	pk->pkey=pkey;
+
+	if (*x != NULL)
+		X509_PUBKEY_free(*x);
+
+	*x=pk;
+	pk=NULL;
+
+	ok=1;
+err:
+	if (pk != NULL) X509_PUBKEY_free(pk);
+	return(ok);
+	}
+
+EVP_PKEY *X509_PUBKEY_get(key)
+X509_PUBKEY *key;
+	{
+	EVP_PKEY *ret=NULL;
+	long j;
+	int type;
+	unsigned char *p;
+	X509_ALGOR *a;
+
+	if (key->pkey != NULL)
+		{
+		return(key->pkey);
+		}
+	type=OBJ_obj2nid(key->algor->algorithm);
+	p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
+		goto err;
+		}
+	ret->save_parameters=0;
+
+#ifndef NO_DSA
+	a=key->algor;
+	if (ret->type == EVP_PKEY_DSA)
+		{
+		if (a->parameter->type == V_ASN1_SEQUENCE)
+			{
+			ret->pkey.dsa->write_params=0;
+			p=a->parameter->value.sequence->data;
+			j=a->parameter->value.sequence->length;
+			if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+				goto err;
+			}
+		ret->save_parameters=1;
+		}
+#endif
+	key->pkey=ret;
+	return(ret);
+err:
+	if (ret != NULL)
+		EVP_PKEY_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
new file mode 100644
index 0000000000000000000000000000000000000000..02b31add17afbffeaa62860d07150dfe007ec1c0
--- /dev/null
+++ b/crypto/asn1/x_req.c
@@ -0,0 +1,244 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "x509.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_REQ,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_X509_REQ_INFO,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_REQ_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_REQ_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_REQ_INFO(a,pp)
+X509_REQ_INFO *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_len(a->pubkey,		i2d_X509_PUBKEY);
+
+	/* this is a *nasty* hack reported to be required to
+	 * allow some CA Software to accept the cert request.
+	 * It is not following the PKCS standards ...
+	 * PKCS#10 pg 5
+	 * attributes [0] IMPLICIT Attibutes
+	 * NOTE: no OPTIONAL ... so it *must* be there
+	 */
+	if (a->req_kludge) 
+	        {
+	        M_ASN1_I2D_len_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
+		}
+	else
+	        {
+	        M_ASN1_I2D_len_IMP_set(a->attributes,	i2d_X509_ATTRIBUTE,0);
+		}
+	
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->version,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_put(a->pubkey,		i2d_X509_PUBKEY);
+
+	/* this is a *nasty* hack reported to be required by some CA's.
+	 * It is not following the PKCS standards ...
+	 * PKCS#10 pg 5
+	 * attributes [0] IMPLICIT Attibutes
+	 * NOTE: no OPTIONAL ... so it *must* be there
+	 */
+	if (a->req_kludge)
+		{
+	        M_ASN1_I2D_put_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
+		}
+	else
+		{
+	        M_ASN1_I2D_put_IMP_set(a->attributes,i2d_X509_ATTRIBUTE,0);
+		}
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_REQ_INFO *d2i_X509_REQ_INFO(a,pp,length)
+X509_REQ_INFO **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
+
+	/* this is a *nasty* hack to allow for some CA's that
+	 * have been reported as requiring it.
+	 * It is not following the PKCS standards ...
+	 * PKCS#10 pg 5
+	 * attributes [0] IMPLICIT Attibutes
+	 * NOTE: no OPTIONAL ... so it *must* be there
+	 */
+	if (asn1_Finish(&c))
+		ret->req_kludge=1;
+	else
+		{
+		M_ASN1_D2I_get_IMP_set(ret->attributes,d2i_X509_ATTRIBUTE,0);
+		}
+
+	M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
+	}
+
+X509_REQ_INFO *X509_REQ_INFO_new()
+	{
+	X509_REQ_INFO *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_REQ_INFO);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->subject,X509_NAME_new);
+	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
+	M_ASN1_New(ret->attributes,sk_new_null);
+	ret->req_kludge=0;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
+	}
+	
+void X509_REQ_INFO_free(a)
+X509_REQ_INFO *a;
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_NAME_free(a->subject);
+	X509_PUBKEY_free(a->pubkey);
+	sk_pop_free(a->attributes,X509_ATTRIBUTE_free);
+	Free((char *)a);
+	}
+
+int i2d_X509_REQ(a,pp)
+X509_REQ *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len(a->req_info,	i2d_X509_REQ_INFO);
+	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->req_info,	i2d_X509_REQ_INFO);
+	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_REQ *d2i_X509_REQ(a,pp,length)
+X509_REQ **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
+	}
+
+X509_REQ *X509_REQ_new()
+	{
+	X509_REQ *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_REQ);
+	ret->references=1;
+	M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
+	}
+
+void X509_REQ_free(a)
+X509_REQ *a;
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_REQ_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_REQ_INFO_free(a->req_info);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
+
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
new file mode 100644
index 0000000000000000000000000000000000000000..186c404e860454c22eb65913ebebce79c028c564
--- /dev/null
+++ b/crypto/asn1/x_sig.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509_SIG,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_SIG_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_X509_SIG(a,pp)
+X509_SIG *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->digest,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->digest,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_SIG *d2i_X509_SIG(a,pp,length)
+X509_SIG **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
+	}
+
+X509_SIG *X509_SIG_new()
+	{
+	X509_SIG *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_SIG);
+	M_ASN1_New(ret->algor,X509_ALGOR_new);
+	M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
+	}
+
+void X509_SIG_free(a)
+X509_SIG *a;
+	{
+	if (a == NULL) return;
+	X509_ALGOR_free(a->algor);
+	ASN1_OCTET_STRING_free(a->digest);
+	Free((char *)a);
+	}
+
+
diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
new file mode 100644
index 0000000000000000000000000000000000000000..bfeb0659a638896364c3abdbaafb0c998140d8fd
--- /dev/null
+++ b/crypto/asn1/x_spki.c
@@ -0,0 +1,181 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+ /* This module was send to me my Pat Richards  who
+  * wrote it.  It is under my Copyright with his permision
+  */
+
+#include 
+#include "cryptlib.h"
+#include "x509.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_NETSCAPE_SPKAC,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_NETSCAPE_SPKAC_NEW,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_D2I_NETSCAPE_SPKI,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_NETSCAPE_SPKI_NEW,ASN1_R_LENGTH_MISMATCH);
+ */
+
+int i2d_NETSCAPE_SPKAC(a,pp)
+NETSCAPE_SPKAC *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->pubkey,	i2d_X509_PUBKEY);
+	M_ASN1_I2D_len(a->challenge,	i2d_ASN1_IA5STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->pubkey,	i2d_X509_PUBKEY);
+	M_ASN1_I2D_put(a->challenge,	i2d_ASN1_IA5STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(a,pp,length)
+NETSCAPE_SPKAC **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
+	M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
+	M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
+	}
+
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new()
+	{
+	NETSCAPE_SPKAC *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
+	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
+	M_ASN1_New(ret->challenge,ASN1_IA5STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
+	}
+
+void NETSCAPE_SPKAC_free(a)
+NETSCAPE_SPKAC *a;
+	{
+	if (a == NULL) return;
+	X509_PUBKEY_free(a->pubkey);
+	ASN1_IA5STRING_free(a->challenge);
+	Free((char *)a);
+	}
+
+int i2d_NETSCAPE_SPKI(a,pp)
+NETSCAPE_SPKI *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->spkac,	i2d_NETSCAPE_SPKAC);
+	M_ASN1_I2D_len(a->sig_algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->spkac,	i2d_NETSCAPE_SPKAC);
+	M_ASN1_I2D_put(a->sig_algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(a,pp,length)
+NETSCAPE_SPKI **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
+	M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
+	}
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_new()
+	{
+	NETSCAPE_SPKI *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
+	M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
+	M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
+	}
+
+void NETSCAPE_SPKI_free(a)
+NETSCAPE_SPKI *a;
+	{
+	if (a == NULL) return;
+	NETSCAPE_SPKAC_free(a->spkac);
+	X509_ALGOR_free(a->sig_algor);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
new file mode 100644
index 0000000000000000000000000000000000000000..e2e4d004362b8f518eb6f6e80d16f39f7052aea0
--- /dev/null
+++ b/crypto/asn1/x_val.c
@@ -0,0 +1,118 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/* ASN1err(ASN1_F_X509_VAL_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_X509_VAL_FREE,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_X509_VAL,ERR_R_MALLOC_FAILURE);
+ */
+
+int i2d_X509_VAL(a,pp)
+X509_VAL *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_VAL *d2i_X509_VAL(a,pp,length)
+X509_VAL **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
+	}
+
+X509_VAL *X509_VAL_new()
+	{
+	X509_VAL *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_VAL);
+	M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
+	M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
+	}
+
+void X509_VAL_free(a)
+X509_VAL *a;
+	{
+	if (a == NULL) return;
+	ASN1_UTCTIME_free(a->notBefore);
+	ASN1_UTCTIME_free(a->notAfter);
+	Free((char *)a);
+	}
+
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
new file mode 100644
index 0000000000000000000000000000000000000000..d80a5cbc013ae9b374209dc9c7d6c4d9f8a7f095
--- /dev/null
+++ b/crypto/asn1/x_x509.c
@@ -0,0 +1,155 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "evp.h"
+#include "asn1_mac.h"
+
+/*
+ * ASN1err(ASN1_F_D2I_X509,ASN1_R_LENGTH_MISMATCH);
+ * ASN1err(ASN1_F_X509_NEW,ASN1_R_BAD_GET_OBJECT);
+ */
+
+static ASN1_METHOD meth={
+	(int (*)())  i2d_X509,
+	(char *(*)())d2i_X509,
+	(char *(*)())X509_new,
+	(void (*)()) X509_free};
+
+ASN1_METHOD *X509_asn1_meth()
+	{
+	return(&meth);
+	}
+
+int i2d_X509(a,pp)
+X509 *a;
+unsigned char **pp;
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509 *d2i_X509(a,pp,length)
+X509 **a;
+unsigned char **pp;
+long length;
+	{
+	M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+if (ret->name != NULL) Free(ret->name);
+ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+
+	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+	}
+
+X509 *X509_new()
+	{
+	X509 *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509);
+	ret->references=1;
+	ret->valid=0;
+	ret->name=NULL;
+	M_ASN1_New(ret->cert_info,X509_CINF_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NEW);
+	}
+
+void X509_free(a)
+X509 *a;
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_CINF_free(a->cert_info);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	if (a->name != NULL) Free(a->name);
+	Free((char *)a);
+	}
+
diff --git a/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT
new file mode 100644
index 0000000000000000000000000000000000000000..6857223506de64f1f559e61947e1b49008887e3f
--- /dev/null
+++ b/crypto/bf/COPYRIGHT
@@ -0,0 +1,46 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an Blowfish implementation written
+by Eric Young (eay@cryptsoft.com).
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/crypto/bf/INSTALL b/crypto/bf/INSTALL
new file mode 100644
index 0000000000000000000000000000000000000000..3b259235326a1db225b64d416a7487a3b187a4bb
--- /dev/null
+++ b/crypto/bf/INSTALL
@@ -0,0 +1,14 @@
+This Eric Young's blowfish implementation, taken from his SSLeay library
+and made available as a separate library.
+ 
+The version number (0.7.2m) is the SSLeay version that this library was
+taken from.
+ 
+To build, just unpack and type make.
+If you are not using gcc, edit the Makefile.
+If you are compiling for an x86 box, try the assembler (it needs improving).
+There are also some compile time options that can improve performance,
+these are documented in the Makefile.
+ 
+eric 15-Apr-1997
+ 
diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..1a44992a1a76edd4445a3ca0d4cd690cec884e05
--- /dev/null
+++ b/crypto/bf/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+
+DIR=	bf
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+BF_ENC=		bf_enc.o
+# or use
+#DES_ENC=	bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cbc.o bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER=	bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+# elf
+asm/bx86-elf.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+	as -o asm/bx86-sol.o asm/bx86-sol.s
+	rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CPP) -DBSDI asm/bx86unix.cpp | as -o asm/bx86bsdi.o
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/point.sh ../../doc/blowfish.doc blowfish.doc ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	/bin/rm -f asm/x86ms.pl asm/x86unix.pl
+	$(TOP)/util/point.sh ../../perlasm/x86ms.pl asm/x86ms.pl
+	$(TOP)/util/point.sh ../../perlasm/x86unix.pl asm/x86unix.pl
+
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bf/Makefile.uni b/crypto/bf/Makefile.uni
new file mode 100644
index 0000000000000000000000000000000000000000..8517295475960b53e1cc0d243fbe39c6eaa01f99
--- /dev/null
+++ b/crypto/bf/Makefile.uni
@@ -0,0 +1,160 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# use BF_PTR2 for intel boxes,
+# BF_PTR for sparc and MIPS/SGI
+# use nothing for Alpha and HP.
+
+# There are 3 possible performance options, experiment :-)
+#OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
+#OPTS= -DBF_PTR2 # use for pentium
+OPTS=		 # use for pentium pro, Alpha and HP
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+
+# Assember version of bf_encrypt().
+BF_ENC=bf_enc.o		# normal C version
+#BF_ENC=asm/bx86-elf.o	# elf format x86
+#BF_ENC=asm/bx86-out.o	# a.out format x86
+#BF_ENC=asm/bx86-sol.o	# solaris format x86 
+#BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cbc.o bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+
+GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
+	COPYRIGHT blowfish.doc INSTALL
+   
+TESTING=    bftest bfspeed
+TESTING_SRC=bftest.c bfspeed.c
+HEADERS=bf_locl.h blowfish.h bf_pi.h
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
+
+BLIB=	libblowfish.a
+
+all: $(BLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/bx86-elf.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+	as -o asm/bx86-sol.o asm/bx86-sol.s
+	rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86-cpp.s asm/bx86unix.cpp
+	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
+
+test:	all
+	./bftest
+
+$(BLIB): $(LIBOBJ)
+	/bin/rm -f $(BLIB)
+	ar cr $(BLIB) $(LIBOBJ)
+	-if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
+	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
+	else exit 0; fi; fi
+
+bftest: bftest.o $(BLIB)
+	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
+
+bfspeed: bfspeed.o $(BLIB)
+	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBBF)
+
+tar:
+	tar chf libbf.tar $(ALL)
+
+shar:
+	shar $(ALL) >libbf.shar
+
+depend:
+	makedepend $(LIBBF) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: $(BLIB)
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(BLIB) $(INSTALLTOP)/lib; \
+	    if test -s /bin/ranlib; then \
+	        /bin/ranlib $(INSTALLTOP)/lib/$(BLIB); \
+	    else \
+		if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(INSTALLTOP)/lib/$(BLIB); \
+	    fi; fi; \
+	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
+	    cp blowfish.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
+	    if test -s /bin/ranlib; then \
+	      /bin/ranlib $(LIBDIR)/$(BLIB); \
+	    else \
+	      if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(LIBDIR)/$(BLIB); \
+	      fi; \
+	    fi; \
+	    chmod 644 $(LIBDIR)/$(BLIB); \
+	    cp blowfish.h $(INCDIR)/blowfish.h; \
+	    chmod 644 $(INCDIR)/blowfish.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bf/README b/crypto/bf/README
new file mode 100644
index 0000000000000000000000000000000000000000..f2712fd0e7dfc9a68128e6bec6c5709d538fdc54
--- /dev/null
+++ b/crypto/bf/README
@@ -0,0 +1,8 @@
+This is a quick packaging up of my blowfish code into a library.
+It has been lifted from SSLeay.
+The copyright notices seem a little harsh because I have not spent the
+time to rewrite the conditions from the normal SSLeay ones.
+
+Basically if you just want to play with the library, not a problem.
+
+eric 15-Apr-1997
diff --git a/crypto/bf/VERSION b/crypto/bf/VERSION
new file mode 100644
index 0000000000000000000000000000000000000000..be995855e43b9b8d13e3b8490602f56cc398ad9f
--- /dev/null
+++ b/crypto/bf/VERSION
@@ -0,0 +1,6 @@
+The version numbers will follow my SSL implementation
+
+0.7.2r - Some reasonable default compiler options from 
+	Peter Gutman 
+
+0.7.2m - the first release
diff --git a/crypto/bf/asm/b-win32.asm b/crypto/bf/asm/b-win32.asm
new file mode 100644
index 0000000000000000000000000000000000000000..bef272eebb9a045dbda04ca21e90d5feda4c3552
--- /dev/null
+++ b/crypto/bf/asm/b-win32.asm
@@ -0,0 +1,662 @@
+	; Don't even think of reading this code
+	; It was automatically generated by bf586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, Win32, or Solaris
+	; It can be found in SSLeay 0.7.0+
+	; eric 
+	; 
+	TITLE	bfx86xxxx.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_BF_encrypt
+_BF_encrypt PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	eax,		DWORD PTR 20[esp]
+	mov	ecx,		DWORD PTR [eax]
+	mov	edx,		DWORD PTR 4[eax]
+	; 
+	; P pointer, s and enc flag
+	mov	edi,		DWORD PTR 24[esp]
+	xor	eax,		eax
+	xor	ebx,		ebx
+	mov	ebp,		DWORD PTR 28[esp]
+	cmp	ebp,		0
+	je	$L000start_decrypt
+	xor	ecx,		DWORD PTR [edi]
+	; 
+	; Round 0
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 4[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 1
+	ror	edx,		16
+	mov	esi,		DWORD PTR 8[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 2
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 12[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 3
+	ror	edx,		16
+	mov	esi,		DWORD PTR 16[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 4
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 20[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 5
+	ror	edx,		16
+	mov	esi,		DWORD PTR 24[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 6
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 28[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 7
+	ror	edx,		16
+	mov	esi,		DWORD PTR 32[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 8
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 36[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 9
+	ror	edx,		16
+	mov	esi,		DWORD PTR 40[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 10
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 44[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 11
+	ror	edx,		16
+	mov	esi,		DWORD PTR 48[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 12
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 52[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 13
+	ror	edx,		16
+	mov	esi,		DWORD PTR 56[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 14
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 60[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 15
+	ror	edx,		16
+	mov	esi,		DWORD PTR 64[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	xor	edx,		DWORD PTR 68[edi]
+	mov	eax,		DWORD PTR 20[esp]
+	mov	DWORD PTR [eax],edx
+	mov	DWORD PTR 4[eax],ecx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L000start_decrypt:
+	xor	ecx,		DWORD PTR 68[edi]
+	; 
+	; Round 16
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 64[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 15
+	ror	edx,		16
+	mov	esi,		DWORD PTR 60[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 14
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 56[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 13
+	ror	edx,		16
+	mov	esi,		DWORD PTR 52[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 12
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 48[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 11
+	ror	edx,		16
+	mov	esi,		DWORD PTR 44[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 10
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 40[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 9
+	ror	edx,		16
+	mov	esi,		DWORD PTR 36[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 8
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 32[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 7
+	ror	edx,		16
+	mov	esi,		DWORD PTR 28[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 6
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 24[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 5
+	ror	edx,		16
+	mov	esi,		DWORD PTR 20[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 4
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 16[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 3
+	ror	edx,		16
+	mov	esi,		DWORD PTR 12[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 2
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 8[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 1
+	ror	edx,		16
+	mov	esi,		DWORD PTR 4[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	xor	edx,		DWORD PTR [edi]
+	mov	eax,		DWORD PTR 20[esp]
+	mov	DWORD PTR [eax],edx
+	mov	DWORD PTR 4[eax],ecx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_BF_encrypt ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/bf/asm/bf586.pl b/crypto/bf/asm/bf586.pl
new file mode 100644
index 0000000000000000000000000000000000000000..bcb53cf3f519f0613e88aad99bd552469fd971d6
--- /dev/null
+++ b/crypto/bf/asm/bf586.pl
@@ -0,0 +1,159 @@
+#!/usr/local/bin/perl
+#!/usr/local/bin/perl
+
+$prog="bf586.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.7.0+");
+&comment("eric ");
+&comment("");
+
+&file("bfx86xxxx");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+
+&des_encrypt("BF_encrypt");
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name)=@_;
+
+	&function_begin($name,3,"");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($L,&DWP(0,"eax","",0));
+	&mov($R,&DWP(4,"eax","",0));
+
+	&comment("");
+	&comment("P pointer, s and enc flag");
+	&mov($P,&wparam(1));
+
+	&xor(	$tmp1,	$tmp1);
+	&xor(	$tmp2,	$tmp2);
+
+	# encrypting part
+
+	&mov("ebp",&wparam(2));	# get encrypt flag
+	&cmp("ebp","0");
+	&je(&label("start_decrypt"));
+
+	&xor($L,&DWP(0,$P,"",0));
+	for ($i=0; $i<$BF_ROUNDS; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+		}
+	&xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$R);
+	&mov(&DWP(4,"eax","",0),$L);
+	&function_end_A($name);
+
+	&set_label("start_decrypt");
+
+	&xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+	for ($i=$BF_ROUNDS; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+		}
+	&xor($R,&DWP(0,$P,"",0));
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$R);
+	&mov(&DWP(4,"eax","",0),$L);
+	&function_end_A($name);
+
+	&function_end_B($name);
+	}
+
+sub BF_ENCRYPT
+	{
+	local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+
+	&rotr(	$R,		16);
+	&mov(	$tot,		&DWP(&n2a($i*4),$P,"",0));
+
+	&movb(	&LB($tmp1),	&HB($R));
+	&movb(	&LB($tmp2),	&LB($R));
+
+	&rotr(	$R,		16);
+	&xor(	$L,		$tot);
+
+	&mov(	$tot,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+	&movb(	&LB($tmp1),	&HB($R));
+	&movb(	&LB($tmp2),	&LB($R));
+
+	&add(	$tot,		$tmp3);
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+
+	&xor(	$tot,		$tmp1);
+	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+
+	&add(	$tot,		$tmp3);
+	&xor(	$tmp1,		$tmp1);
+
+	&xor(	$L,		$tot);					
+	# delay
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
diff --git a/crypto/bf/asm/bx86-cpp.s b/crypto/bf/asm/bx86-cpp.s
new file mode 100644
index 0000000000000000000000000000000000000000..0925137a6d38c2b54041b7edd3f96c1f838769f2
--- /dev/null
+++ b/crypto/bf/asm/bx86-cpp.s
@@ -0,0 +1,666 @@
+	/* Don't even think of reading this code */
+	/* It was automatically generated by bf586.pl */
+	/* Which is a perl program used to generate the x86 assember for */
+	/* any of elf, a.out, Win32, or Solaris */
+	/* It can be found in SSLeay 0.7.0+ */
+	/* eric  */
+
+	.file	"bfx86xxxx.s"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align ALIGN
+.globl BF_encrypt
+	TYPE(BF_encrypt,@function)
+BF_encrypt:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the 2 words */
+	movl	20(%esp),	%eax
+	movl	(%eax),		%ecx
+	movl	4(%eax),	%edx
+
+	/* P pointer, s and enc flag */
+	movl	24(%esp),	%edi
+	xorl	%eax,		%eax
+	xorl	%ebx,		%ebx
+	movl	28(%esp),	%ebp
+	cmpl	$0,		%ebp
+	je	.L000start_decrypt
+	xorl	(%edi),		%ecx
+
+	/* Round 0 */
+	rorl	$16,		%ecx
+	movl	4(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 1 */
+	rorl	$16,		%edx
+	movl	8(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 2 */
+	rorl	$16,		%ecx
+	movl	12(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 3 */
+	rorl	$16,		%edx
+	movl	16(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 4 */
+	rorl	$16,		%ecx
+	movl	20(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 5 */
+	rorl	$16,		%edx
+	movl	24(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 6 */
+	rorl	$16,		%ecx
+	movl	28(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 7 */
+	rorl	$16,		%edx
+	movl	32(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 8 */
+	rorl	$16,		%ecx
+	movl	36(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 9 */
+	rorl	$16,		%edx
+	movl	40(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 10 */
+	rorl	$16,		%ecx
+	movl	44(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 11 */
+	rorl	$16,		%edx
+	movl	48(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 12 */
+	rorl	$16,		%ecx
+	movl	52(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 13 */
+	rorl	$16,		%edx
+	movl	56(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 14 */
+	rorl	$16,		%ecx
+	movl	60(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 15 */
+	rorl	$16,		%edx
+	movl	64(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+	xorl	68(%edi),	%edx
+	movl	20(%esp),	%eax
+	movl	%edx,		(%eax)
+	movl	%ecx,		4(%eax)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.align ALIGN
+.L000start_decrypt:
+	xorl	68(%edi),	%ecx
+
+	/* Round 16 */
+	rorl	$16,		%ecx
+	movl	64(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 15 */
+	rorl	$16,		%edx
+	movl	60(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 14 */
+	rorl	$16,		%ecx
+	movl	56(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 13 */
+	rorl	$16,		%edx
+	movl	52(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 12 */
+	rorl	$16,		%ecx
+	movl	48(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 11 */
+	rorl	$16,		%edx
+	movl	44(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 10 */
+	rorl	$16,		%ecx
+	movl	40(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 9 */
+	rorl	$16,		%edx
+	movl	36(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 8 */
+	rorl	$16,		%ecx
+	movl	32(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 7 */
+	rorl	$16,		%edx
+	movl	28(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 6 */
+	rorl	$16,		%ecx
+	movl	24(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 5 */
+	rorl	$16,		%edx
+	movl	20(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 4 */
+	rorl	$16,		%ecx
+	movl	16(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 3 */
+	rorl	$16,		%edx
+	movl	12(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+
+	/* Round 2 */
+	rorl	$16,		%ecx
+	movl	8(%edi),	%esi
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	rorl	$16,		%ecx
+	xorl	%esi,		%edx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%ch,		%al
+	movb	%cl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%edx
+
+	/* Round 1 */
+	rorl	$16,		%edx
+	movl	4(%edi),	%esi
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	rorl	$16,		%edx
+	xorl	%esi,		%ecx
+	movl	72(%edi,%eax,4),%esi
+	movl	1096(%edi,%ebx,4),%ebp
+	movb	%dh,		%al
+	movb	%dl,		%bl
+	addl	%ebp,		%esi
+	movl	2120(%edi,%eax,4),%eax
+	xorl	%eax,		%esi
+	movl	3144(%edi,%ebx,4),%ebp
+	addl	%ebp,		%esi
+	xorl	%eax,		%eax
+	xorl	%esi,		%ecx
+	xorl	(%edi),		%edx
+	movl	20(%esp),	%eax
+	movl	%edx,		(%eax)
+	movl	%ecx,		4(%eax)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.BF_encrypt_end:
+	SIZE(BF_encrypt,.BF_encrypt_end-BF_encrypt)
+.ident	"desasm.pl"
diff --git a/crypto/bf/asm/bx86unix.cpp b/crypto/bf/asm/bx86unix.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..dcb10d23dd3e2cccbfae61ac8213e6eaced30f53
--- /dev/null
+++ b/crypto/bf/asm/bx86unix.cpp
@@ -0,0 +1,33 @@
+
+#define TYPE(a,b)	.type	a,b
+#define SIZE(a,b)	.size	a,b
+
+#ifdef OUT
+#define OK		1
+#define BF_encrypt	_BF_encrypt
+#define ALIGN		4
+#endif
+
+#ifdef BSDI
+#define OK		1
+#define BF_encrypt	_BF_encrypt
+#define ALIGN		4
+#undef SIZE
+#undef TYPE
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK		1
+#define ALIGN		16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+#include "bx86-cpp.s" 
+
diff --git a/crypto/bf/asm/readme b/crypto/bf/asm/readme
new file mode 100644
index 0000000000000000000000000000000000000000..71e4bb2d5ddb5cc7c9a1e8a9e1a94889a2b41b31
--- /dev/null
+++ b/crypto/bf/asm/readme
@@ -0,0 +1,3 @@
+If you want more of an idea of how this all works,
+have a read of the readme file in SSLeay/crypto/des/asm.
+SSLeay can be found at ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL.
diff --git a/crypto/bf/asm/win32.asm b/crypto/bf/asm/win32.asm
new file mode 100644
index 0000000000000000000000000000000000000000..6d2333f32394f1bb6d6a10ea0d967616c508cfb8
--- /dev/null
+++ b/crypto/bf/asm/win32.asm
@@ -0,0 +1,663 @@
+	; Don't even think of reading this code
+	; It was automatically generated by bf586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, Win32, or Solaris
+	; It can be found in SSLeay 0.7.0+
+	; eric 
+	; 
+	TITLE	bfx86xxxx.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_BF_encrypt
+EXTRN	_des_SPtrans:DWORD
+_BF_encrypt PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	eax,		DWORD PTR 20[esp]
+	mov	ecx,		DWORD PTR [eax]
+	mov	edx,		DWORD PTR 4[eax]
+	; 
+	; P pointer, s and enc flag
+	mov	edi,		DWORD PTR 24[esp]
+	xor	eax,		eax
+	xor	ebx,		ebx
+	mov	ebp,		DWORD PTR 28[esp]
+	cmp	ebp,		0
+	je	$L000start_decrypt
+	xor	ecx,		DWORD PTR [edi]
+	; 
+	; Round 0
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 4[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 1
+	ror	edx,		16
+	mov	esi,		DWORD PTR 8[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 2
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 12[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 3
+	ror	edx,		16
+	mov	esi,		DWORD PTR 16[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 4
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 20[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 5
+	ror	edx,		16
+	mov	esi,		DWORD PTR 24[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 6
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 28[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 7
+	ror	edx,		16
+	mov	esi,		DWORD PTR 32[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 8
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 36[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 9
+	ror	edx,		16
+	mov	esi,		DWORD PTR 40[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 10
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 44[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 11
+	ror	edx,		16
+	mov	esi,		DWORD PTR 48[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 12
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 52[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 13
+	ror	edx,		16
+	mov	esi,		DWORD PTR 56[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 14
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 60[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 15
+	ror	edx,		16
+	mov	esi,		DWORD PTR 64[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	xor	edx,		DWORD PTR 68[edi]
+	mov	eax,		DWORD PTR 20[esp]
+	mov	DWORD PTR [eax],edx
+	mov	DWORD PTR 4[eax],ecx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L000start_decrypt:
+	xor	ecx,		DWORD PTR 68[edi]
+	; 
+	; Round 16
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 64[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 15
+	ror	edx,		16
+	mov	esi,		DWORD PTR 60[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 14
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 56[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 13
+	ror	edx,		16
+	mov	esi,		DWORD PTR 52[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 12
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 48[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 11
+	ror	edx,		16
+	mov	esi,		DWORD PTR 44[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 10
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 40[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 9
+	ror	edx,		16
+	mov	esi,		DWORD PTR 36[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 8
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 32[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 7
+	ror	edx,		16
+	mov	esi,		DWORD PTR 28[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 6
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 24[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 5
+	ror	edx,		16
+	mov	esi,		DWORD PTR 20[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 4
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 16[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 3
+	ror	edx,		16
+	mov	esi,		DWORD PTR 12[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	; 
+	; Round 2
+	ror	ecx,		16
+	mov	esi,		DWORD PTR 8[edi]
+	mov	al,		ch
+	mov	bl,		cl
+	ror	ecx,		16
+	xor	edx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		ch
+	mov	bl,		cl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	edx,		esi
+	; 
+	; Round 1
+	ror	edx,		16
+	mov	esi,		DWORD PTR 4[edi]
+	mov	al,		dh
+	mov	bl,		dl
+	ror	edx,		16
+	xor	ecx,		esi
+	mov	esi,		DWORD PTR 72[eax*4+edi]
+	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
+	mov	al,		dh
+	mov	bl,		dl
+	add	esi,		ebp
+	mov	eax,		DWORD PTR 2120[eax*4+edi]
+	xor	esi,		eax
+	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
+	add	esi,		ebp
+	xor	eax,		eax
+	xor	ecx,		esi
+	xor	edx,		DWORD PTR [edi]
+	mov	eax,		DWORD PTR 20[esp]
+	mov	DWORD PTR [eax],edx
+	mov	DWORD PTR 4[eax],ecx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_BF_encrypt ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/bf/bf_cbc.c b/crypto/bf/bf_cbc.c
new file mode 100644
index 0000000000000000000000000000000000000000..3d05d27cf15814349bb3f0e118323dba03347932
--- /dev/null
+++ b/crypto/bf/bf_cbc.c
@@ -0,0 +1,148 @@
+/* crypto/bf/bf_cbc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+#include "bf_locl.h"
+
+void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *ks;
+unsigned char *iv;
+int encrypt;
+	{
+	register BF_LONG tin0,tin1;
+	register BF_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	BF_LONG tin[2];
+
+	if (encrypt)
+		{
+		n2l(iv,tout0);
+		n2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks,BF_ENCRYPT);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		if (l != -8)
+			{
+			n2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks,BF_ENCRYPT);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		l2n(tout0,iv);
+		l2n(tout1,iv);
+		}
+	else
+		{
+		n2l(iv,xor0);
+		n2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks,BF_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2n(tout0,out);
+			l2n(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks,BF_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2nn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2n(xor0,iv);
+		l2n(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
new file mode 100644
index 0000000000000000000000000000000000000000..92fc68261baaf46247e957f7a05f48e71d4dbba9
--- /dev/null
+++ b/crypto/bf/bf_cfb64.c
@@ -0,0 +1,127 @@
+/* crypto/bf/bf_cfb64.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *schedule;
+unsigned char *ivec;
+int *num;
+int encrypt;
+	{
+	register BF_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	BF_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (encrypt)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				BF_encrypt((BF_LONG *)ti,schedule,BF_ENCRYPT);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				BF_encrypt((BF_LONG *)ti,schedule,BF_ENCRYPT);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=t=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
new file mode 100644
index 0000000000000000000000000000000000000000..7840352dc36a5cb6b92cdbdcc9bd7b289aaa86f2
--- /dev/null
+++ b/crypto/bf/bf_ecb.c
@@ -0,0 +1,95 @@
+/* crypto/bf/bf_ecb.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+#include "bf_locl.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+char *BF_version="BlowFish part of SSLeay 0.8.1b 29-Jun-1998";
+
+char *BF_options()
+	{
+#ifdef BF_PTR
+	return("blowfish(ptr)");
+#elif defined(BF_PTR2)
+	return("blowfish(ptr2)");
+#else
+	return("blowfish(idx)");
+#endif
+	}
+
+void BF_ecb_encrypt(in, out, ks, encrypt)
+unsigned char *in;
+unsigned char *out;
+BF_KEY *ks;
+int encrypt;
+	{
+	BF_LONG l,d[2];
+
+	n2l(in,l); d[0]=l;
+	n2l(in,l); d[1]=l;
+	BF_encrypt(d,ks,encrypt);
+	l=d[0]; l2n(l,out);
+	l=d[1]; l2n(l,out);
+	l=d[0]=d[1]=0;
+	}
+
diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..9bcc2169ce2770c5c51cba6559a6dee54275a205
--- /dev/null
+++ b/crypto/bf/bf_enc.c
@@ -0,0 +1,140 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+#include "bf_locl.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+If you set BF_ROUNDS to some value other than 16 or 20, you will have
+to modify the code.
+#endif
+
+void BF_encrypt(data,key,encrypt)
+BF_LONG *data;
+BF_KEY *key;
+int encrypt;
+	{
+	register BF_LONG l,r,*p,*s;
+
+	p=key->P;
+	s= &(key->S[0]);
+	l=data[0];
+	r=data[1];
+
+	if (encrypt)
+		{
+		l^=p[0];
+		BF_ENC(r,l,s,p[ 1]);
+		BF_ENC(l,r,s,p[ 2]);
+		BF_ENC(r,l,s,p[ 3]);
+		BF_ENC(l,r,s,p[ 4]);
+		BF_ENC(r,l,s,p[ 5]);
+		BF_ENC(l,r,s,p[ 6]);
+		BF_ENC(r,l,s,p[ 7]);
+		BF_ENC(l,r,s,p[ 8]);
+		BF_ENC(r,l,s,p[ 9]);
+		BF_ENC(l,r,s,p[10]);
+		BF_ENC(r,l,s,p[11]);
+		BF_ENC(l,r,s,p[12]);
+		BF_ENC(r,l,s,p[13]);
+		BF_ENC(l,r,s,p[14]);
+		BF_ENC(r,l,s,p[15]);
+		BF_ENC(l,r,s,p[16]);
+#if BF_ROUNDS == 20
+		BF_ENC(r,l,s,p[17]);
+		BF_ENC(l,r,s,p[18]);
+		BF_ENC(r,l,s,p[19]);
+		BF_ENC(l,r,s,p[20]);
+#endif
+		r^=p[BF_ROUNDS+1];
+		}
+	else
+		{
+		l^=p[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+		BF_ENC(r,l,s,p[20]);
+		BF_ENC(l,r,s,p[19]);
+		BF_ENC(r,l,s,p[18]);
+		BF_ENC(l,r,s,p[17]);
+#endif
+		BF_ENC(r,l,s,p[16]);
+		BF_ENC(l,r,s,p[15]);
+		BF_ENC(r,l,s,p[14]);
+		BF_ENC(l,r,s,p[13]);
+		BF_ENC(r,l,s,p[12]);
+		BF_ENC(l,r,s,p[11]);
+		BF_ENC(r,l,s,p[10]);
+		BF_ENC(l,r,s,p[ 9]);
+		BF_ENC(r,l,s,p[ 8]);
+		BF_ENC(l,r,s,p[ 7]);
+		BF_ENC(r,l,s,p[ 6]);
+		BF_ENC(l,r,s,p[ 5]);
+		BF_ENC(r,l,s,p[ 4]);
+		BF_ENC(l,r,s,p[ 3]);
+		BF_ENC(r,l,s,p[ 2]);
+		BF_ENC(l,r,s,p[ 1]);
+		r^=p[0];
+		}
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+	}
diff --git a/crypto/bf/bf_locl b/crypto/bf/bf_locl
new file mode 100644
index 0000000000000000000000000000000000000000..abc23d7060754bebdaef0abc85e60a353641cdf3
--- /dev/null
+++ b/crypto/bf/bf_locl
@@ -0,0 +1,243 @@
+/* crypto/bf/bf_local.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@mincom.oz.au).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@mincom.oz.au)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * Always modify bf_locl.org since bf_locl.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun )                    /* Newer Sparc's */
+#  define BF_PTR
+#elif defined( __ultrix )     /* Older MIPS */
+#  define BF_PTR
+#elif defined( __osf1__ )     /* Alpha */
+  /* None */
+#elif defined ( _AIX )                /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )               /* HP-PA */
+  /* None */
+#elif defined( __aux )                /* 68K */
+  /* Unknown */
+#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
+  /* Unknown */
+#elif defined( __sgi )                /* Newer MIPS */
+#  define BF_PTR
+#elif defined( i386 )         /* x86 boxes, should be gcc */
+#  define BF_PTR2
+#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
+#  define BF_PTR2
+#endif /* Systems-specific speed defines */
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* This is actually a big endian algorithm, the most significate byte
+ * is used to lookup array 0 */
+
+/* use BF_PTR2 for intel boxes,
+ * BF_PTR for sparc and MIPS/SGI
+ * use nothing for Alpha and HP.
+ */
+#if !defined(BF_PTR) && !defined(BF_PTR2)
+#undef BF_PTR
+#endif
+
+#define BF_M	0x3fc
+#define BF_0	22L
+#define BF_1	14L
+#define BF_2	 6L
+#define BF_3	 2L /* left shift */
+
+#if defined(BF_PTR2)
+
+/* This is basically a special pentium verson */
+#define BF_ENC(LL,R,S,P) \
+	{ \
+	BF_LONG t,u,v; \
+	u=R>>BF_0; \
+	v=R>>BF_1; \
+	u&=BF_M; \
+	v&=BF_M; \
+	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
+	u=R>>BF_2; \
+	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
+	v=R<>BF_0)&BF_M))+ \
+		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+		*(BF_LONG *)((unsigned char *)&(S[768])+((R<>24L)      ] + \
+		S[0x0100+((int)(R>>16L)&0xff)])^ \
+		S[0x0200+((int)(R>> 8L)&0xff)])+ \
+		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
+#endif
diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
new file mode 100644
index 0000000000000000000000000000000000000000..592ece99a4c8d5386cf5d611294de0bf1f6e0835
--- /dev/null
+++ b/crypto/bf/bf_locl.h
@@ -0,0 +1,244 @@
+/* crypto/bf/bf_locl.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * Always modify bf_locl.org since bf_locl.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun )                    /* Newer Sparc's */
+#  define BF_PTR
+#elif defined( __ultrix )     /* Older MIPS */
+#  define BF_PTR
+#elif defined( __osf1__ )     /* Alpha */
+  /* None */
+#elif defined ( _AIX )                /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )               /* HP-PA */
+  /* None */
+#elif defined( __aux )                /* 68K */
+  /* Unknown */
+#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
+  /* Unknown */
+#elif defined( __sgi )                /* Newer MIPS */
+#  define BF_PTR
+#elif defined( i386 )         /* x86 boxes, should be gcc */
+#  define BF_PTR2
+#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
+#  define BF_PTR2
+#endif /* Systems-specific speed defines */
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* This is actually a big endian algorithm, the most significate byte
+ * is used to lookup array 0 */
+
+/* use BF_PTR2 for intel boxes,
+ * BF_PTR for sparc and MIPS/SGI
+ * use nothing for Alpha and HP.
+ */
+#if !defined(BF_PTR) && !defined(BF_PTR2)
+#undef BF_PTR
+#endif
+
+#define BF_M	0x3fc
+#define BF_0	22L
+#define BF_1	14L
+#define BF_2	 6L
+#define BF_3	 2L /* left shift */
+
+#if defined(BF_PTR2)
+
+/* This is basically a special pentium verson */
+#define BF_ENC(LL,R,S,P) \
+	{ \
+	BF_LONG t,u,v; \
+	u=R>>BF_0; \
+	v=R>>BF_1; \
+	u&=BF_M; \
+	v&=BF_M; \
+	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
+	u=R>>BF_2; \
+	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
+	v=R<>BF_0)&BF_M))+ \
+		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+		*(BF_LONG *)((unsigned char *)&(S[768])+((R<>24L)      ] + \
+		S[0x0100+((int)(R>>16L)&0xff)])^ \
+		S[0x0200+((int)(R>> 8L)&0xff)])+ \
+		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
+#endif
diff --git a/crypto/bf/bf_locl.org b/crypto/bf/bf_locl.org
new file mode 100644
index 0000000000000000000000000000000000000000..592ece99a4c8d5386cf5d611294de0bf1f6e0835
--- /dev/null
+++ b/crypto/bf/bf_locl.org
@@ -0,0 +1,244 @@
+/* crypto/bf/bf_locl.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * Always modify bf_locl.org since bf_locl.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun )                    /* Newer Sparc's */
+#  define BF_PTR
+#elif defined( __ultrix )     /* Older MIPS */
+#  define BF_PTR
+#elif defined( __osf1__ )     /* Alpha */
+  /* None */
+#elif defined ( _AIX )                /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )               /* HP-PA */
+  /* None */
+#elif defined( __aux )                /* 68K */
+  /* Unknown */
+#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
+  /* Unknown */
+#elif defined( __sgi )                /* Newer MIPS */
+#  define BF_PTR
+#elif defined( i386 )         /* x86 boxes, should be gcc */
+#  define BF_PTR2
+#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
+#  define BF_PTR2
+#endif /* Systems-specific speed defines */
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* This is actually a big endian algorithm, the most significate byte
+ * is used to lookup array 0 */
+
+/* use BF_PTR2 for intel boxes,
+ * BF_PTR for sparc and MIPS/SGI
+ * use nothing for Alpha and HP.
+ */
+#if !defined(BF_PTR) && !defined(BF_PTR2)
+#undef BF_PTR
+#endif
+
+#define BF_M	0x3fc
+#define BF_0	22L
+#define BF_1	14L
+#define BF_2	 6L
+#define BF_3	 2L /* left shift */
+
+#if defined(BF_PTR2)
+
+/* This is basically a special pentium verson */
+#define BF_ENC(LL,R,S,P) \
+	{ \
+	BF_LONG t,u,v; \
+	u=R>>BF_0; \
+	v=R>>BF_1; \
+	u&=BF_M; \
+	v&=BF_M; \
+	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
+	u=R>>BF_2; \
+	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
+	v=R<>BF_0)&BF_M))+ \
+		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+		*(BF_LONG *)((unsigned char *)&(S[768])+((R<>24L)      ] + \
+		S[0x0100+((int)(R>>16L)&0xff)])^ \
+		S[0x0200+((int)(R>> 8L)&0xff)])+ \
+		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
+#endif
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
new file mode 100644
index 0000000000000000000000000000000000000000..e95aca5310461fc8d7637a1ec85d5f634a9a7cfb
--- /dev/null
+++ b/crypto/bf/bf_ofb64.c
@@ -0,0 +1,115 @@
+/* crypto/bf/bf_ofb64.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void BF_ofb64_encrypt(in, out, length, schedule, ivec, num)
+unsigned char *in;
+unsigned char *out;
+long length;
+BF_KEY *schedule;
+unsigned char *ivec;
+int *num;
+	{
+	register BF_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned char d[8];
+	register char *dp;
+	BF_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	n2l(iv,v0);
+	n2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2n(v0,dp);
+	l2n(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			BF_encrypt((BF_LONG *)ti,schedule,BF_ENCRYPT);
+			dp=(char *)d;
+			t=ti[0]; l2n(t,dp);
+			t=ti[1]; l2n(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=(unsigned char *)ivec;
+		l2n(v0,iv);
+		l2n(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
new file mode 100644
index 0000000000000000000000000000000000000000..f5918b361ebf173784863bc681f2b1a19e182177
--- /dev/null
+++ b/crypto/bf/bf_pi.h
@@ -0,0 +1,325 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static BF_KEY bf_init= {
+	{
+	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+	0x9216d5d9L, 0x8979fb1b
+	},{
+	0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
+	0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
+	0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
+	0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
+	0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
+	0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
+	0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
+	0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
+	0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
+	0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
+	0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
+	0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
+	0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
+	0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
+	0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
+	0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
+	0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
+	0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
+	0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
+	0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
+	0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
+	0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
+	0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
+	0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
+	0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
+	0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
+	0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
+	0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
+	0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
+	0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
+	0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
+	0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
+	0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
+	0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
+	0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
+	0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
+	0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
+	0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
+	0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
+	0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
+	0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
+	0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
+	0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
+	0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
+	0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
+	0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
+	0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
+	0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
+	0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
+	0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
+	0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
+	0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
+	0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
+	0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
+	0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
+	0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
+	0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
+	0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
+	0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
+	0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
+	0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
+	0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
+	0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
+	0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
+	0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
+	0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
+	0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
+	0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
+	0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
+	0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
+	0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
+	0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
+	0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
+	0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
+	0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
+	0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
+	0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
+	0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
+	0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
+	0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
+	0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
+	0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
+	0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
+	0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
+	0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
+	0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
+	0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
+	0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
+	0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
+	0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
+	0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
+	0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
+	0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
+	0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
+	0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
+	0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
+	0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
+	0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
+	0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
+	0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
+	0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
+	0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
+	0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
+	0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
+	0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
+	0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
+	0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
+	0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
+	0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
+	0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
+	0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
+	0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
+	0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
+	0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
+	0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
+	0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
+	0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
+	0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
+	0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
+	0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
+	0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
+	0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
+	0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
+	0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
+	0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
+	0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
+	0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
+	0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
+	0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
+	0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
+	0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
+	0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
+	0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
+	0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
+	0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
+	0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
+	0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
+	0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
+	0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
+	0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
+	0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
+	0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
+	0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
+	0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
+	0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
+	0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
+	0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
+	0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
+	0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
+	0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
+	0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
+	0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
+	0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
+	0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
+	0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
+	0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
+	0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
+	0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
+	0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
+	0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
+	0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
+	0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
+	0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
+	0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
+	0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
+	0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
+	0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
+	0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
+	0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
+	0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
+	0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
+	0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
+	0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
+	0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
+	0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
+	0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
+	0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
+	0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
+	0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
+	0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
+	0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
+	0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
+	0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
+	0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
+	0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
+	0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
+	0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
+	0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
+	0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
+	0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
+	0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
+	0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
+	0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
+	0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
+	0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
+	0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
+	0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
+	0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
+	0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
+	0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
+	0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
+	0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
+	0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
+	0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
+	0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
+	0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
+	0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
+	0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
+	0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
+	0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
+	0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
+	0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
+	0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
+	0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
+	0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
+	0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
+	0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
+	0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
+	0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
+	0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
+	0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
+	0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
+	0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
+	0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
+	0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
+	0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
+	0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
+	0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
+	0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
+	0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
+	0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
+	0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
+	0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
+	0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
+	0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
+	0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
+	0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
+	0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
+	0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
+	0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
+	0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
+	0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
+	0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
+	0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
+	0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
+	0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
+	0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
+	0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
+	0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
+	0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
+	0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
+	0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
+	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
+	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
+	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
+	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
+	}
+	};
+
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
new file mode 100644
index 0000000000000000000000000000000000000000..18ea37f7cc160da400b413eb26f8947769efd2bc
--- /dev/null
+++ b/crypto/bf/bf_skey.c
@@ -0,0 +1,119 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "blowfish.h"
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+void BF_set_key(key,len,data)
+BF_KEY *key;
+int len;
+unsigned char *data;
+	{
+	int i;
+	BF_LONG *p,ri,in[2];
+	unsigned char *d,*end;
+
+
+	memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY));
+	p=key->P;
+
+	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+
+	d=data;
+	end= &(data[len]);
+	for (i=0; i<(BF_ROUNDS+2); i++)
+		{
+		ri= *(d++);
+		if (d >= end) d=data;
+
+		ri<<=8;
+		ri|= *(d++);
+		if (d >= end) d=data;
+
+		ri<<=8;
+		ri|= *(d++);
+		if (d >= end) d=data;
+
+		ri<<=8;
+		ri|= *(d++);
+		if (d >= end) d=data;
+
+		p[i]^=ri;
+		}
+
+	in[0]=0L;
+	in[1]=0L;
+	for (i=0; i<(BF_ROUNDS+2); i+=2)
+		{
+		BF_encrypt(in,key,BF_ENCRYPT);
+		p[i  ]=in[0];
+		p[i+1]=in[1];
+		}
+
+	p=key->S;
+	for (i=0; i<4*256; i+=2)
+		{
+		BF_encrypt(in,key,BF_ENCRYPT);
+		p[i  ]=in[0];
+		p[i+1]=in[1];
+		}
+	}
+
diff --git a/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c
new file mode 100644
index 0000000000000000000000000000000000000000..ee20bd00f71a815484e4322c5d5b12c00f2b757b
--- /dev/null
+++ b/crypto/bf/bfspeed.c
@@ -0,0 +1,285 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#include 
+#ifndef MSDOS
+#include 
+#else
+#include 
+extern int exit();
+#endif
+#include 
+#ifndef VMS
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+#else /* VMS */
+#include 
+struct tms {
+	time_t tms_utime;
+	time_t tms_stime;
+	time_t tms_uchild;	/* I dunno...  */
+	time_t tms_uchildsys;	/* so these names are a guess :-) */
+	}
+#endif
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef sun
+#include 
+#include 
+#endif
+
+#include "blowfish.h"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ	100.0
+#else /* VMS */
+#define HZ	100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+
+SIGRETTYPE sig_done(sig)
+int sig;
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(s)
+int s;
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(argc,argv)
+int argc;
+char **argv;
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	BF_KEY sch;
+	double a,b,c,d;
+#ifndef SIGALRM
+	long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	BF_set_key(&sch,16,key);
+	count=10;
+	do	{
+		long i;
+		BF_LONG data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			BF_encrypt(data,&sch,BF_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/512;
+	cb=count;
+	cc=count*8/BUFSIZE+1;
+	printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing BF_set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count++)
+		BF_set_key(&sch,16,key);
+	d=Time_F(STOP);
+	printf("%ld blowfish set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing BF_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count++)
+		{
+		BF_LONG data[2];
+
+		BF_encrypt(data,&sch,BF_ENCRYPT);
+		}
+	d=Time_F(STOP);
+	printf("%ld BF_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&(key[0]),BF_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("blowfish set_key       per sec = %12.2f (%7.1fuS)\n",a,1.0e6/a);
+	printf("Blowfish raw ecb bytes per sec = %12.2f (%7.1fuS)\n",b,8.0e6/b);
+	printf("Blowfish cbc     bytes per sec = %12.2f (%7.1fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c
new file mode 100644
index 0000000000000000000000000000000000000000..2c678e418bd30f5d30678f27401ab906cdfb9b81
--- /dev/null
+++ b/crypto/bf/bftest.c
@@ -0,0 +1,521 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include 
+#include 
+#include 
+#include "blowfish.h"
+
+char *bf_key[2]={
+	"abcdefghijklmnopqrstuvwxyz",
+	"Who is John Galt?"
+	};
+
+/* big endian */
+BF_LONG bf_plain[2][2]={
+	{0x424c4f57,0x46495348},
+	{0xfedcba98,0x76543210}
+	};
+
+BF_LONG bf_cipher[2][2]={
+	{0x324ed0fe,0xf413a203},
+	{0xcc91732b,0x8022f684}
+	};
+/************/
+
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+	{0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+	{0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+	{0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+	{0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+	{0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+	{0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+	{0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+	{0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+	{0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+	{0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+	{0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+	{0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+	{0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+	{0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+	{0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+	{0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+	{0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+	{0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+	{0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+	{0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+	{0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+	{0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+	{0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+	{0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+	{0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+	{0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+	{0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+	{0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+	{0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+	{0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+	{0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+	{0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+	{0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+	{0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+	};
+
+static unsigned char cbc_key [16]={
+	0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+	0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+	0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+	0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+	0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+
+static unsigned char cfb64_ok[]={
+	0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+	0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+	0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+	0x51,0x9D,0x57,0xA6,0xC3};
+
+static unsigned char ofb64_ok[]={
+	0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+	0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+	0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+	0x63,0xC2,0xCF,0x80,0xDA};
+
+#define KEY_TEST_NUM	25
+unsigned char key_test[KEY_TEST_NUM]={
+	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+	0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+	0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+	0x88};
+
+unsigned char key_data[8]=
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+
+unsigned char key_out[KEY_TEST_NUM][8]={
+	{0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+	{0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+	{0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+	{0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+	{0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+	{0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+	{0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+	{0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+	{0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+	{0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+	{0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+	{0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+	{0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+	{0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+	{0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+	{0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+	{0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+	{0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+	{0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+	{0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+	{0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+	{0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+	{0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+	{0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+	};
+
+#ifndef NOPROTO
+static int test(void );
+static int print_test_data(void );
+#else
+static int test();
+static int print_test_data();
+#endif
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	int ret;
+
+	if (argc > 1)
+		ret=print_test_data();
+	else
+		ret=test();
+
+	exit(ret);
+	return(0);
+	}
+
+static int print_test_data()
+	{
+	unsigned int i,j;
+
+	printf("ecb test data\n");
+	printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+	for (i=0; i> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
new file mode 100644
index 0000000000000000000000000000000000000000..287aff2a5e6710b703d5306477455e3a5c3385a3
--- /dev/null
+++ b/crypto/bio/b_dump.c
@@ -0,0 +1,125 @@
+/* crypto/bio/b_dump.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+
+#define TRUNCATE
+#define DUMP_WIDTH	16
+
+int BIO_dump(bio,s,len)
+BIO *bio;
+char *s;
+int len;
+{
+  int ret=0;
+  char buf[160+1],tmp[20];
+  int i,j,rows,trunc;
+  unsigned char ch;
+
+  trunc=0;
+
+#ifdef TRUNCATE
+  for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
+    trunc++;
+#endif
+
+  rows=(len/DUMP_WIDTH);
+  if ((rows*DUMP_WIDTH)=len) {
+	strcat(buf,"   ");
+      } else {
+        ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+	sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+        strcat(buf,tmp);
+      }
+    }
+    strcat(buf,"  ");
+    for(j=0;j=len)
+	break;
+      ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+      sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+      strcat(buf,tmp);
+    }
+    strcat(buf,"\n");
+    /* if this is the last call then update the ddt_dump thing so that
+     * we will move the selection point in the debug window 
+     */
+    ret+=BIO_write(bio,(char *)buf,strlen(buf));
+  }
+#ifdef TRUNCATE
+  if (trunc > 0) {
+    sprintf(buf,"%04x - \n",len+trunc);
+    ret+=BIO_write(bio,(char *)buf,strlen(buf));
+  }
+#endif
+  return(ret);
+}
+
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
new file mode 100644
index 0000000000000000000000000000000000000000..0296296a7d8d2c411cb62ce178cf1a2f9bd102e3
--- /dev/null
+++ b/crypto/bio/b_print.c
@@ -0,0 +1,92 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+
+int BIO_printf ( VAR_PLIST( BIO *, bio ) )
+VAR_ALIST
+	{
+	VAR_BDEFN(args, BIO *, bio);
+	char *format;
+	int ret;
+	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
+
+	VAR_INIT(args, BIO *, bio);
+	VAR_ARG(args, char *, format);
+
+	hugebuf[0]='\0';
+
+/* no-one uses _doprnt anymore and it appears to be broken under SunOS 4.1.4 */
+#if 0 && defined(sun) && !defined(VAR_ANSI) /**/
+	_doprnt(hugebuf,format,args);
+#else /* !sun */
+	vsprintf(hugebuf,format,args);
+#endif /* sun */
+
+	ret=BIO_write(bio,hugebuf,strlen(hugebuf));
+
+	VAR_END( args );
+	return(ret);
+	}
+
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
new file mode 100644
index 0000000000000000000000000000000000000000..adab62135e7ddbf6da275a3bf77b26e50b577eb0
--- /dev/null
+++ b/crypto/bio/b_sock.c
@@ -0,0 +1,512 @@
+/* crypto/bio/b_sock.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SOCK
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+
+/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#ifdef WINDOWS
+static int wsa_init_done=0;
+#endif
+
+unsigned long BIO_ghbn_hits=0L;
+unsigned long BIO_ghbn_miss=0L;
+
+#ifndef NOPROTO
+static int get_ip(char *str,unsigned char *ip);
+#else
+static int get_ip();
+#endif
+
+int BIO_get_host_ip(str,ip)
+char *str;
+unsigned char *ip;
+	{
+	int i;
+	struct hostent *he;
+
+	i=get_ip(str,ip);
+	if (i > 0) return(1);
+	if (i < 0)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
+		return(0);
+		}
+	else
+		{ /* do a gethostbyname */
+		if (!BIO_sock_init()) return(0);
+
+		he=BIO_gethostbyname(str);
+		if (he == NULL)
+			{
+			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+			return(0);
+			}
+
+		/* cast to short because of win16 winsock definition */
+		if ((short)he->h_addrtype != AF_INET)
+			{
+			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+			return(0);
+			}
+		for (i=0; i<4; i++)
+			ip[i]=he->h_addr_list[0][i];
+		}
+	return(1);
+	}
+
+int BIO_get_port(str,port_ptr)
+char *str;
+short *port_ptr;
+	{
+	int i;
+	struct servent *s;
+
+	if (str == NULL)
+		{
+		BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
+		return(0);
+		}
+	i=atoi(str);
+	if (i != 0)
+		*port_ptr=(unsigned short)i;
+	else
+		{
+		s=getservbyname(str,"tcp");
+		if (s == NULL)
+			{
+			if (strcmp(str,"http") == 0)
+				*port_ptr=80;
+			else if (strcmp(str,"telnet") == 0)
+				*port_ptr=23;
+			else if (strcmp(str,"socks") == 0)
+				*port_ptr=1080;
+			else if (strcmp(str,"https") == 0)
+				*port_ptr=443;
+			else if (strcmp(str,"ssl") == 0)
+				*port_ptr=443;
+			else if (strcmp(str,"ftp") == 0)
+				*port_ptr=21;
+			else if (strcmp(str,"gopher") == 0)
+				*port_ptr=70;
+#if 0
+			else if (strcmp(str,"wais") == 0)
+				*port_ptr=21;
+#endif
+			else
+				{
+				SYSerr(SYS_F_GETSERVBYNAME,errno);
+				return(0);
+				}
+			return(1);
+			}
+		*port_ptr=htons((unsigned short)s->s_port);
+		}
+	return(1);
+	}
+
+int BIO_sock_error(sock)
+int sock;
+	{
+	int j,i,size;
+		 
+	size=sizeof(int);
+
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	if (i < 0)
+		return(1);
+	else
+		return(j);
+	}
+
+#define GHBN_NUM	4
+static struct ghbn_cache_st
+	{
+	char name[128];
+	struct hostent ent;
+	unsigned long order;
+	} ghbn_cache[GHBN_NUM];
+
+struct hostent *BIO_gethostbyname(name)
+char *name;
+	{
+	struct hostent *ret;
+	int i,lowi=0;
+	unsigned long low= (unsigned long)-1;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+	if (strlen(name) < 128)
+		{
+		for (i=0; i ghbn_cache[i].order)
+				{
+				low=ghbn_cache[i].order;
+				lowi=i;
+				}
+			if (ghbn_cache[i].order > 0)
+				{
+				if (strncmp(name,ghbn_cache[i].name,128) == 0)
+					break;
+				}
+			}
+		}
+	else
+		i=GHBN_NUM;
+
+	if (i == GHBN_NUM) /* no hit*/
+		{
+		BIO_ghbn_miss++;
+		ret=gethostbyname(name);
+		if (ret == NULL) return(NULL);
+		/* else add to cache */
+		strncpy(ghbn_cache[lowi].name,name,128);
+		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
+		}
+	else
+		{
+		BIO_ghbn_hits++;
+		ret= &(ghbn_cache[i].ent);
+		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+	return(ret);
+	}
+
+int BIO_sock_init()
+	{
+#ifdef WINDOWS
+	static struct WSAData wsa_state;
+
+	if (!wsa_init_done)
+		{
+		int err;
+	  
+#ifdef SIGINT
+		signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
+#endif
+		wsa_init_done=1;
+		memset(&wsa_state,0,sizeof(wsa_state));
+		if (WSAStartup(0x0101,&wsa_state)!=0)
+			{
+			err=WSAGetLastError();
+			SYSerr(SYS_F_WSASTARTUP,err);
+			BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
+			return(-1);
+			}
+		}
+#endif /* WINDOWS */
+	return(1);
+	}
+
+void BIO_sock_cleanup()
+	{
+#ifdef WINDOWS
+	if (wsa_init_done)
+		{
+		wsa_init_done=0;
+		WSACancelBlockingCall();
+		WSACleanup();
+		}
+#endif
+	}
+
+int BIO_socket_ioctl(fd,type,arg)
+int fd;
+long type;
+unsigned long *arg;
+	{
+	int i,err;
+
+#ifdef WINDOWS
+	i=ioctlsocket(fd,type,arg);
+#else
+	i=ioctl(fd,type,arg);
+#endif
+	if (i < 0)
+		{
+#ifdef WINDOWS
+		err=WSAGetLastError();
+#else
+		err=errno;
+#endif
+		SYSerr(SYS_F_IOCTLSOCKET,err);
+		}
+	return(i);
+	}
+
+/* The reason I have implemented this instead of using sscanf is because
+ * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
+static int get_ip(str,ip)
+char *str;
+unsigned char ip[4];
+	{
+	unsigned int tmp[4];
+	int num=0,c,ok=0;
+
+	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
+
+	for (;;)
+		{
+		c= *(str++);
+		if ((c >= '0') && (c <= '9'))
+			{
+			ok=1;
+			tmp[num]=tmp[num]*10+c-'0';
+			if (tmp[num] > 255) return(-1);
+			}
+		else if (c == '.')
+			{
+			if (!ok) return(-1);
+			if (num == 3) break;
+			num++;
+			ok=0;
+			}
+		else if ((num == 3) && ok)
+			break;
+		else
+			return(0);
+		}
+	ip[0]=tmp[0];
+	ip[1]=tmp[1];
+	ip[2]=tmp[2];
+	ip[3]=tmp[3];
+	return(1);
+	}
+
+int BIO_get_accept_socket(host)
+char *host;
+	{
+	int ret=0;
+	struct sockaddr_in server;
+	int s= -1;
+	unsigned char ip[4];
+	short port;
+	char *str,*h,*p,*e;
+	unsigned long l;
+
+	if (!BIO_sock_init()) return(INVALID_SOCKET);
+
+	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
+
+	h=p=NULL;
+	h=str;
+	for (e=str; *e; e++)
+		{
+		if (*e == ':')
+			{
+			p= &(e[1]);
+			*e='\0';
+			}
+		else if (*e == '/')
+			{
+			*e='\0';
+			break;
+			}
+		}
+
+	if (p == NULL)
+		{
+		p=h;
+		h="*";
+		}
+
+	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+
+	memset((char *)&server,0,sizeof(server));
+	server.sin_family=AF_INET;
+	server.sin_port=htons((unsigned short)port);
+
+	if (strcmp(h,"*") == 0)
+		server.sin_addr.s_addr=INADDR_ANY;
+	else
+		{
+		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+		l=(unsigned long)
+			((unsigned long)ip[0]<<24L)|
+			((unsigned long)ip[0]<<16L)|
+			((unsigned long)ip[0]<< 8L)|
+			((unsigned long)ip[0]);
+		server.sin_addr.s_addr=htonl(l);
+		}
+
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+	if (s == INVALID_SOCKET)
+		{
+#ifdef WINDOWS
+		errno=WSAGetLastError();
+#endif
+		SYSerr(SYS_F_SOCKET,errno);
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+		goto err;
+		}
+	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+		{
+#ifdef WINDOWS
+		errno=WSAGetLastError();
+#endif
+		SYSerr(SYS_F_BIND,errno);
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+		goto err;
+		}
+	if (listen(s,5) == -1)
+		{
+#ifdef WINDOWS
+		errno=WSAGetLastError();
+#endif
+		SYSerr(SYS_F_LISTEN,errno);
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
+		goto err;
+		}
+	ret=1;
+err:
+	if (str != NULL) Free(str);
+	if ((ret == 0) && (s != INVALID_SOCKET))
+		{
+#ifdef WINDOWS
+		closesocket(s);
+#else
+		close(s);
+#endif
+		s= INVALID_SOCKET;
+		}
+	return(s);
+	}
+
+int BIO_accept(sock,addr)
+int sock;
+char **addr;
+	{
+	int ret=INVALID_SOCKET;
+	static struct sockaddr_in from;
+	unsigned long l;
+	short port;
+	int len;
+	char *p;
+
+	memset((char *)&from,0,sizeof(from));
+	len=sizeof(from);
+	ret=accept(sock,(struct sockaddr *)&from,&len);
+	if (ret == INVALID_SOCKET)
+		{
+#ifdef WINDOWS
+		errno=WSAGetLastError();
+#endif
+		SYSerr(SYS_F_ACCEPT,errno);
+		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
+		goto end;
+		}
+
+	if (addr == NULL) goto end;
+
+	l=ntohl(from.sin_addr.s_addr);
+	port=ntohs(from.sin_port);
+	if (*addr == NULL)
+		{
+		if ((p=Malloc(24)) == NULL)
+			{
+			BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
+		*addr=p;
+		}
+	sprintf(*addr,"%d.%d.%d.%d:%d",
+		(unsigned char)(l>>24L)&0xff,
+		(unsigned char)(l>>16L)&0xff,
+		(unsigned char)(l>> 8L)&0xff,
+		(unsigned char)(l     )&0xff,
+		port);
+end:
+	return(ret);
+	}
+
+int BIO_set_tcp_ndelay(s,on)
+int s;
+int on;
+	{
+	int ret=0;
+#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+	int opt;
+
+#ifdef SOL_TCP
+	opt=SOL_TCP;
+#else
+#ifdef IPPROTO_TCP
+	opt=IPPROTO_TCP;
+#endif
+#endif
+	
+	ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
+#endif
+	return(ret == 0);
+	}
+#endif
+
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
new file mode 100644
index 0000000000000000000000000000000000000000..ac3ba14fe064669989353262d840cd9bb24f34dc
--- /dev/null
+++ b/crypto/bio/bf_buff.c
@@ -0,0 +1,489 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+#include "evp.h"
+
+#ifndef NOPROTO
+static int buffer_write(BIO *h,char *buf,int num);
+static int buffer_read(BIO *h,char *buf,int size);
+static int buffer_puts(BIO *h,char *str);
+static int buffer_gets(BIO *h,char *str,int size);
+static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+#else
+static int buffer_write();
+static int buffer_read();
+static int buffer_puts();
+static int buffer_gets();
+static long buffer_ctrl();
+static int buffer_new();
+static int buffer_free();
+#endif
+
+#define DEFAULT_BUFFER_SIZE	1024
+
+static BIO_METHOD methods_buffer=
+	{
+	BIO_TYPE_BUFFER,"buffer",
+	buffer_write,
+	buffer_read,
+	buffer_puts,
+	buffer_gets,
+	buffer_ctrl,
+	buffer_new,
+	buffer_free,
+	};
+
+BIO_METHOD *BIO_f_buffer()
+	{
+	return(&methods_buffer);
+	}
+
+static int buffer_new(bi)
+BIO *bi;
+	{
+	BIO_F_BUFFER_CTX *ctx;
+
+	ctx=(BIO_F_BUFFER_CTX *)Malloc(sizeof(BIO_F_BUFFER_CTX));
+	if (ctx == NULL) return(0);
+	ctx->ibuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
+	if (ctx->ibuf == NULL) { Free(ctx); return(0); }
+	ctx->obuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
+	if (ctx->obuf == NULL) { Free(ctx->ibuf); Free(ctx); return(0); }
+	ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
+	ctx->obuf_size=DEFAULT_BUFFER_SIZE;
+	ctx->ibuf_len=0;
+	ctx->ibuf_off=0;
+	ctx->obuf_len=0;
+	ctx->obuf_off=0;
+
+	bi->init=1;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int buffer_free(a)
+BIO *a;
+	{
+	BIO_F_BUFFER_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_F_BUFFER_CTX *)a->ptr;
+	if (b->ibuf != NULL) Free(b->ibuf);
+	if (b->obuf != NULL) Free(b->obuf);
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int buffer_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int i,num=0;
+	BIO_F_BUFFER_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+	num=0;
+	BIO_clear_retry_flags(b);
+
+start:
+	i=ctx->ibuf_len;
+	/* If there is stuff left over, grab it */
+	if (i != 0)
+		{
+		if (i > outl) i=outl;
+		memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
+		ctx->ibuf_off+=i;
+		ctx->ibuf_len-=i;
+		num+=i;
+		if (outl == i)  return(num);
+		outl-=i;
+		out+=i;
+		}
+
+	/* We may have done a partial read. try to do more.
+	 * We have nothing in the buffer.
+	 * If we get an error and have read some data, just return it
+	 * and let them retry to get the error again.
+	 * copy direct to parent address space */
+	if (outl > ctx->ibuf_size)
+		{
+		for (;;)
+			{
+			i=BIO_read(b->next_bio,out,outl);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+			num+=i;
+			if (outl == i) return(num);
+			out+=i;
+			outl-=i;
+			}
+		}
+	/* else */
+
+	/* we are going to be doing some buffering */
+	i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+	if (i <= 0)
+		{
+		BIO_copy_next_retry(b);
+		if (i < 0) return((num > 0)?num:i);
+		if (i == 0) return(num);
+		}
+	ctx->ibuf_off=0;
+	ctx->ibuf_len=i;
+
+	/* Lets re-read using ourselves :-) */
+	goto start;
+	}
+
+static int buffer_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int i,num=0;
+	BIO_F_BUFFER_CTX *ctx;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	BIO_clear_retry_flags(b);
+start:
+	i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
+	/* add to buffer and return */
+	if (i >= inl)
+		{
+		memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
+		ctx->obuf_len+=inl;
+		return(num+inl);
+		}
+	/* else */
+	/* stuff already in buffer, so add to it first, then flush */
+	if (ctx->obuf_len != 0)
+		{
+		if (i > 0) /* lets fill it up if we can */
+			{
+			memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
+			in+=i;
+			inl-=i;
+			num+=i;
+			ctx->obuf_len+=i;
+			}
+		/* we now have a full buffer needing flushing */
+		for (;;)
+			{
+			i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
+				ctx->obuf_len);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+			ctx->obuf_off+=i;
+			ctx->obuf_len-=i;
+			if (ctx->obuf_len == 0) break;
+			}
+		}
+	/* we only get here if the buffer has been flushed and we
+	 * still have stuff to write */
+	ctx->obuf_off=0;
+
+	/* we now have inl bytes to write */
+	while (inl >= ctx->obuf_size)
+		{
+		i=BIO_write(b->next_bio,in,inl);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			if (i < 0) return((num > 0)?num:i);
+			if (i == 0) return(num);
+			}
+		num+=i;
+		in+=i;
+		inl-=i;
+		if (inl == 0) return(num);
+		}
+
+	/* copy the rest into the buffer since we have only a small 
+	 * amount left */
+	goto start;
+	}
+
+static long buffer_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	BIO *dbio;
+	BIO_F_BUFFER_CTX *ctx;
+	long ret=1;
+	char *p1,*p2;
+	int r,i,*ip;
+	int ibs,obs;
+
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->ibuf_off=0;
+		ctx->ibuf_len=0;
+		ctx->obuf_off=0;
+		ctx->obuf_len=0;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->obuf_len;
+		break;
+	case BIO_C_GET_BUFF_NUM_LINES:
+		ret=0;
+		p1=ctx->ibuf;
+		for (i=ctx->ibuf_off; iibuf_len; i++)
+			{
+			if (p1[i] == '\n') ret++;
+			}
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=(long)ctx->obuf_len;
+		if (ret == 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING:
+		ret=(long)ctx->ibuf_len;
+		if (ret == 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_SET_BUFF_SIZE:
+		if (ptr != NULL)
+			{
+			ip=(int *)ptr;
+			if (*ip == 0)
+				{
+				ibs=(int)num;
+				obs=ctx->obuf_size;
+				}
+			else /* if (*ip == 1) */
+				{
+				ibs=ctx->ibuf_size;
+				obs=(int)num;
+				}
+			}
+		else
+			{
+			ibs=(int)num;
+			obs=(int)num;
+			}
+		p1=ctx->ibuf;
+		p2=ctx->obuf;
+		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
+			{
+			p1=(char *)Malloc((int)num);
+			if (p1 == NULL) { ret=0; break; }
+			}
+		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
+			{
+			p2=(char *)Malloc((int)num);
+			if (p2 == NULL)
+				{
+				ret=0;
+				if (p1 != ctx->ibuf) Free(p1);
+				break;
+				}
+			}
+		if (ctx->ibuf != p1)
+			{
+			Free(ctx->ibuf);
+			ctx->ibuf=p1;
+			ctx->ibuf_off=0;
+			ctx->ibuf_len=0;
+			ctx->ibuf_size=ibs;
+			}
+		if (ctx->obuf != p2)
+			{
+			Free(ctx->obuf);
+			ctx->obuf=p2;
+			ctx->obuf_off=0;
+			ctx->obuf_len=0;
+			ctx->obuf_size=obs;
+			}
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_FLUSH:
+		if (ctx->obuf_len <= 0)
+			break;
+
+		for (;;)
+			{
+			BIO_clear_retry_flags(b);
+			if (ctx->obuf_len > ctx->obuf_off)
+				{
+				r=BIO_write(b->next_bio,
+					&(ctx->obuf[ctx->obuf_off]),
+					ctx->obuf_len-ctx->obuf_off);
+#if 0
+fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
+#endif
+				BIO_copy_next_retry(b);
+				if (r <= 0) return((long)r);
+				ctx->obuf_off+=r;
+				}
+			else
+				{
+				ctx->obuf_len=0;
+				ctx->obuf_off=0;
+				ret=1;
+				break;
+				}
+			}
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (	!BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
+			!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+			ret=0;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static int buffer_gets(b,buf,size)
+BIO *b;
+char *buf;
+int size;
+	{
+	BIO_F_BUFFER_CTX *ctx;
+	int num=0,i;
+	char *p;
+
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+	size--;
+	BIO_clear_retry_flags(b);
+
+	for (;;)
+		{
+		if (ctx->ibuf_len != 0)
+			{
+			p= &(ctx->ibuf[ctx->ibuf_off]);
+			for (i=0; (iibuf_len) && (i<(size-1)); i++)
+				{
+				*(buf++)=p[i];
+				if (p[i] == '\n') break;
+				}
+			num+=i;
+			size-=i;
+			ctx->ibuf_len-=i;
+			ctx->ibuf_off+=i;
+			if (p[i] == '\n')
+				{
+				buf[i+1]='\0';
+				ctx->ibuf_len--;
+				ctx->ibuf_off++;
+				return(num);
+				}
+			}
+		else	/* read another chunk */
+			{
+			i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+			ctx->ibuf_len=i;
+			ctx->ibuf_off=0;
+			}
+		}
+	}
+
+static int buffer_puts(b,str)
+BIO *b;
+char *str;
+	{
+	return(BIO_write(b,str,strlen(str)));
+	}
+
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
new file mode 100644
index 0000000000000000000000000000000000000000..b493100ba42c2a0919ddfa26359e7842eb87c0eb
--- /dev/null
+++ b/crypto/bio/bf_nbio.c
@@ -0,0 +1,266 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "rand.h"
+#include "bio.h"
+#include "evp.h"
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+#ifndef NOPROTO
+static int nbiof_write(BIO *h,char *buf,int num);
+static int nbiof_read(BIO *h,char *buf,int size);
+static int nbiof_puts(BIO *h,char *str);
+static int nbiof_gets(BIO *h,char *str,int size);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+#else
+static int nbiof_write();
+static int nbiof_read();
+static int nbiof_puts();
+static int nbiof_gets();
+static long nbiof_ctrl();
+static int nbiof_new();
+static int nbiof_free();
+#endif
+
+typedef struct nbio_test_st
+	{
+	/* only set if we sent a 'should retry' error */
+	int lrn;
+	int lwn;
+	} NBIO_TEST;
+
+static BIO_METHOD methods_nbiof=
+	{
+	BIO_TYPE_NBIO_TEST,"non-blocking IO test filter",
+	nbiof_write,
+	nbiof_read,
+	nbiof_puts,
+	nbiof_gets,
+	nbiof_ctrl,
+	nbiof_new,
+	nbiof_free,
+	};
+
+BIO_METHOD *BIO_f_nbio_test()
+	{
+	return(&methods_nbiof);
+	}
+
+static int nbiof_new(bi)
+BIO *bi;
+	{
+	NBIO_TEST *nt;
+
+	nt=(NBIO_TEST *)Malloc(sizeof(NBIO_TEST));
+	nt->lrn= -1;
+	nt->lwn= -1;
+	bi->ptr=(char *)nt;
+	bi->init=1;
+	bi->flags=0;
+	return(1);
+	}
+
+static int nbiof_free(a)
+BIO *a;
+	{
+	if (a == NULL) return(0);
+	if (a->ptr != NULL)
+		Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int nbiof_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	NBIO_TEST *nt;
+	int ret=0;
+#if 0
+	int num;
+	unsigned char n;
+#endif
+
+	if (out == NULL) return(0);
+	if (b->next_bio == NULL) return(0);
+	nt=(NBIO_TEST *)b->ptr;
+
+	BIO_clear_retry_flags(b);
+#if 0
+	RAND_bytes(&n,1);
+	num=(n&0x07);
+
+	if (outl > num) outl=num;
+
+	if (num == 0)
+		{
+		ret= -1;
+		BIO_set_retry_read(b);
+		}
+	else
+#endif
+		{
+		ret=BIO_read(b->next_bio,out,outl);
+		if (ret < 0)
+			BIO_copy_next_retry(b);
+		}
+	return(ret);
+	}
+
+static int nbiof_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	NBIO_TEST *nt;
+	int ret=0;
+	int num;
+	unsigned char n;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+	nt=(NBIO_TEST *)b->ptr;
+
+	BIO_clear_retry_flags(b);
+
+#if 1
+	if (nt->lwn > 0)
+		{
+		num=nt->lwn;
+		nt->lwn=0;
+		}
+	else
+		{
+		RAND_bytes(&n,1);
+		num=(n&7);
+		}
+
+	if (inl > num) inl=num;
+
+	if (num == 0)
+		{
+		ret= -1;
+		BIO_set_retry_write(b);
+		}
+	else
+#endif
+		{
+		ret=BIO_write(b->next_bio,in,inl);
+		if (ret < 0)
+			{
+			BIO_copy_next_retry(b);
+			nt->lwn=inl;
+			}
+		}
+	return(ret);
+	}
+
+static long nbiof_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+        case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_DUP:
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static int nbiof_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_gets(bp->next_bio,buf,size));
+	}
+
+
+static int nbiof_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_puts(bp->next_bio,str));
+	}
+
+
diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
new file mode 100644
index 0000000000000000000000000000000000000000..9864f4a03cc500cad58d47da24a3d2bd94d681d8
--- /dev/null
+++ b/crypto/bio/bf_null.c
@@ -0,0 +1,194 @@
+/* crypto/bio/bf_null.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+#include "evp.h"
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+#ifndef NOPROTO
+static int nullf_write(BIO *h,char *buf,int num);
+static int nullf_read(BIO *h,char *buf,int size);
+static int nullf_puts(BIO *h,char *str);
+static int nullf_gets(BIO *h,char *str,int size);
+static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nullf_new(BIO *h);
+static int nullf_free(BIO *data);
+#else
+static int nullf_write();
+static int nullf_read();
+static int nullf_puts();
+static int nullf_gets();
+static long nullf_ctrl();
+static int nullf_new();
+static int nullf_free();
+#endif
+
+static BIO_METHOD methods_nullf=
+	{
+	BIO_TYPE_NULL_FILTER,"NULL filter",
+	nullf_write,
+	nullf_read,
+	nullf_puts,
+	nullf_gets,
+	nullf_ctrl,
+	nullf_new,
+	nullf_free,
+	};
+
+BIO_METHOD *BIO_f_null()
+	{
+	return(&methods_nullf);
+	}
+
+static int nullf_new(bi)
+BIO *bi;
+	{
+	bi->init=1;
+	bi->ptr=NULL;
+	bi->flags=0;
+	return(1);
+	}
+
+static int nullf_free(a)
+BIO *a;
+	{
+	if (a == NULL) return(0);
+/*	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;*/
+	return(1);
+	}
+	
+static int nullf_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret=0;
+ 
+	if (out == NULL) return(0);
+	if (b->next_bio == NULL) return(0);
+	ret=BIO_read(b->next_bio,out,outl);
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int nullf_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret=0;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+	ret=BIO_write(b->next_bio,in,inl);
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long nullf_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch(cmd)
+		{
+        case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_DUP:
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		}
+	return(ret);
+	}
+
+static int nullf_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_gets(bp->next_bio,buf,size));
+	}
+
+
+static int nullf_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_puts(bp->next_bio,str));
+	}
+
+
diff --git a/crypto/bio/bio.err b/crypto/bio/bio.err
new file mode 100644
index 0000000000000000000000000000000000000000..3363971b318c4f4bf7ecf6b330ad28917c612f07
--- /dev/null
+++ b/crypto/bio/bio.err
@@ -0,0 +1,43 @@
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+#define BIO_F_ACPT_STATE				 100
+#define BIO_F_BIO_ACCEPT				 101
+#define BIO_F_BIO_CTRL					 102
+#define BIO_F_BIO_GETS					 103
+#define BIO_F_BIO_GET_ACCEPT_SOCKET			 104
+#define BIO_F_BIO_GET_HOST_IP				 105
+#define BIO_F_BIO_GET_PORT				 106
+#define BIO_F_BIO_NEW					 107
+#define BIO_F_BIO_NEW_FILE				 108
+#define BIO_F_BIO_PUTS					 109
+#define BIO_F_BIO_READ					 110
+#define BIO_F_BIO_SOCK_INIT				 111
+#define BIO_F_BIO_WRITE					 112
+#define BIO_F_CONN_STATE				 113
+#define BIO_F_FILE_CTRL					 114
+#define BIO_F_MEM_WRITE					 115
+#define BIO_F_WSASTARTUP				 116
+
+/* Reason codes. */
+#define BIO_R_ACCEPT_ERROR				 100
+#define BIO_R_BAD_FOPEN_MODE				 101
+#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
+#define BIO_R_CONNECT_ERROR				 103
+#define BIO_R_ERROR_SETTING_NBIO			 104
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
+#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
+#define BIO_R_INVALID_IP_ADDRESS			 108
+#define BIO_R_NBIO_CONNECT_ERROR			 109
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 110
+#define BIO_R_NO_HOSTHNAME_SPECIFIED			 111
+#define BIO_R_NO_PORT_DEFINED				 112
+#define BIO_R_NO_PORT_SPECIFIED				 113
+#define BIO_R_NULL_PARAMETER				 114
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 115
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 116
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 117
+#define BIO_R_UNINITALISED				 118
+#define BIO_R_UNSUPPORTED_METHOD			 119
+#define BIO_R_WSASTARTUP				 120
diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
new file mode 100644
index 0000000000000000000000000000000000000000..0b2c6e77e1b8095cb8c9e9cc70e65bdebb76257e
--- /dev/null
+++ b/crypto/bio/bio.h
@@ -0,0 +1,597 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BIO_H
+#define HEADER_BIO_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* These are the 'types' of BIOs */
+#define BIO_TYPE_NONE		0
+#define BIO_TYPE_MEM		(1|0x0400)
+#define BIO_TYPE_FILE		(2|0x0400)
+
+#define BIO_TYPE_FD		(4|0x0400|0x0100)
+#define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
+#define BIO_TYPE_NULL		(6|0x0400)
+#define BIO_TYPE_SSL		(7|0x0200)
+#define BIO_TYPE_MD		(8|0x0200)		/* pasive filter */
+#define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */
+#define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */
+#define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
+#define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */
+#define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */
+#define BIO_TYPE_PROXY_CLIENT	(14|0x0400)		/* client proxy BIO */
+#define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */
+#define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
+#define BIO_TYPE_NULL_FILTER	(17|0x0200)
+
+#define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
+#define BIO_TYPE_FILTER		0x0200
+#define BIO_TYPE_SOURCE_SINK	0x0400
+
+/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
+#define BIO_NOCLOSE		0x00
+#define BIO_CLOSE		0x01
+
+/* These are used in the following macros and are passed to
+ * BIO_ctrl() */
+#define BIO_CTRL_RESET		1  /* opt - rewind/zero etc */
+#define BIO_CTRL_EOF		2  /* opt - are we at the eof */
+#define BIO_CTRL_INFO		3  /* opt - extra tit-bits */
+#define BIO_CTRL_SET		4  /* man - set the 'IO' type */
+#define BIO_CTRL_GET		5  /* man - get the 'IO' type */
+#define BIO_CTRL_PUSH		6  /* opt - internal, used to signify change */
+#define BIO_CTRL_POP		7  /* opt - internal, used to signify change */
+#define BIO_CTRL_GET_CLOSE	8  /* man - set the 'close' on free */
+#define BIO_CTRL_SET_CLOSE	9  /* man - set the 'close' on free */
+#define BIO_CTRL_PENDING	10  /* opt - is their more data buffered */
+#define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */
+#define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */
+#define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */
+
+#define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */
+
+/* modifiers */
+#define BIO_FP_READ		0x02
+#define BIO_FP_WRITE		0x04
+#define BIO_FP_APPEND		0x08
+#define BIO_FP_TEXT		0x10
+
+#define BIO_FLAGS_READ		0x01
+#define BIO_FLAGS_WRITE		0x02
+#define BIO_FLAGS_IO_SPECIAL	0x04
+#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+#define BIO_FLAGS_SHOULD_RETRY	0x08
+
+/* Mostly used in the SSL BIO */
+#define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+#define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+#define BIO_FLAGS_PROTOCOL_STARTUP	0x40
+
+#define BIO_set_flags(b,f) ((b)->flags|=(f))
+#define BIO_set_retry_special(b) \
+		((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_read(b) \
+		((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_write(b) \
+		((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+#define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
+#define BIO_clear_retry_flags(b) \
+		((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_get_retry_flags(b) \
+		((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These shouldbe used by the application to tell why we should retry */
+#define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
+#define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
+#define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)
+#define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
+#define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+
+/* The next two are used in conjunction with the
+ * BIO_should_io_special() condition.  After this returns true,
+ * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
+ * stack and return the 'reason' for the special and the offending BIO.
+ * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
+/* Returned from the SSL bio when the certificate retrieval code had an error */
+#define BIO_RR_SSL_X509_LOOKUP		0x01
+/* Returned from the connect BIO when a connect would have blocked */
+#define BIO_RR_CONNECT			0x02
+
+/* These are passed by the BIO callback */
+#define BIO_CB_FREE	0x01
+#define BIO_CB_READ	0x02
+#define BIO_CB_WRITE	0x03
+#define BIO_CB_PUTS	0x04
+#define BIO_CB_GETS	0x05
+#define BIO_CB_CTRL	0x06
+
+/* The callback is called before and after the underling operation,
+ * The BIO_CB_RETURN flag indicates if it is after the call */
+#define BIO_CB_RETURN	0x80
+#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+#define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))
+#define BIO_cb_post(a)	((a)&BIO_CB_RETURN)
+
+#define BIO_set_callback(b,cb)		((b)->callback=(cb))
+#define BIO_set_callback_arg(b,arg)	((b)->cb_arg=(char *)(arg))
+#define BIO_get_callback_arg(b)		((b)->cb_arg)
+#define BIO_get_callback(b)		((b)->callback)
+#define BIO_method_name(b)		((b)->method->name)
+#define BIO_method_type(b)		((b)->method->type)
+
+#ifndef WIN16
+typedef struct bio_method_st
+	{
+	int type;
+	char *name;
+	int (*bwrite)();
+	int (*bread)();
+	int (*bputs)();
+	int (*bgets)();
+	long (*ctrl)();
+	int (*create)();
+	int (*destroy)();
+	} BIO_METHOD;
+#else
+typedef struct bio_method_st
+	{
+	int type;
+	char *name;
+	int (_far *bwrite)();
+	int (_far *bread)();
+	int (_far *bputs)();
+	int (_far *bgets)();
+	long (_far *ctrl)();
+	int (_far *create)();
+	int (_far *destroy)();
+	} BIO_METHOD;
+#endif
+
+typedef struct bio_st
+	{
+	BIO_METHOD *method;
+#ifndef NOPROTO
+	/* bio, mode, argp, argi, argl, ret */
+	long (*callback)(struct bio_st *,int,char *,int, long,long);
+#else
+	long (*callback)();
+#endif
+	char *cb_arg; /* first argument for the callback */
+
+	int init;
+	int shutdown;
+	int flags;	/* extra storage */
+	int retry_reason;
+	int num;
+	char *ptr;
+	struct bio_st *next_bio;	/* used by filter BIOs */
+	struct bio_st *prev_bio;	/* used by filter BIOs */
+	int references;
+	unsigned long num_read;
+	unsigned long num_write;
+
+	char *app_data;
+	} BIO;
+
+typedef struct bio_f_buffer_ctx_struct
+	{
+	/* BIO *bio; */ /* this is now in the BIO struct */
+	int ibuf_size;	/* how big is the input buffer */
+	int obuf_size;	/* how big is the output buffer */
+
+	char *ibuf;		/* the char array */
+	int ibuf_len;		/* how many bytes are in it */
+	int ibuf_off;		/* write/read offset */
+
+	char *obuf;		/* the char array */
+	int obuf_len;		/* how many bytes are in it */
+	int obuf_off;		/* write/read offset */
+	} BIO_F_BUFFER_CTX;
+
+#define BIO_number_read(b)	((b)->num_read)
+#define BIO_number_written(b)	((b)->num_write)
+
+#define BIO_C_SET_CONNECT			100
+#define BIO_C_DO_STATE_MACHINE			101
+#define BIO_C_SET_NBIO				102
+#define BIO_C_SET_PROXY_PARAM			103
+#define BIO_C_SET_FD				104
+#define BIO_C_GET_FD				105
+#define BIO_C_SET_FILE_PTR			106
+#define BIO_C_GET_FILE_PTR			107
+#define BIO_C_SET_FILENAME			108
+#define BIO_C_SET_SSL				109
+#define BIO_C_GET_SSL				110
+#define BIO_C_SET_MD				111
+#define BIO_C_GET_MD				112
+#define BIO_C_GET_CIPHER_STATUS			113
+#define BIO_C_SET_BUF_MEM			114
+#define BIO_C_GET_BUF_MEM_PTR			115
+#define BIO_C_GET_BUFF_NUM_LINES		116
+#define BIO_C_SET_BUFF_SIZE			117
+#define BIO_C_SET_ACCEPT			118
+#define BIO_C_SSL_MODE				119
+#define BIO_C_GET_MD_CTX			120
+#define BIO_C_GET_PROXY_PARAM			121
+
+#define BIO_set_app_data(s,arg)		((s)->app_data=(char *)arg)
+#define BIO_get_app_data(s)		((s)->app_data)
+
+/* BIO_s_connect_socket() */
+#define BIO_set_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#define BIO_set_port(b,port)	BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+/* BIO_s_accept_socket() */
+#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+/* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#define BIO_set_nbio_accpet(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+#define BIO_do_connect(b)	BIO_do_handshake(b)
+#define BIO_do_accept(b)	BIO_do_handshake(b)
+#define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_proxy_client() */
+#define BIO_set_url(b,url)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+#define BIO_set_proxies(b,p)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+#define BIO_set_proxy_cb(b,cb) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(char *)(cb))
+#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+
+#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+#define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+
+#define BIO_set_fd(b,fd,c)	BIO_ctrl_int(b,BIO_C_SET_FD,c,fd)
+#define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+#define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+#define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_READ,name)
+#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_WRITE,name)
+#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_APPEND,name)
+
+#define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+#define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+#define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+#define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+#define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+
+/* For the BIO_f_buffer() type */
+#define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+#define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+#define BIO_set_read_buffer_size(b,size) BIO_ctrl_int(b,BIO_C_SET_BUFF_SIZE,size,0)
+#define BIO_set_write_buffer_size(b,size) BIO_ctrl_int(b,BIO_C_SET_BUFF_SIZE,size,1)
+
+/* Don't use the next one unless you know what you are doing :-) */
+#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)ret)
+
+#define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+#define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+#define BIO_set_close(b,c)	(int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+#define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+#define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+#define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+#define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+
+/* For the BIO_f_buffer() type */
+#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+#ifndef NOPROTO
+BIO *	BIO_new(BIO_METHOD *type);
+int	BIO_set(BIO *a,BIO_METHOD *type);
+int	BIO_free(BIO *a);
+int	BIO_read(BIO *b, char *data, int len);
+int	BIO_gets(BIO *bp,char *buf, int size);
+int	BIO_write(BIO *b, char *data, int len);
+int	BIO_puts(BIO *bp,char *buf);
+long	BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);
+long	BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg);
+BIO *	BIO_push(BIO *b,BIO *append);
+BIO *	BIO_pop(BIO *b);
+void	BIO_free_all(BIO *a);
+BIO *	BIO_find_type(BIO *b,int bio_type);
+BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);
+int	BIO_get_retry_reason(BIO *bio);
+BIO *	BIO_dup_chain(BIO *in);
+
+#ifndef WIN16
+long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+	long argl,long ret);
+#else
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+	long argl,long ret);
+#endif
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+BIO_METHOD *BIO_s_file(void);
+#else
+BIO_METHOD *BIO_s_file_internal_w16(void);
+#endif
+
+BIO_METHOD *BIO_s_mem(void);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_nbio_test(void);
+BIO_METHOD *BIO_f_buffer(void);
+
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump(BIO *b,char *bytes,int len);
+
+struct hostent *BIO_gethostbyname(char *name);
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+int BIO_get_port(char *str, short *port_ptr);
+int BIO_get_host_ip(char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port);
+int BIO_accept(int sock,char **ip_port);
+int BIO_sock_init(void );
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock,int turn_on);
+
+void ERR_load_BIO_strings(void );
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+BIO *BIO_new_file(char *filename, char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+#endif
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+
+void BIO_copy_next_retry(BIO *b);
+
+#else
+
+BIO *	BIO_new();
+int	BIO_set();
+int	BIO_free();
+int	BIO_read();
+int	BIO_gets();
+int	BIO_write();
+int	BIO_puts();
+long	BIO_ctrl();
+long	BIO_ctrl_int();
+BIO *	BIO_push();
+BIO *	BIO_pop();
+void	BIO_free_all();
+BIO *	BIO_find_type();
+BIO *	BIO_get_retry_BIO();
+int	BIO_get_retry_reason();
+BIO *	BIO_dup_chain();
+
+#ifndef WIN16
+long BIO_debug_callback();
+#else
+long _far _loadds BIO_debug_callback();
+#endif
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+BIO_METHOD *BIO_s_file();
+#else
+BIO_METHOD *BIO_s_file_internal_w16();
+#endif
+
+BIO_METHOD *BIO_s_mem();
+BIO_METHOD *BIO_s_socket();
+BIO_METHOD *BIO_s_connect();
+BIO_METHOD *BIO_s_accept();
+BIO_METHOD *BIO_s_fd();
+BIO_METHOD *BIO_s_null();
+BIO_METHOD *BIO_f_null();
+BIO_METHOD *BIO_f_buffer();
+BIO_METHOD *BIO_f_nbio_test();
+
+int BIO_sock_should_retry();
+int BIO_sock_non_fatal_error();
+int BIO_fd_should_retry();
+int BIO_fd_non_fatal_error();
+int BIO_dump();
+
+struct hostent *BIO_gethostbyname();
+int BIO_sock_error();
+int BIO_socket_ioctl();
+int BIO_get_port();
+int BIO_get_host_ip();
+int BIO_get_accept_socket();
+int BIO_accept();
+int BIO_sock_init();
+void BIO_sock_cleanup();
+int BIO_set_tcp_ndelay();
+
+void ERR_load_BIO_strings();
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+BIO *BIO_new_file();
+BIO *BIO_new_fp();
+#endif
+BIO *BIO_new_socket();
+BIO *BIO_new_fd();
+BIO *BIO_new_connect();
+BIO *BIO_new_accept();
+
+void BIO_copy_next_retry();
+
+#endif
+
+/* Tim Hudson's portable varargs stuff */
+
+#ifndef NOPROTO
+#define VAR_ANSI	/* select ANSI version by default */
+#endif
+
+#ifdef VAR_ANSI
+/* ANSI version of a "portable" macro set for variable length args */
+#ifndef __STDARG_H__ /**/
+#include 
+#endif /**/
+
+#define VAR_PLIST(arg1type,arg1)    arg1type arg1, ...
+#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) arg1type arg1,arg2type arg2,...
+#define VAR_ALIST
+#define VAR_BDEFN(args,arg1type,arg1)   va_list args
+#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args
+#define VAR_INIT(args,arg1type,arg1)    va_start(args,arg1);
+#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args,arg2);
+#define VAR_ARG(args,type,arg)	arg=va_arg(args,type)
+#define VAR_END(args)		va_end(args);
+
+#else
+
+/* K&R version of a "portable" macro set for variable length args */
+#ifndef __VARARGS_H__
+#include 
+#endif
+
+#define VAR_PLIST(arg1type,arg1)	va_alist
+#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) va_alist
+#define VAR_ALIST		va_dcl
+#define VAR_BDEFN(args,arg1type,arg1)	va_list args; arg1type arg1
+#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args; \
+	arg1type arg1; arg2type arg2
+#define VAR_INIT(args,arg1type,arg1)	va_start(args); \
+	arg1=va_arg(args,arg1type);
+#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args); \
+	arg1=va_arg(args,arg1type);	arg2=va_arg(args,arg2type);
+#define VAR_ARG(args,type,arg)		arg=va_arg(args,type)
+#define VAR_END(args)			va_end(args);
+
+#endif
+
+#ifndef NOPROTO
+int BIO_printf( VAR_PLIST( BIO *, bio ) );
+#else
+int BIO_printf();
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+#define BIO_F_ACPT_STATE				 100
+#define BIO_F_BIO_ACCEPT				 101
+#define BIO_F_BIO_CTRL					 102
+#define BIO_F_BIO_GETS					 103
+#define BIO_F_BIO_GET_ACCEPT_SOCKET			 104
+#define BIO_F_BIO_GET_HOST_IP				 105
+#define BIO_F_BIO_GET_PORT				 106
+#define BIO_F_BIO_NEW					 107
+#define BIO_F_BIO_NEW_FILE				 108
+#define BIO_F_BIO_PUTS					 109
+#define BIO_F_BIO_READ					 110
+#define BIO_F_BIO_SOCK_INIT				 111
+#define BIO_F_BIO_WRITE					 112
+#define BIO_F_CONN_STATE				 113
+#define BIO_F_FILE_CTRL					 114
+#define BIO_F_MEM_WRITE					 115
+#define BIO_F_WSASTARTUP				 116
+
+/* Reason codes. */
+#define BIO_R_ACCEPT_ERROR				 100
+#define BIO_R_BAD_FOPEN_MODE				 101
+#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
+#define BIO_R_CONNECT_ERROR				 103
+#define BIO_R_ERROR_SETTING_NBIO			 104
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
+#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
+#define BIO_R_INVALID_IP_ADDRESS			 108
+#define BIO_R_NBIO_CONNECT_ERROR			 109
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 110
+#define BIO_R_NO_HOSTHNAME_SPECIFIED			 111
+#define BIO_R_NO_PORT_DEFINED				 112
+#define BIO_R_NO_PORT_SPECIFIED				 113
+#define BIO_R_NULL_PARAMETER				 114
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 115
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 116
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 117
+#define BIO_R_UNINITALISED				 118
+#define BIO_R_UNSUPPORTED_METHOD			 119
+#define BIO_R_WSASTARTUP				 120
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
new file mode 100644
index 0000000000000000000000000000000000000000..2f98cd1256bf05c1d20998480971009548ccb18d
--- /dev/null
+++ b/crypto/bio/bio_cb.c
@@ -0,0 +1,132 @@
+/* crypto/bio/bio_cb.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+#include "err.h"
+
+long MS_CALLBACK BIO_debug_callback(bio,cmd,argp,argi,argl,ret)
+BIO *bio;
+int cmd;
+char *argp;
+int argi;
+long argl;
+long ret;
+	{
+	BIO *b;
+	MS_STATIC char buf[256];
+	char *p;
+	long r=1;
+
+	if (BIO_CB_RETURN & cmd)
+		r=ret;
+
+	sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
+	p= &(buf[14]);
+	switch (cmd)
+		{
+	case BIO_CB_FREE:
+		sprintf(p,"Free - %s\n",bio->method->name);
+		break;
+	case BIO_CB_READ:
+		sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+		break;
+	case BIO_CB_WRITE:
+		sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+		break;
+	case BIO_CB_PUTS:
+		sprintf(p,"puts() - %s\n",bio->method->name);
+		break;
+	case BIO_CB_GETS:
+		sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
+		break;
+	case BIO_CB_CTRL:
+		sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
+		break;
+	case BIO_CB_RETURN|BIO_CB_READ:
+		sprintf(p,"read return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_WRITE:
+		sprintf(p,"write return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_GETS:
+		sprintf(p,"gets return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_PUTS:
+		sprintf(p,"puts return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_CTRL:
+		sprintf(p,"ctrl return %ld\n",ret);
+		break;
+	default:
+		sprintf(p,"bio callback - unknown type (%d)\n",cmd);
+		break;
+		}
+
+	b=(BIO *)bio->cb_arg;
+	if (b != NULL)
+		BIO_write(b,buf,strlen(buf));
+#ifndef WIN16
+	else
+		fputs(buf,stderr);
+#endif
+	return(r);
+	}
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..b78878fcb8976cfdfd1eaf0d61ce3b18a7319eba
--- /dev/null
+++ b/crypto/bio/bio_err.c
@@ -0,0 +1,121 @@
+/* lib/bio/bio_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "bio.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA BIO_str_functs[]=
+	{
+{ERR_PACK(0,BIO_F_ACPT_STATE,0),	"ACPT_STATE"},
+{ERR_PACK(0,BIO_F_BIO_ACCEPT,0),	"BIO_accept"},
+{ERR_PACK(0,BIO_F_BIO_CTRL,0),	"BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETS,0),	"BIO_gets"},
+{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),	"BIO_get_accept_socket"},
+{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),	"BIO_get_host_ip"},
+{ERR_PACK(0,BIO_F_BIO_GET_PORT,0),	"BIO_get_port"},
+{ERR_PACK(0,BIO_F_BIO_NEW,0),	"BIO_new"},
+{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0),	"BIO_new_file"},
+{ERR_PACK(0,BIO_F_BIO_PUTS,0),	"BIO_puts"},
+{ERR_PACK(0,BIO_F_BIO_READ,0),	"BIO_read"},
+{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0),	"BIO_sock_init"},
+{ERR_PACK(0,BIO_F_BIO_WRITE,0),	"BIO_write"},
+{ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
+{ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
+{ERR_PACK(0,BIO_F_WSASTARTUP,0),	"WSASTARTUP"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA BIO_str_reasons[]=
+	{
+{BIO_R_ACCEPT_ERROR                      ,"accept error"},
+{BIO_R_BAD_FOPEN_MODE                    ,"bad fopen mode"},
+{BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
+{BIO_R_CONNECT_ERROR                     ,"connect error"},
+{BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
+{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
+{BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
+{BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
+{BIO_R_NO_HOSTHNAME_SPECIFIED            ,"no hosthname specified"},
+{BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
+{BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
+{BIO_R_NULL_PARAMETER                    ,"null parameter"},
+{BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
+{BIO_R_UNABLE_TO_CREATE_SOCKET           ,"unable to create socket"},
+{BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
+{BIO_R_UNINITALISED                      ,"uninitalised"},
+{BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
+{BIO_R_WSASTARTUP                        ,"wsastartup"},
+{0,NULL},
+	};
+
+void ERR_load_BIO_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
+		ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+		}
+	}
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
new file mode 100644
index 0000000000000000000000000000000000000000..78e896f9aec0d1077c77c32589ce7ab6398e4091
--- /dev/null
+++ b/crypto/bio/bio_lib.c
@@ -0,0 +1,447 @@
+/* crypto/bio/bio_lib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+
+BIO *BIO_new(method)
+BIO_METHOD *method;
+	{
+	BIO *ret=NULL;
+
+	ret=(BIO *)Malloc(sizeof(BIO));
+	if (ret == NULL)
+		{
+		BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	if (!BIO_set(ret,method))
+		{
+		Free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
+
+int BIO_set(bio,method)
+BIO *bio;
+BIO_METHOD *method;
+	{
+	bio->method=method;
+	bio->callback=NULL;
+	bio->cb_arg=NULL;
+	bio->init=0;
+	bio->shutdown=1;
+	bio->num=0;
+	bio->flags=0;
+	bio->retry_reason=0;
+	bio->ptr=NULL;
+	bio->prev_bio=NULL;
+	bio->next_bio=NULL;
+	bio->references=1;
+	bio->num_read=0L;
+	bio->num_write=0L;
+	if (method->create != NULL)
+		if (!method->create(bio))
+			return(0);
+	return(1);
+	}
+
+int BIO_free(a)
+BIO *a;
+	{
+	int ret=0,i;
+
+	if (a == NULL) return(0);
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
+
+        if (i > 0) return(1);
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"BIO_free, bad reference count\n");
+		abort();
+		}
+#endif
+	if ((a->callback != NULL) &&
+		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
+			return(i);
+
+	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
+	ret=a->method->destroy(a);
+	Free(a);
+	return(1);
+	}
+
+int BIO_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int i;
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
+		{
+		BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	if ((b->callback != NULL) &&
+		((i=(int)b->callback(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITALISED);
+		return(-2);
+		}
+
+	i=b->method->bread(b,out,outl);
+	if (i > 0) b->num_read+=(unsigned long)i;
+
+	if (b->callback != NULL)
+		i=(int)b->callback(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
+			0L,(long)i);
+	return(i);
+	}
+
+int BIO_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int i;
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bwrite == NULL))
+		{
+		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	if ((b->callback != NULL) &&
+		((i=(int)b->callback(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITALISED);
+		return(-2);
+		}
+
+	i=b->method->bwrite(b,in,inl);
+	if (i > 0) b->num_write+=(unsigned long)i;
+
+	if (b->callback != NULL)
+		i=(int)b->callback(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
+			0L,(long)i);
+	return(i);
+	}
+
+int BIO_puts(b,in)
+BIO *b;
+char *in;
+	{
+	int i;
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
+		{
+		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	if ((b->callback != NULL) &&
+		((i=(int)b->callback(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITALISED);
+		return(-2);
+		}
+
+	i=b->method->bputs(b,in);
+
+	if (b->callback != NULL)
+		i=(int)b->callback(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
+			0L,(long)i);
+	return(i);
+	}
+
+int BIO_gets(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int i;
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
+		{
+		BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	if ((b->callback != NULL) &&
+		((i=(int)b->callback(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITALISED);
+		return(-2);
+		}
+
+	i=b->method->bgets(b,in,inl);
+
+	if (b->callback != NULL)
+		i=(int)b->callback(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
+			0L,(long)i);
+	return(i);
+	}
+
+long BIO_ctrl_int(b,cmd,larg,iarg)
+BIO *b;
+int cmd;
+long larg;
+int iarg;
+	{
+	int i;
+
+	i=iarg;
+	return(BIO_ctrl(b,cmd,larg,(char *)&i));
+	}
+
+long BIO_ctrl(b,cmd,larg,parg)
+BIO *b;
+int cmd;
+long larg;
+char *parg;
+	{
+	long ret;
+
+	if (b == NULL) return(0);
+
+	if ((b->method == NULL) || (b->method->ctrl == NULL))
+		{
+		BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	if ((b->callback != NULL) &&
+		((ret=b->callback(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
+		return(ret);
+
+	ret=b->method->ctrl(b,cmd,larg,parg);
+
+	if (b->callback != NULL)
+		ret=b->callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
+			larg,ret);
+	return(ret);
+	}
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(b,bio)
+BIO *b,*bio;
+	{
+	BIO *lb;
+
+	if (b == NULL) return(bio);
+	lb=b;
+	while (lb->next_bio != NULL)
+		lb=lb->next_bio;
+	lb->next_bio=bio;
+	if (bio != NULL)
+		bio->prev_bio=lb;
+	BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+	return(b);
+	}
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(b)
+BIO *b;
+	{
+	BIO *ret;
+
+	if (b == NULL) return(NULL);
+	ret=b->next_bio;
+
+	if (b->prev_bio != NULL)
+		b->prev_bio->next_bio=b->next_bio;
+	if (b->next_bio != NULL)
+		b->next_bio->prev_bio=b->prev_bio;
+
+	b->next_bio=NULL;
+	b->prev_bio=NULL;
+	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+	return(ret);
+	}
+
+BIO *BIO_get_retry_BIO(bio,reason)
+BIO *bio;
+int *reason;
+	{
+	BIO *b,*last;
+
+	b=last=bio;
+	for (;;)
+		{
+		if (!BIO_should_retry(b)) break;
+		last=b;
+		b=b->next_bio;
+		if (b == NULL) break;
+		}
+	if (reason != NULL) *reason=last->retry_reason;
+	return(last);
+	}
+
+int BIO_get_retry_reason(bio)
+BIO *bio;
+	{
+	return(bio->retry_reason);
+	}
+
+BIO *BIO_find_type(bio,type)
+BIO *bio;
+int type;
+	{
+	int mt,mask;
+
+	mask=type&0xff;
+	do	{
+		if (bio->method != NULL)
+			{
+			mt=bio->method->type;
+
+			if (!mask)
+				{
+				if (mt & type) return(bio);
+				}
+			else if (mt == type)
+				return(bio);
+			}
+		bio=bio->next_bio;
+		} while (bio != NULL);
+	return(NULL);
+	}
+
+void BIO_free_all(bio)
+BIO *bio;
+	{
+	BIO *b;
+	int ref;
+
+	while (bio != NULL)
+		{
+		b=bio;
+		ref=b->references;
+		bio=bio->next_bio;
+		BIO_free(b);
+		/* Since ref count > 1, don't free anyone else. */
+		if (ref > 1) break;
+		}
+	}
+
+BIO *BIO_dup_chain(in)
+BIO *in;
+	{
+	BIO *ret=NULL,*eoc=NULL,*bio,*new;
+
+	for (bio=in; bio != NULL; bio=bio->next_bio)
+		{
+		if ((new=BIO_new(bio->method)) == NULL) goto err;
+		new->callback=bio->callback;
+		new->cb_arg=bio->cb_arg;
+		new->init=bio->init;
+		new->shutdown=bio->shutdown;
+		new->flags=bio->flags;
+
+		/* This will let SSL_s_sock() work with stdin/stdout */
+		new->num=bio->num;
+
+		if (!BIO_dup_state(bio,(char *)new))
+			{
+			BIO_free(new);
+			goto err;
+			}
+		if (ret == NULL)
+			{
+			eoc=new;
+			ret=eoc;
+			}
+		else
+			{
+			BIO_push(eoc,new);
+			eoc=new;
+			}
+		}
+	return(ret);
+err:
+	if (ret != NULL)
+		BIO_free(ret);
+	return(NULL);	
+	}
+
+void BIO_copy_next_retry(b)
+BIO *b;
+	{
+	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
+	b->retry_reason=b->next_bio->retry_reason;
+	}
+
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
new file mode 100644
index 0000000000000000000000000000000000000000..251474198b505e0ee16f57651382f36f16efbfcc
--- /dev/null
+++ b/crypto/bio/bss_acpt.c
@@ -0,0 +1,484 @@
+/* crypto/bio/bss_acpt.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SOCK
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+
+/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+typedef struct bio_accept_st
+	{
+	int state;
+	char *param_addr;
+
+	int accept_sock;
+	int accept_nbio;
+
+	char *addr;
+	int nbio;
+	BIO *bio_chain;
+	} BIO_ACCEPT;
+
+#ifndef NOPROTO
+static int acpt_write(BIO *h,char *buf,int num);
+static int acpt_read(BIO *h,char *buf,int size);
+static int acpt_puts(BIO *h,char *str);
+static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+#else
+static int acpt_write();
+static int acpt_read();
+static int acpt_puts();
+static long acpt_ctrl();
+static int acpt_new();
+static int acpt_free();
+#endif
+
+#ifndef NOPROTO
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+BIO_ACCEPT *BIO_ACCEPT_new(void );
+void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+#else
+
+static int acpt_state();
+static void acpt_close_socket();
+BIO_ACCEPT *BIO_ACCEPT_new();
+void BIO_ACCEPT_free();
+#endif
+
+#define ACPT_S_BEFORE			1
+#define ACPT_S_GET_ACCEPT_SOCKET	2
+#define ACPT_S_OK			3
+
+static BIO_METHOD methods_acceptp=
+	{
+	BIO_TYPE_ACCEPT,"socket accept",
+	acpt_write,
+	acpt_read,
+	acpt_puts,
+	NULL, /* connect_gets, */
+	acpt_ctrl,
+	acpt_new,
+	acpt_free,
+	};
+
+BIO_METHOD *BIO_s_accept()
+	{
+	return(&methods_acceptp);
+	}
+
+static int acpt_new(bi)
+BIO *bi;
+	{
+	BIO_ACCEPT *ba;
+
+	bi->init=0;
+	bi->num=INVALID_SOCKET;
+	bi->flags=0;
+	if ((ba=BIO_ACCEPT_new()) == NULL)
+		return(0);
+	bi->ptr=(char *)ba;
+	ba->state=ACPT_S_BEFORE;
+	bi->shutdown=1;
+	return(1);
+	}
+
+BIO_ACCEPT *BIO_ACCEPT_new()
+	{
+	BIO_ACCEPT *ret;
+
+	if ((ret=(BIO_ACCEPT *)Malloc(sizeof(BIO_ACCEPT))) == NULL)
+		return(NULL);
+
+	memset(ret,0,sizeof(BIO_ACCEPT));
+	ret->accept_sock=INVALID_SOCKET;
+	return(ret);
+	}
+
+void BIO_ACCEPT_free(a)
+BIO_ACCEPT *a;
+	{
+	if (a->param_addr != NULL) Free(a->param_addr);
+	if (a->addr != NULL) Free(a->addr);
+	if (a->bio_chain != NULL) BIO_free(a->bio_chain);
+	Free(a);
+	}
+
+static void acpt_close_socket(bio)
+BIO *bio;
+	{
+	BIO_ACCEPT *c;
+
+	c=(BIO_ACCEPT *)bio->ptr;
+	if (c->accept_sock != INVALID_SOCKET)
+		{
+		shutdown(c->accept_sock,2);
+# ifdef WINDOWS
+		closesocket(c->accept_sock);
+# else
+		close(c->accept_sock);
+# endif
+		c->accept_sock=INVALID_SOCKET;
+		bio->num=INVALID_SOCKET;
+		}
+	}
+
+static int acpt_free(a)
+BIO *a;
+	{
+	BIO_ACCEPT *data;
+
+	if (a == NULL) return(0);
+	data=(BIO_ACCEPT *)a->ptr;
+	 
+	if (a->shutdown)
+		{
+		acpt_close_socket(a);
+		BIO_ACCEPT_free(data);
+		a->ptr=NULL;
+		a->flags=0;
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int acpt_state(b,c)
+BIO *b;
+BIO_ACCEPT *c;
+	{
+	BIO *bio=NULL,*dbio;
+	unsigned long l=1;
+	int s= -1;
+	int i;
+
+again:
+	switch (c->state)
+		{
+	case ACPT_S_BEFORE:
+		if (c->param_addr == NULL)
+			{
+			BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+			return(-1);
+			}
+		s=BIO_get_accept_socket(c->param_addr);
+		if (s == INVALID_SOCKET)
+			return(-1);
+
+#ifdef FIONBIO
+		if (c->accept_nbio)
+			{
+			i=BIO_socket_ioctl(b->num,FIONBIO,&l);
+			if (i < 0)
+				{
+#ifdef WINDOWS
+				closesocket(s);
+#else
+				close(s);
+# endif
+				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+				return(-1);
+				}
+			}
+#endif
+		c->accept_sock=s;
+		b->num=s;
+		c->state=ACPT_S_GET_ACCEPT_SOCKET;
+		return(1);
+		break;
+	case ACPT_S_GET_ACCEPT_SOCKET:
+		if (b->next_bio != NULL)
+			{
+			c->state=ACPT_S_OK;
+			goto again;
+			}
+		i=BIO_accept(c->accept_sock,&(c->addr));
+		if (i < 0) return(i);
+		bio=BIO_new_socket(i,BIO_CLOSE);
+		if (bio == NULL) goto err;
+
+		BIO_set_callback(bio,BIO_get_callback(b));
+		BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
+
+#ifdef FIONBIO
+		if (c->nbio)
+			{
+			i=BIO_socket_ioctl(i,FIONBIO,&l);
+			if (i < 0)
+				{
+				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+				goto err;
+				}
+			}
+#endif
+
+		/* If the accept BIO has an bio_chain, we dup it and
+		 * put the new socket at the end. */
+		if (c->bio_chain != NULL)
+			{
+			if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
+				goto err;
+			if (!BIO_push(dbio,bio)) goto err;
+			bio=dbio;
+			}
+		if (BIO_push(b,bio) == NULL) goto err;
+
+		c->state=ACPT_S_OK;
+		return(1);
+err:
+		if (bio != NULL)
+			BIO_free(bio);
+		else if (s >= 0)
+			{
+#ifdef WINDOWS
+			closesocket(s);
+#else
+			close(s);
+# endif
+			}
+		return(0);
+		break;
+	case ACPT_S_OK:
+		if (b->next_bio == NULL)
+			{
+			c->state=ACPT_S_GET_ACCEPT_SOCKET;
+			goto again;
+			}
+		return(1);
+		break;
+	default:	
+		return(0);
+		break;
+		}
+
+	}
+
+static int acpt_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret=0;
+	BIO_ACCEPT *data;
+
+        BIO_clear_retry_flags(b);
+	data=(BIO_ACCEPT *)b->ptr;
+
+	while (b->next_bio == NULL)
+		{
+		ret=acpt_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	ret=BIO_read(b->next_bio,out,outl);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int acpt_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret;
+	BIO_ACCEPT *data;
+
+	BIO_clear_retry_flags(b);
+	data=(BIO_ACCEPT *)b->ptr;
+
+	while (b->next_bio == NULL)
+		{
+		ret=acpt_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	ret=BIO_write(b->next_bio,in,inl);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long acpt_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	BIO *dbio;
+	int *ip;
+	long ret=1;
+	BIO_ACCEPT *data;
+
+	data=(BIO_ACCEPT *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ret=0;
+		data->state=ACPT_S_BEFORE;
+		acpt_close_socket(b);
+		b->flags=0;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		/* use this one to start the connection */
+		ret=(long)acpt_state(b,data);
+		break;
+	case BIO_C_SET_ACCEPT:
+		if (ptr != NULL)
+			{
+			if (num == 0)
+				{
+				b->init=1;
+				if (data->param_addr != NULL)
+					Free(data->param_addr);
+				data->param_addr=BUF_strdup(ptr);
+				}
+			else if (num == 1)
+				{
+				data->accept_nbio=(ptr != NULL);
+				}
+			else if (num == 2)
+				{
+				if (data->bio_chain != NULL)
+					BIO_free(data->bio_chain);
+				data->bio_chain=(BIO *)ptr;
+				}
+			}
+		break;
+	case BIO_C_SET_NBIO:
+		data->nbio=(int)num;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL)
+				*ip=data->accept_sock;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_FLUSH:
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+/*		if (data->param_port) EAY EAY
+			BIO_set_port(dbio,data->param_port);
+		if (data->param_hostname)
+			BIO_set_hostname(dbio,data->param_hostname);
+		BIO_set_nbio(dbio,data->nbio); */
+		break;
+
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int acpt_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=acpt_write(bp,str,n);
+	return(ret);
+	}
+
+BIO *BIO_new_accept(str)
+char *str;
+	{
+	BIO *ret;
+
+	ret=BIO_new(BIO_s_accept());
+	if (ret == NULL) return(NULL);
+	if (BIO_set_accept_port(ret,str))
+		return(ret);
+	else
+		{
+		BIO_free(ret);
+		return(NULL);
+		}
+	}
+
+#endif
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
new file mode 100644
index 0000000000000000000000000000000000000000..4e31e3c1f8a527ffd8b2c8539d9c3a5e742ea28e
--- /dev/null
+++ b/crypto/bio/bss_conn.c
@@ -0,0 +1,558 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SOCK
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+
+/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+typedef struct bio_connect_st
+	{
+	int state;
+
+	char *param_hostname;
+	char *param_port;
+	int nbio;
+
+	unsigned char ip[4];
+	short port;
+
+	struct sockaddr_in them;
+
+	/* int socket; this will be kept in bio->num so that it is
+	 * compatable with the bss_sock bio */ 
+	int error;
+	} BIO_CONNECT;
+
+#ifndef NOPROTO
+static int conn_write(BIO *h,char *buf,int num);
+static int conn_read(BIO *h,char *buf,int size);
+static int conn_puts(BIO *h,char *str);
+static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+#else
+static int conn_write();
+static int conn_read();
+static int conn_puts();
+static long conn_ctrl();
+static int conn_new();
+static int conn_free();
+#endif
+
+#ifndef NOPROTO
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void );
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+#else
+
+static int conn_state();
+static void conn_close_socket();
+BIO_CONNECT *BIO_CONNECT_new();
+void BIO_CONNECT_free();
+
+#endif
+
+#define CONN_S_BEFORE		1
+#define CONN_S_GET_IP		2
+#define CONN_S_GET_PORT		3
+#define CONN_S_CREATE_SOCKET	4
+#define CONN_S_CONNECT		5
+#define CONN_S_OK		6
+#define CONN_S_BLOCKED_CONNECT	7
+#define CONN_S_NBIO		8
+
+static BIO_METHOD methods_connectp=
+	{
+	BIO_TYPE_CONNECT,"socket connect",
+	conn_write,
+	conn_read,
+	conn_puts,
+	NULL, /* connect_gets, */
+	conn_ctrl,
+	conn_new,
+	conn_free,
+	};
+
+static int conn_state(b,c)
+BIO *b;
+BIO_CONNECT *c;
+	{
+	int ret= -1,i;
+	unsigned long l;
+	char *p,*q;
+
+	switch (c->state)
+		{
+	case CONN_S_BEFORE:
+		p=c->param_hostname;
+		if (p == NULL)
+			{
+			BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED);
+			break;
+			}
+		for ( ; *p != '\0'; p++)
+			{
+			if ((*p == ':') || (*p == '/')) break;
+			}
+
+		i= *p;
+		if ((i == ':') || (i == '/'))
+			{
+
+			*(p++)='\0';
+			if (i == ':')
+				{
+				for (q=p; *q; q++)
+					if (*q == '/')
+						{
+						*q='\0';
+						break;
+						}
+				if (c->param_port != NULL)
+					Free(c->param_port);
+				c->param_port=BUF_strdup(p);
+				}
+			}
+
+		if (p == NULL)
+			{
+			BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+			break;
+			}
+		c->state=CONN_S_GET_IP;
+
+	case CONN_S_GET_IP:
+		if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+			break;
+		c->state=CONN_S_GET_PORT;
+
+	case CONN_S_GET_PORT:
+		if (BIO_get_port(c->param_port,&c->port) <= 0)
+			break;
+		c->state=CONN_S_CREATE_SOCKET;
+
+	case CONN_S_CREATE_SOCKET:
+		/* now setup address */
+		memset((char *)&c->them,0,sizeof(c->them));
+		c->them.sin_family=AF_INET;
+		c->them.sin_port=htons((unsigned short)c->port);
+		l=(unsigned long)
+			((unsigned long)c->ip[0]<<24L)|
+			((unsigned long)c->ip[1]<<16L)|
+			((unsigned long)c->ip[2]<< 8L)|
+			((unsigned long)c->ip[3]);
+		c->them.sin_addr.s_addr=htonl(l);
+		c->state=CONN_S_CREATE_SOCKET;
+
+		ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+		if (ret == INVALID_SOCKET)
+			{
+			SYSerr(SYS_F_SOCKET,errno);
+			BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+			break;
+			}
+		b->num=ret;
+		c->state=CONN_S_NBIO;
+
+	case CONN_S_NBIO:
+#ifdef FIONBIO
+		if (c->nbio)
+			{
+			l=1;
+			ret=BIO_socket_ioctl(b->num,FIONBIO,&l);
+			if (ret < 0)
+				{
+				BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
+				break;
+				}
+			}
+#endif
+		c->state=CONN_S_CONNECT;
+
+	case CONN_S_CONNECT:
+		BIO_clear_retry_flags(b);
+		ret=connect(b->num,
+			(struct sockaddr *)&c->them,
+			sizeof(c->them));
+		b->retry_reason=0;
+		if (ret < 0)
+			{
+			if (BIO_sock_should_retry(ret))
+				{
+				BIO_set_retry_special(b);
+				c->state=CONN_S_BLOCKED_CONNECT;
+				b->retry_reason=BIO_RR_CONNECT;
+				}
+			else
+				{
+				SYSerr(SYS_F_CONNECT,errno);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+				}
+			}
+		else
+			{
+			ret=1;
+			c->state=CONN_S_OK;
+			}
+		break;
+
+	case CONN_S_BLOCKED_CONNECT:
+		BIO_clear_retry_flags(b);
+		i=BIO_sock_error(b->num);
+		if (i)
+			{
+			SYSerr(SYS_F_CONNECT,i);
+			BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+			}
+		else
+			{
+			c->state=CONN_S_OK;
+			ret=1;
+			}
+		break;
+
+	case CONN_S_OK:
+		ret=1;
+		break;
+	default:
+		abort();
+		}
+	return(ret);
+	}
+
+BIO_CONNECT *BIO_CONNECT_new()
+	{
+	BIO_CONNECT *ret;
+
+	if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL)
+		return(NULL);
+	ret->state=CONN_S_BEFORE;
+	ret->param_hostname=NULL;
+	ret->param_port=NULL;
+	ret->nbio=0;
+	ret->ip[0]=0;
+	ret->ip[1]=0;
+	ret->ip[2]=0;
+	ret->ip[3]=0;
+	ret->port=0;
+	memset((char *)&ret->them,0,sizeof(ret->them));
+	ret->error=0;
+	return(ret);
+	}
+
+void BIO_CONNECT_free(a)
+BIO_CONNECT *a;
+	{
+	if (a->param_hostname != NULL)
+		Free(a->param_hostname);
+	if (a->param_port != NULL)
+		Free(a->param_port);
+	Free(a);
+	}
+
+BIO_METHOD *BIO_s_connect()
+	{
+	return(&methods_connectp);
+	}
+
+static int conn_new(bi)
+BIO *bi;
+	{
+	bi->init=0;
+	bi->num=INVALID_SOCKET;
+	bi->flags=0;
+	if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
+		return(0);
+	else
+		return(1);
+	}
+
+static void conn_close_socket(bio)
+BIO *bio;
+	{
+	BIO_CONNECT *c;
+
+	c=(BIO_CONNECT *)bio->ptr;
+	if (bio->num != INVALID_SOCKET)
+		{
+		/* Only do a shutdown if things were established */
+		if (c->state == CONN_S_OK)
+			shutdown(bio->num,2);
+# ifdef WINDOWS
+		closesocket(bio->num);
+# else
+		close(bio->num);
+# endif
+		bio->num=INVALID_SOCKET;
+		}
+	}
+
+static int conn_free(a)
+BIO *a;
+	{
+	BIO_CONNECT *data;
+
+	if (a == NULL) return(0);
+	data=(BIO_CONNECT *)a->ptr;
+	 
+	if (a->shutdown)
+		{
+		conn_close_socket(a);
+		BIO_CONNECT_free(data);
+		a->ptr=NULL;
+		a->flags=0;
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int conn_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret=0;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+	if (data->state != CONN_S_OK)
+		{
+		ret=conn_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	if (out != NULL)
+		{
+		errno=0;
+#if defined(WINDOWS)
+		ret=recv(b->num,out,outl,0);
+#else
+		ret=read(b->num,out,outl);
+#endif
+		BIO_clear_retry_flags(b);
+		if (ret <= 0)
+			{
+			if (BIO_sock_should_retry(ret))
+				BIO_set_retry_read(b);
+			}
+		}
+	return(ret);
+	}
+
+static int conn_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+	if (data->state != CONN_S_OK)
+		{
+		ret=conn_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	errno=0;
+#if defined(WINDOWS)
+	ret=send(b->num,in,inl,0);
+#else
+	ret=write(b->num,in,inl);
+#endif
+	BIO_clear_retry_flags(b);
+	if (ret <= 0)
+		{
+		if (BIO_sock_should_retry(ret))
+			BIO_set_retry_write(b);
+		}
+	return(ret);
+	}
+
+static long conn_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	BIO *dbio;
+	int *ip;
+	long ret=1;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ret=0;
+		data->state=CONN_S_BEFORE;
+		conn_close_socket(b);
+		b->flags=0;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		/* use this one to start the connection */
+		if (!data->state != CONN_S_OK)
+			ret=(long)conn_state(b,data);
+		else
+			ret=1;
+		break;
+	case BIO_C_SET_CONNECT:
+		if (ptr != NULL)
+			{
+			b->init=1;
+			if (num == 0)
+				{
+				if (data->param_hostname != NULL)
+					Free(data->param_hostname);
+				data->param_hostname=BUF_strdup(ptr);
+				}
+			else if (num == 1)
+				{
+				if (data->param_port != NULL)
+					Free(data->param_port);
+				data->param_port=BUF_strdup(ptr);
+				}
+			}
+		break;
+	case BIO_C_SET_NBIO:
+		data->nbio=(int)num;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL)
+				*ip=b->num;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_FLUSH:
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (data->param_port)
+			BIO_set_port(dbio,data->param_port);
+		if (data->param_hostname)
+			BIO_set_hostname(dbio,data->param_hostname);
+		BIO_set_nbio(dbio,data->nbio);
+		break;
+
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int conn_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=conn_write(bp,str,n);
+	return(ret);
+	}
+
+BIO *BIO_new_connect(str)
+char *str;
+	{
+	BIO *ret;
+
+	ret=BIO_new(BIO_s_connect());
+	if (ret == NULL) return(NULL);
+	if (BIO_set_hostname(ret,str))
+		return(ret);
+	else
+		{
+		BIO_free(ret);
+		return(NULL);
+		}
+	}
+
+#endif
+
diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
new file mode 100644
index 0000000000000000000000000000000000000000..06ae229ff6b938915aac1a3c1dc9c188e3bd0750
--- /dev/null
+++ b/crypto/bio/bss_fd.c
@@ -0,0 +1,62 @@
+/* crypto/bio/bss_fd.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define BIO_FD
+#include "bss_sock.c"
+#undef BIO_FD
+
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
new file mode 100644
index 0000000000000000000000000000000000000000..33c18e744bd1d1a832d5a0b0c1979d89a5691792
--- /dev/null
+++ b/crypto/bio/bss_file.c
@@ -0,0 +1,334 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+#include "err.h"
+
+#ifndef NOPROTO
+static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
+static int MS_CALLBACK file_puts(BIO *h,char *str);
+static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
+static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+#else
+static int MS_CALLBACK file_write();
+static int MS_CALLBACK file_read();
+static int MS_CALLBACK file_puts();
+static int MS_CALLBACK file_gets();
+static long MS_CALLBACK file_ctrl();
+static int MS_CALLBACK file_new();
+static int MS_CALLBACK file_free();
+#endif
+
+static BIO_METHOD methods_filep=
+	{
+	BIO_TYPE_FILE,"FILE pointer",
+	file_write,
+	file_read,
+	file_puts,
+	file_gets,
+	file_ctrl,
+	file_new,
+	file_free,
+	};
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+BIO *BIO_new_file(filename,mode)
+char *filename;
+char *mode;
+	{
+	BIO *ret;
+	FILE *file;
+
+	if ((file=fopen(filename,mode)) == NULL)
+		{
+		SYSerr(SYS_F_FOPEN,errno);
+		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+		return(NULL);
+		}
+
+	if ((ret=BIO_new(BIO_s_file())) == NULL)
+		return(NULL);
+#if 0
+	if ((ret=BIO_new(BIO_s_file_internal_w16())) == NULL)
+		return(NULL);
+#endif
+
+	BIO_set_fp(ret,file,BIO_CLOSE);
+	return(ret);
+	}
+
+BIO *BIO_new_fp(stream,close_flag)
+FILE *stream;
+int close_flag;
+	{
+	BIO *ret;
+
+	if ((ret=BIO_new(BIO_s_file())) == NULL)
+		return(NULL);
+#if 0
+	if ((ret=BIO_new(BIO_s_file_internal_w16())) == NULL)
+#endif
+
+	BIO_set_fp(ret,stream,close_flag);
+	return(ret);
+	}
+#endif /* !APPS_WIN16 */
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+
+BIO_METHOD *BIO_s_file()
+	{
+	return(&methods_filep);
+	}
+
+#else
+
+BIO_METHOD *BIO_s_file_internal_w16()
+	{
+	return(&methods_filep);
+	}
+
+#endif
+
+static int MS_CALLBACK file_new(bi)
+BIO *bi;
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	return(1);
+	}
+
+static int MS_CALLBACK file_free(a)
+BIO *a;
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if ((a->init) && (a->ptr != NULL))
+			{
+			fclose((FILE *)a->ptr);
+			a->ptr=NULL;
+			}
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int MS_CALLBACK file_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret=0;
+
+	if (b->init && (out != NULL))
+		{
+		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+		}
+	return(ret);
+	}
+
+static int MS_CALLBACK file_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret=0;
+
+	if (b->init && (in != NULL))
+		{
+		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
+			ret=inl;
+		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+		/* acording to Tim Hudson , the commented
+		 * out version above can cause 'inl' write calls under
+		 * some stupid stdio implementations (VMS) */
+		}
+	return(ret);
+	}
+
+static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret=1;
+	FILE *fp=(FILE *)b->ptr;
+	FILE **fpp;
+	char p[4];
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ret=(long)fseek(fp,num,0);
+		break;
+	case BIO_CTRL_EOF:
+		ret=(long)feof(fp);
+		break;
+	case BIO_CTRL_INFO:
+		ret=ftell(fp);
+		break;
+	case BIO_C_SET_FILE_PTR:
+		file_free(b);
+		b->shutdown=(int)num;
+		b->ptr=(char *)ptr;
+		b->init=1;
+		break;
+	case BIO_C_SET_FILENAME:
+		file_free(b);
+		b->shutdown=(int)num&BIO_CLOSE;
+		if (num & BIO_FP_APPEND)
+			{
+			if (num & BIO_FP_READ)
+				strcpy(p,"a+");
+			else	strcpy(p,"a");
+			}
+		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+			strcpy(p,"r+");
+		else if (num & BIO_FP_WRITE)
+			strcpy(p,"w");
+		else if (num & BIO_FP_READ)
+			strcpy(p,"r");
+		else
+			{
+			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+			ret=0;
+			break;
+			}
+#if defined(MSDOS) || defined(WINDOWS)
+		if (!(num & BIO_FP_TEXT))
+			strcat(p,"b");
+		else
+			strcat(p,"t");
+#endif
+		fp=fopen(ptr,p);
+		if (fp == NULL)
+			{
+			SYSerr(SYS_F_FOPEN,errno);
+			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+			ret=0;
+			break;
+			}
+		b->ptr=(char *)fp;
+		b->init=1;
+		break;
+	case BIO_C_GET_FILE_PTR:
+		/* the ptr parameter is actually a FILE ** in this case. */
+		if (ptr != NULL)
+			{
+			fpp=(FILE **)ptr;
+			*fpp=(FILE *)b->ptr;
+			}
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=(long)b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_FLUSH:
+		fflush((FILE *)b->ptr);
+		break;
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+
+	case BIO_CTRL_WPENDING:
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_PUSH:
+	case BIO_CTRL_POP:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int MS_CALLBACK file_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	int ret=0;
+
+	buf[0]='\0';
+	fgets(buf,size,(FILE *)bp->ptr);
+	if (buf[0] != '\0')
+		ret=strlen(buf);
+	return(ret);
+	}
+
+static int MS_CALLBACK file_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=file_write(bp,str,n);
+	return(ret);
+	}
+
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
new file mode 100644
index 0000000000000000000000000000000000000000..9b4cf40acf847eefbaeeec4f26d7bc2149f87ab7
--- /dev/null
+++ b/crypto/bio/bss_mem.c
@@ -0,0 +1,296 @@
+/* crypto/bio/bss_mem.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+
+#ifndef NOPROTO
+static int mem_write(BIO *h,char *buf,int num);
+static int mem_read(BIO *h,char *buf,int size);
+static int mem_puts(BIO *h,char *str);
+static int mem_gets(BIO *h,char *str,int size);
+static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int mem_new(BIO *h);
+static int mem_free(BIO *data);
+#else
+static int mem_write();
+static int mem_read();
+static int mem_puts();
+static int mem_gets();
+static long mem_ctrl();
+static int mem_new();
+static int mem_free();
+#endif
+
+static BIO_METHOD mem_method=
+	{
+	BIO_TYPE_MEM,"memory buffer",
+	mem_write,
+	mem_read,
+	mem_puts,
+	mem_gets,
+	mem_ctrl,
+	mem_new,
+	mem_free,
+	};
+
+BIO_METHOD *BIO_s_mem()
+	{
+	return(&mem_method);
+	}
+
+static int mem_new(bi)
+BIO *bi;
+	{
+	BUF_MEM *b;
+
+	if ((b=BUF_MEM_new()) == NULL)
+		return(0);
+	bi->shutdown=1;
+	bi->init=1;
+	bi->num=0;
+	bi->ptr=(char *)b;
+	return(1);
+	}
+
+static int mem_free(a)
+BIO *a;
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if ((a->init) && (a->ptr != NULL))
+			{
+			BUF_MEM_free((BUF_MEM *)a->ptr);
+			a->ptr=NULL;
+			}
+		}
+	return(1);
+	}
+	
+static int mem_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret= -1;
+	BUF_MEM *bm;
+	int i;
+	char *from,*to;
+
+	bm=(BUF_MEM *)b->ptr;
+	BIO_clear_retry_flags(b);
+	ret=(outl > bm->length)?bm->length:outl;
+	if ((out != NULL) && (ret > 0))
+		{
+		memcpy(out,bm->data,ret);
+		bm->length-=ret;
+		/* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+		from=(char *)&(bm->data[ret]);
+		to=(char *)&(bm->data[0]);
+		for (i=0; ilength; i++)
+			to[i]=from[i];
+		}
+	else if (bm->length == 0)
+		{
+		BIO_set_retry_read(b);
+		ret= -1;
+		}
+	return(ret);
+	}
+
+static int mem_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret= -1;
+	int blen;
+	BUF_MEM *bm;
+
+	bm=(BUF_MEM *)b->ptr;
+	if (in == NULL)
+		{
+		BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
+		goto end;
+		}
+
+	BIO_clear_retry_flags(b);
+	blen=bm->length;
+	if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
+		goto end;
+	memcpy(&(bm->data[blen]),in,inl);
+	ret=inl;
+end:
+	return(ret);
+	}
+
+static long mem_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret=1;
+	char **pptr;
+
+	BUF_MEM *bm=(BUF_MEM *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		if (bm->data != NULL)
+			memset(bm->data,0,bm->max);
+		bm->length=0;
+		break;
+	case BIO_CTRL_EOF:
+		ret=(long)(bm->length == 0);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)bm->length;
+		if (ptr != NULL)
+			{
+			pptr=(char **)ptr;
+			*pptr=(char *)&(bm->data[0]);
+			}
+		break;
+	case BIO_C_SET_BUF_MEM:
+		mem_free(b);
+		b->shutdown=(int)num;
+		b->ptr=ptr;
+		break;
+	case BIO_C_GET_BUF_MEM_PTR:
+		if (ptr != NULL)
+			{
+			pptr=(char **)ptr;
+			*pptr=(char *)bm;
+			}
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=(long)b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+
+	case BIO_CTRL_WPENDING:
+		ret=0L;
+		break;
+	case BIO_CTRL_PENDING:
+		ret=(long)bm->length;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		ret=1;
+		break;
+	case BIO_CTRL_PUSH:
+	case BIO_CTRL_POP:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int mem_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	int i,j;
+	int ret= -1;
+	char *p;
+	BUF_MEM *bm=(BUF_MEM *)bp->ptr;
+
+	BIO_clear_retry_flags(bp);
+	j=bm->length;
+	if (j <= 0) return(0);
+	p=bm->data;
+	for (i=0; i 0) buf[i]='\0';
+	ret=i;
+	return(ret);
+	}
+
+static int mem_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=mem_write(bp,str,n);
+	/* memory semantics is that it will always work */
+	return(ret);
+	}
+
diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
new file mode 100644
index 0000000000000000000000000000000000000000..f93d47112193738c52604f862d7ce65e728a8264
--- /dev/null
+++ b/crypto/bio/bss_null.c
@@ -0,0 +1,176 @@
+/* crypto/bio/bss_null.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+
+#ifndef NOPROTO
+static int null_write(BIO *h,char *buf,int num);
+static int null_read(BIO *h,char *buf,int size);
+static int null_puts(BIO *h,char *str);
+static int null_gets(BIO *h,char *str,int size);
+static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int null_new(BIO *h);
+static int null_free(BIO *data);
+#else
+static int null_write();
+static int null_read();
+static int null_puts();
+static int null_gets();
+static long null_ctrl();
+static int null_new();
+static int null_free();
+#endif
+
+static BIO_METHOD null_method=
+	{
+	BIO_TYPE_NULL,"NULL",
+	null_write,
+	null_read,
+	null_puts,
+	null_gets,
+	null_ctrl,
+	null_new,
+	null_free,
+	};
+
+BIO_METHOD *BIO_s_null()
+	{
+	return(&null_method);
+	}
+
+static int null_new(bi)
+BIO *bi;
+	{
+	bi->init=1;
+	bi->num=0;
+	bi->ptr=(NULL);
+	return(1);
+	}
+
+static int null_free(a)
+BIO *a;
+	{
+	if (a == NULL) return(0);
+	return(1);
+	}
+	
+static int null_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	return(0);
+	}
+
+static int null_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	return(inl);
+	}
+
+static long null_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret=1;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+	case BIO_CTRL_EOF:
+	case BIO_CTRL_SET:
+	case BIO_CTRL_SET_CLOSE:
+	case BIO_CTRL_FLUSH:
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+	case BIO_CTRL_INFO:
+	case BIO_CTRL_GET:
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int null_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	return(0);
+	}
+
+static int null_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	if (str == NULL) return(0);
+	return(strlen(str));
+	}
+
diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c
new file mode 100644
index 0000000000000000000000000000000000000000..cd48f7ce95d4b6c844fdf1f3af467b89f3b5de9e
--- /dev/null
+++ b/crypto/bio/bss_rtcp.c
@@ -0,0 +1,296 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Written by David L. Jones 
+ * Date:   22-JUL-1996
+ */
+/* VMS */
+#include 
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include "bio.h"
+
+#include 		/* VMS IO$_ definitions */
+extern int SYS$QIOW();
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+
+struct rpc_msg {		/* Should have member alignment inhibited */
+   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;	/* Amount of data returned or max to return */
+   char data[4092];		/* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+struct rpc_ctx {
+    int filled, pos;
+    struct rpc_msg msg;
+};
+
+static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+
+static BIO_METHOD rtcp_method=
+	{
+	BIO_TYPE_FD,"RTCP",
+	rtcp_write,
+	rtcp_read,
+	rtcp_puts,
+	rtcp_gets,
+	rtcp_ctrl,
+	rtcp_new,
+	rtcp_free,
+	};
+
+BIO_METHOD *BIO_s_rtcp()
+	{
+	return(&rtcp_method);
+	}
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+	buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+	buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+/***************************************************************************/
+
+static int rtcp_new(bi)
+BIO *bi;
+{
+    struct rpc_ctx *ctx;
+	bi->init=1;
+	bi->num=0;
+	bi->flags = 0;
+	bi->ptr=Malloc(sizeof(struct rpc_ctx));
+	ctx = (struct rpc_ctx *) bi->ptr;
+	ctx->filled = 0;
+	ctx->pos = 0;
+	return(1);
+}
+
+static int rtcp_free(a)
+BIO *a;
+{
+	if (a == NULL) return(0);
+	if ( a->ptr ) Free ( a->ptr );
+	a->ptr = NULL;
+	return(1);
+}
+	
+static int rtcp_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+{
+    int status, length;
+    struct rpc_ctx *ctx;
+    /*
+     * read data, return existing.
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    if ( ctx->pos < ctx->filled ) {
+	length = ctx->filled - ctx->pos;
+	if ( length > outl ) length = outl;
+	memmove ( out, &ctx->msg.data[ctx->pos], length );
+	ctx->pos += length;
+	return length;
+    }
+    /*
+     * Requst more data from R channel.
+     */
+    ctx->msg.channel = 'R';
+    ctx->msg.function = 'G';
+    ctx->msg.length = sizeof(ctx->msg.data);
+    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+    if ( (status&1) == 0 ) {
+	return -1;
+    }
+    /*
+     * Read.
+     */
+    ctx->pos = ctx->filled = 0;
+    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+    if ( (status&1) == 0 ) length = -1;
+    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+	length = -1;
+    }
+    ctx->filled = length - RPC_HDR_SIZE;
+    
+    if ( ctx->pos < ctx->filled ) {
+	length = ctx->filled - ctx->pos;
+	if ( length > outl ) length = outl;
+	memmove ( out, ctx->msg.data, length );
+	ctx->pos += length;
+	return length;
+    }
+
+    return length;
+}
+
+static int rtcp_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+{
+    int status, i, segment, length;
+    struct rpc_ctx *ctx;
+    /*
+     * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    for ( i = 0; i < inl; i += segment ) {
+	segment = inl - i;
+	if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+	ctx->msg.channel = 'R';
+	ctx->msg.function = 'P';
+	ctx->msg.length = segment;
+	memmove ( ctx->msg.data, &in[i], segment );
+	status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+	if ((status&1) == 0 ) { i = -1; break; }
+
+	status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+	if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+	if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+	   printf("unexpected response when confirming put %c %c\n",
+		ctx->msg.channel, ctx->msg.function );
+
+	}
+    }
+    return(i);
+}
+
+static long rtcp_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret=1;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+	case BIO_CTRL_EOF:
+		ret = 1;
+		break;
+	case BIO_CTRL_SET:
+		b->num = num;
+		ret = 1;
+	 	break;
+	case BIO_CTRL_SET_CLOSE:
+	case BIO_CTRL_FLUSH:
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+	case BIO_CTRL_INFO:
+	case BIO_CTRL_GET:
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int rtcp_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	return(0);
+	}
+
+static int rtcp_puts(bp,str)
+BIO *bp;
+char *str;
+{
+    int length;
+    if (str == NULL) return(0);
+    length = strlen ( str );
+    if ( length == 0 ) return (0);
+    return rtcp_write ( bp,str, length );
+}
+
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
new file mode 100644
index 0000000000000000000000000000000000000000..ac96027051ecdcff3a659497b38ba3be7af673b2
--- /dev/null
+++ b/crypto/bio/bss_sock.c
@@ -0,0 +1,449 @@
+/* crypto/bio/bss_sock.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if !defined(NO_SOCK) || defined(BIO_FD)
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include "bio.h"
+
+#ifndef BIO_FD
+#ifndef NOPROTO
+static int sock_write(BIO *h,char *buf,int num);
+static int sock_read(BIO *h,char *buf,int size);
+static int sock_puts(BIO *h,char *str);
+static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+#else
+static int sock_write();
+static int sock_read();
+static int sock_puts();
+static long sock_ctrl();
+static int sock_new();
+static int sock_free();
+int BIO_sock_should_retry();
+#endif
+
+#else
+
+#ifndef NOPROTO
+static int fd_write(BIO *h,char *buf,int num);
+static int fd_read(BIO *h,char *buf,int size);
+static int fd_puts(BIO *h,char *str);
+static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+#else
+static int fd_write();
+static int fd_read();
+static int fd_puts();
+static long fd_ctrl();
+static int fd_new();
+static int fd_free();
+int BIO_fd_should_retry();
+#endif
+#endif
+
+#ifndef BIO_FD
+static BIO_METHOD methods_sockp=
+	{
+	BIO_TYPE_SOCKET,"socket",
+	sock_write,
+	sock_read,
+	sock_puts,
+	NULL, /* sock_gets, */
+	sock_ctrl,
+	sock_new,
+	sock_free,
+	};
+
+BIO_METHOD *BIO_s_socket()
+	{
+	return(&methods_sockp);
+	}
+#else
+static BIO_METHOD methods_fdp=
+	{
+	BIO_TYPE_FD,"file descriptor",
+	fd_write,
+	fd_read,
+	fd_puts,
+	NULL, /* fd_gets, */
+	fd_ctrl,
+	fd_new,
+	fd_free,
+	};
+
+BIO_METHOD *BIO_s_fd()
+	{
+	return(&methods_fdp);
+	}
+#endif
+
+#ifndef BIO_FD
+BIO *BIO_new_socket(fd,close_flag)
+#else
+BIO *BIO_new_fd(fd,close_flag)
+#endif
+int fd;
+int close_flag;
+	{
+	BIO *ret;
+
+#ifndef BIO_FD
+	ret=BIO_new(BIO_s_socket());
+#else
+	ret=BIO_new(BIO_s_fd());
+#endif
+	if (ret == NULL) return(NULL);
+	BIO_set_fd(ret,fd,close_flag);
+	return(ret);
+	}
+
+#ifndef BIO_FD
+static int sock_new(bi)
+#else
+static int fd_new(bi)
+#endif
+BIO *bi;
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	bi->flags=0;
+	return(1);
+	}
+
+#ifndef BIO_FD
+static int sock_free(a)
+#else
+static int fd_free(a)
+#endif
+BIO *a;
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if (a->init)
+			{
+#ifndef BIO_FD
+			shutdown(a->num,2);
+# ifdef WINDOWS
+			closesocket(a->num);
+# else
+			close(a->num);
+# endif
+#else			/* BIO_FD */
+			close(a->num);
+#endif
+
+			}
+		a->init=0;
+		a->flags=0;
+		}
+	return(1);
+	}
+	
+#ifndef BIO_FD
+static int sock_read(b,out,outl)
+#else
+static int fd_read(b,out,outl)
+#endif
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret=0;
+
+	if (out != NULL)
+		{
+		errno=0;
+#if defined(WINDOWS) && !defined(BIO_FD)
+		ret=recv(b->num,out,outl,0);
+#else
+		ret=read(b->num,out,outl);
+#endif
+		BIO_clear_retry_flags(b);
+		if (ret <= 0)
+			{
+#ifndef BIO_FD
+			if (BIO_sock_should_retry(ret))
+#else
+			if (BIO_fd_should_retry(ret))
+#endif
+				BIO_set_retry_read(b);
+			}
+		}
+	return(ret);
+	}
+
+#ifndef BIO_FD
+static int sock_write(b,in,inl)
+#else
+static int fd_write(b,in,inl)
+#endif
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret;
+	
+	errno=0;
+#if defined(WINDOWS) && !defined(BIO_FD)
+	ret=send(b->num,in,inl,0);
+#else
+	ret=write(b->num,in,inl);
+#endif
+	BIO_clear_retry_flags(b);
+	if (ret <= 0)
+		{
+#ifndef BIO_FD
+		if (BIO_sock_should_retry(ret))
+#else
+		if (BIO_fd_should_retry(ret))
+#endif
+			BIO_set_retry_write(b);
+		}
+	return(ret);
+	}
+
+#ifndef BIO_FD
+static long sock_ctrl(b,cmd,num,ptr)
+#else
+static long fd_ctrl(b,cmd,num,ptr)
+#endif
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret=1;
+	int *ip;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+#ifdef BIO_FD
+		ret=(long)lseek(b->num,0,0);
+#else
+		ret=0;
+#endif
+		break;
+	case BIO_CTRL_INFO:
+		ret=0;
+		break;
+	case BIO_C_SET_FD:
+#ifndef BIO_FD
+		sock_free(b);
+#else
+		fd_free(b);
+#endif
+		b->num= *((int *)ptr);
+		b->shutdown=(int)num;
+		b->init=1;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL) *ip=b->num;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		ret=1;
+		break;
+		break;
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+#ifdef undef
+static int sock_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	return(-1);
+	}
+#endif
+
+#ifndef BIO_FD
+static int sock_puts(bp,str)
+#else
+static int fd_puts(bp,str)
+#endif
+BIO *bp;
+char *str;
+	{
+	int n,ret;
+
+	n=strlen(str);
+#ifndef BIO_FD
+	ret=sock_write(bp,str,n);
+#else
+	ret=fd_write(bp,str,n);
+#endif
+	return(ret);
+	}
+
+#ifndef BIO_FD
+int BIO_sock_should_retry(i)
+#else
+int BIO_fd_should_retry(i)
+#endif
+int i;
+	{
+	if ((i == 0) || (i == -1))
+		{
+#if !defined(BIO_FD) && defined(WINDOWS)
+		errno=WSAGetLastError();
+#endif
+
+#if defined(WINDOWS) /* more microsoft stupidity */
+		if ((i == -1) && (errno == 0))
+			return(1);
+#endif
+#ifndef BIO_FD
+		return(BIO_sock_non_fatal_error(errno));
+#else
+		return(BIO_fd_non_fatal_error(errno));
+#endif
+		}
+	return(0);
+	}
+
+#ifndef BIO_FD
+int BIO_sock_non_fatal_error(err)
+#else
+int BIO_fd_non_fatal_error(err)
+#endif
+int err;
+	{
+	switch (err)
+		{
+#if !defined(BIO_FD) && defined(WINDOWS)
+# if defined(WSAEWOULDBLOCK)
+	case WSAEWOULDBLOCK:
+# endif
+
+# if defined(WSAENOTCONN)
+	case WSAENOTCONN:
+# endif
+#endif
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+	case EWOULDBLOCK:
+#  endif
+# else
+	case EWOULDBLOCK:
+# endif
+#endif
+
+#ifdef EINTR
+	case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+	case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+	case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+	case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+	case EALREADY:
+#endif
+		return(1);
+		break;
+	default:
+		break;
+		}
+	return(0);
+	}
+#endif
diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..cbddd4f3ea97134a027b894f415bcb86e77d4401
--- /dev/null
+++ b/crypto/bn/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+
+DIR=	bn
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+BN_MULW=	bn_mulw.o
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=bn
+ERRC=bn_err
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c \
+	bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c \
+	bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+
+LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o \
+	bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o \
+	bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_MULW) bn_recp.o bn_mont.o
+
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+knuth: bn_knuth.c
+	cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+knuth.fast: bn_knuth.c
+	cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+exptest:
+	/bin/rm -f exptest
+	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+	/bin/rm -f a.out
+	gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_mulw.s
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # special case .org
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bn/asm/README b/crypto/bn/asm/README
new file mode 100644
index 0000000000000000000000000000000000000000..d93fbff77f5feff243558e6d50dac5bd083e3ed7
--- /dev/null
+++ b/crypto/bn/asm/README
@@ -0,0 +1,30 @@
+All assember in this directory are just version of the file
+crypto/bn/bn_mulw.c.
+
+Quite a few of these files are just the assember output from gcc since on 
+quite a few machines they are 2 times faster than the system compiler.
+
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
+routines.
+
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits).  So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+
+The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
+I had such a hard time finding a macro assember for Microsoft, I decided to
+include the object file to save others the hassle :-).
+
+I have also included uu encoded versions of the .obj incase they get
+trashed.
+
+There are 2 versions of assember for the HP PA-RISC.
+pa-risc.s is the origional one which works fine.
+pa-risc2.s is a new version that often generates warnings but if the
+tests pass, it gives performance that is over 2 times faster than
+pa-risc.s.
+Both were generated using gcc :-)
diff --git a/crypto/bn/asm/alpha.s b/crypto/bn/asm/alpha.s
new file mode 100644
index 0000000000000000000000000000000000000000..d56f715ecd66edaaa9614ce577a070ef35812f8a
--- /dev/null
+++ b/crypto/bn/asm/alpha.s
@@ -0,0 +1,310 @@
+ # DEC Alpha assember
+ # The bn_div64 is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div64.
+	.file	1 "bn_mulw.c"
+	.version	"01.01"
+	.set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+	.text
+	.align 3
+	.globl bn_mul_add_word
+	.ent bn_mul_add_word
+bn_mul_add_word:
+bn_mul_add_word..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	subq $18,2,$25	# num=-2
+	bis $31,$31,$0
+	blt $25,$42
+	.align 5
+$142:
+	subq $18,2,$18	# num-=2
+	subq $25,2,$25	# num-=2
+
+	ldq $1,0($17)	# a[0]
+	ldq $2,8($17)	# a[1]
+
+	mulq $19,$1,$3	# a[0]*w low part	r3
+ 	umulh $19,$1,$1 # a[0]*w high part	r1
+	mulq $19,$2,$4	# a[1]*w low part	r4
+ 	umulh $19,$2,$2 # a[1]*w high part	r2
+
+	ldq $22,0($16)	# r[0]			r22
+	ldq $23,8($16)	# r[1]			r23
+
+	addq $3,$22,$3	# a0 low part + r[0]	
+	addq $4,$23,$4	# a1 low part + r[1]	
+	cmpult $3,$22,$5 # overflow?
+	cmpult $4,$23,$6 # overflow?
+	addq $5,$1,$1	# high part + overflow 
+	addq $6,$2,$2	# high part + overflow 
+
+	addq $3,$0,$3	# add c
+	cmpult $3,$0,$5 # overflow?
+	stq $3,0($16)
+	addq $5,$1,$0	# c=high part + overflow 
+
+	addq $4,$0,$4	# add c
+	cmpult $4,$0,$5 # overflow?
+	stq $4,8($16)
+	addq $5,$2,$0	# c=high part + overflow 
+
+	ble $18,$43
+
+ 	addq $16,16,$16
+ 	addq $17,16,$17
+	blt $25,$42
+
+ 	br $31,$142
+$42:
+	ldq $1,0($17)	# a[0]
+ 	umulh $19,$1,$3 # a[0]*w high part
+	mulq $19,$1,$1	# a[0]*w low part
+	ldq $2,0($16)	# r[0]
+	addq $1,$2,$1	# low part + r[0]
+	cmpult $1,$2,$4 # overflow?
+	addq $4,$3,$3	# high part + overflow 
+	addq $1,$0,$1	# add c
+	cmpult $1,$0,$4 # overflow?
+	addq $4,$3,$0	# c=high part + overflow 
+	stq $1,0($16)
+
+	.align 4
+$43:
+	ret $31,($26),1
+	.end bn_mul_add_word
+	.align 3
+	.globl bn_mul_word
+	.ent bn_mul_word
+bn_mul_word:
+bn_mul_word..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	subq $18,2,$25	# num=-2
+	bis $31,$31,$0
+	blt $25,$242
+	.align 5
+$342:
+	subq $18,2,$18	# num-=2
+	subq $25,2,$25	# num-=2
+
+	ldq $1,0($17)	# a[0]
+	ldq $2,8($17)	# a[1]
+
+	mulq $19,$1,$3	# a[0]*w low part	r3
+ 	umulh $19,$1,$1 # a[0]*w high part	r1
+	mulq $19,$2,$4	# a[1]*w low part	r4
+ 	umulh $19,$2,$2 # a[1]*w high part	r2
+
+	addq $3,$0,$3	# add c
+	cmpult $3,$0,$5 # overflow?
+	stq $3,0($16)
+	addq $5,$1,$0	# c=high part + overflow 
+
+	addq $4,$0,$4	# add c
+	cmpult $4,$0,$5 # overflow?
+	stq $4,8($16)
+	addq $5,$2,$0	# c=high part + overflow 
+
+	ble $18,$243
+
+ 	addq $16,16,$16
+ 	addq $17,16,$17
+	blt $25,$242
+
+ 	br $31,$342
+$242:
+	ldq $1,0($17)	# a[0]
+ 	umulh $19,$1,$3 # a[0]*w high part
+	mulq $19,$1,$1	# a[0]*w low part
+	addq $1,$0,$1	# add c
+	cmpult $1,$0,$4 # overflow?
+	addq $4,$3,$0	# c=high part + overflow 
+	stq $1,0($16)
+$243:
+	ret $31,($26),1
+	.end bn_mul_word
+	.align 3
+	.globl bn_sqr_words
+	.ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	
+	subq $18,2,$25	# num=-2
+	blt $25,$442
+	.align 5
+$542:
+	subq $18,2,$18	# num-=2
+	subq $25,2,$25	# num-=2
+
+	ldq $1,0($17)	# a[0]
+	ldq $4,8($17)	# a[1]
+
+	mulq $1,$1,$2	# a[0]*w low part	r2
+ 	umulh $1,$1,$3 # a[0]*w high part	r3
+	mulq $4,$4,$5	# a[1]*w low part	r5
+ 	umulh $4,$4,$6 # a[1]*w high part	r6
+
+	stq $2,0($16)	# r[0]
+	stq $3,8($16)	# r[1]
+	stq $5,16($16)	# r[3]
+	stq $6,24($16)	# r[4]
+
+	ble $18,$443
+
+ 	addq $16,32,$16
+ 	addq $17,16,$17
+	blt $25,$442
+ 	br $31,$542
+
+$442:
+	ldq $1,0($17)   # a[0]
+	mulq $1,$1,$2   # a[0]*w low part       r2
+        umulh $1,$1,$3  # a[0]*w high part       r3
+	stq $2,0($16)   # r[0]
+        stq $3,8($16)   # r[1]
+
+	.align 4
+$443:
+	ret $31,($26),1
+	.end bn_sqr_words
+
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+	.align 3
+	.globl bn_div64
+	.ent bn_div64
+bn_div64:
+	ldgp $29,0($27)
+bn_div64..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$119
+	lda $0,-1
+	br $31,$136
+	.align 4
+$119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$126
+	zapnot $7,15,$27
+	br $31,$127
+	.align 4
+$126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$127:
+	srl $10,32,$4
+	.align 5
+$128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$129
+	subq $27,1,$27
+	br $31,$128
+	.align 4
+$129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$134
+	addq $9,$11,$9
+	subq $27,1,$27
+$134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$123
+	.align 4
+$124:
+	bis $13,$27,$0
+$136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div64
+	.ident	"GCC: (GNU) 2.7.2.1"
+
+
diff --git a/crypto/bn/asm/pa-risc.s b/crypto/bn/asm/pa-risc.s
new file mode 100644
index 0000000000000000000000000000000000000000..c49c433a834469d52ffa6ca7b427eb24f951f755
--- /dev/null
+++ b/crypto/bn/asm/pa-risc.s
@@ -0,0 +1,710 @@
+	.SPACE $PRIVATE$
+	.SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+	.SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+	.SPACE $TEXT$
+	.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+	.IMPORT $global$,DATA
+	.IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_mul_add_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_word
+	.PROC
+	.CALLINFO FRAME=0,CALLS,SAVE_RP
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	ldi 0,%r28
+	extru %r23,31,16,%r2
+	stw %r2,-16(0,%r30)
+	extru %r23,15,16,%r23
+	ldil L'65536,%r31
+	fldws -16(0,%r30),%fr11R
+	stw %r23,-16(0,%r30)
+	ldo 12(%r25),%r29
+	ldo 12(%r26),%r23
+	fldws -16(0,%r30),%fr11L
+L$0002
+	ldw 0(0,%r25),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0005
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw 0(0,%r26),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,0(0,%r26)
+	ldw -8(0,%r29),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0010
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw -8(0,%r23),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,-8(0,%r23)
+	ldw -4(0,%r29),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0015
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw -4(0,%r23),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,-4(0,%r23)
+	ldw 0(0,%r29),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0020
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw 0(0,%r23),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,0(0,%r23)
+	ldo 16(%r29),%r29
+	ldo 16(%r25),%r25
+	ldo 16(%r23),%r23
+	bl L$0002,0
+	ldo 16(%r26),%r26
+L$0003
+	ldw -20(0,%r30),%r2
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_mul_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_word
+	.PROC
+	.CALLINFO FRAME=0,CALLS,SAVE_RP
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	ldi 0,%r28
+	extru %r23,31,16,%r2
+	stw %r2,-16(0,%r30)
+	extru %r23,15,16,%r23
+	ldil L'65536,%r31
+	fldws -16(0,%r30),%fr11R
+	stw %r23,-16(0,%r30)
+	ldo 12(%r26),%r29
+	ldo 12(%r25),%r23
+	fldws -16(0,%r30),%fr11L
+L$0026
+	ldw 0(0,%r25),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0029
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,0(0,%r26)
+	ldw -8(0,%r23),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0033
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,-8(0,%r29)
+	ldw -4(0,%r23),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0037
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,-4(0,%r29)
+	ldw 0(0,%r23),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0041
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,0(0,%r29)
+	ldo 16(%r23),%r23
+	ldo 16(%r25),%r25
+	ldo 16(%r29),%r29
+	bl L$0026,0
+	ldo 16(%r26),%r26
+L$0027
+	ldw -20(0,%r30),%r2
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+	.PROC
+	.CALLINFO FRAME=0,NO_CALLS
+	.ENTRY
+	ldo 28(%r26),%r23
+	ldo 12(%r25),%r28
+L$0046
+	ldw 0(0,%r25),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,0(0,%r26)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,-24(0,%r23)
+	ldw -8(0,%r28),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,-20(0,%r23)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,-16(0,%r23)
+	ldw -4(0,%r28),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,-12(0,%r23)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,-8(0,%r23)
+	ldw 0(0,%r28),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,-4(0,%r23)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,0(0,%r23)
+	ldo 16(%r28),%r28
+	ldo 16(%r25),%r25
+	ldo 32(%r23),%r23
+	bl L$0046,0
+	ldo 32(%r26),%r26
+L$0057
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.IMPORT BN_num_bits_word,CODE
+	.IMPORT fprintf,CODE
+	.IMPORT __iob,DATA
+	.SPACE $TEXT$
+	.SUBSPA $LIT$
+
+	.align 4
+L$C0000
+	.STRING "Division would overflow\x0a\x00"
+	.IMPORT abort,CODE
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+	.PROC
+	.CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r8,128(0,%r30)
+	stw %r7,-124(0,%r30)
+	stw %r4,-112(0,%r30)
+	stw %r3,-108(0,%r30)
+	copy %r26,%r3
+	copy %r25,%r4
+	stw %r6,-120(0,%r30)
+	ldi 0,%r7
+	stw %r5,-116(0,%r30)
+	movb,<> %r24,%r5,L$0059
+	ldi 2,%r6
+	bl L$0076,0
+	ldi -1,%r28
+L$0059
+	.CALL ARGW0=GR
+	bl BN_num_bits_word,%r2
+	copy %r5,%r26
+	ldi 32,%r19
+	comb,= %r19,%r28,L$0060
+	subi 31,%r28,%r19
+	mtsar %r19
+	zvdepi 1,32,%r19
+	comb,>>= %r19,%r3,L$0060
+	addil LR'__iob-$global$+32,%r27
+	ldo RR'__iob-$global$+32(%r1),%r26
+	ldil LR'L$C0000,%r25
+	.CALL ARGW0=GR,ARGW1=GR
+	bl fprintf,%r2
+	ldo RR'L$C0000(%r25),%r25
+	.CALL 
+	bl abort,%r2
+	nop
+L$0060
+	comb,>> %r5,%r3,L$0061
+	subi 32,%r28,%r28
+	sub %r3,%r5,%r3
+L$0061
+	comib,= 0,%r28,L$0062
+	subi 31,%r28,%r19
+	mtsar %r19
+	zvdep %r5,32,%r5
+	zvdep %r3,32,%r21
+	subi 32,%r28,%r20
+	mtsar %r20
+	vshd 0,%r4,%r20
+	or %r21,%r20,%r3
+	mtsar %r19
+	zvdep %r4,32,%r4
+L$0062
+	extru %r5,15,16,%r23
+	extru %r5,31,16,%r28
+L$0063
+	extru %r3,15,16,%r19
+	comb,<> %r23,%r19,L$0066
+	copy %r3,%r26
+	bl L$0067,0
+	zdepi -1,31,16,%r29
+L$0066
+	.IMPORT $$divU,MILLICODE
+	bl $$divU,%r31
+	copy %r23,%r25
+L$0067
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r23,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr9
+	ldw -16(0,%r30),%r8
+	fstws %fr9R,-16(0,%r30)
+	copy %r8,%r22
+	ldw -16(0,%r30),%r8
+	extru %r4,15,16,%r24
+	copy %r8,%r21
+L$0068
+	sub %r3,%r21,%r20
+	copy %r20,%r19
+	depi 0,31,16,%r19
+	comib,<> 0,%r19,L$0069
+	zdep %r20,15,16,%r19
+	addl %r19,%r24,%r19
+	comb,>>= %r19,%r22,L$0069
+	sub %r22,%r28,%r22
+	sub %r21,%r23,%r21
+	bl L$0068,0
+	ldo -1(%r29),%r29
+L$0069
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r8
+	stw %r23,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	copy %r8,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,15,16,%r20
+	ldw -16(0,%r30),%r8
+	zdep %r19,15,16,%r19
+	addl %r8,%r20,%r20
+	comclr,<<= %r19,%r4,0
+	addi 1,%r20,%r20
+	comb,<<= %r20,%r3,L$0074
+	sub %r4,%r19,%r4
+	addl %r3,%r5,%r3
+	ldo -1(%r29),%r29
+L$0074
+	addib,= -1,%r6,L$0064
+	sub %r3,%r20,%r3
+	zdep %r29,15,16,%r7
+	shd %r3,%r4,16,%r3
+	bl L$0063,0
+	zdep %r4,15,16,%r4
+L$0064
+	or %r7,%r29,%r28
+L$0076
+	ldw -148(0,%r30),%r2
+	ldw -124(0,%r30),%r7
+	ldw -120(0,%r30),%r6
+	ldw -116(0,%r30),%r5
+	ldw -112(0,%r30),%r4
+	ldw -108(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -128(0,%r30),%r8
+	.EXIT
+	.PROCEND
diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
new file mode 100644
index 0000000000000000000000000000000000000000..5e07b7d2e87900cec5a0c0b0078569f473333bed
--- /dev/null
+++ b/crypto/bn/asm/pa-risc2.s
@@ -0,0 +1,416 @@
+	.SPACE $PRIVATE$
+	.SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+	.SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+	.SPACE $TEXT$
+	.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+	.IMPORT $global$,DATA
+	.IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_mul_add_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_word
+	.PROC
+	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r4,64(0,%r30)
+	copy %r24,%r31
+	stw %r3,-60(0,%r30)
+	ldi 0,%r20
+	ldo 12(%r26),%r2
+	stw %r23,-16(0,%r30)
+	copy %r25,%r3
+	ldo 12(%r3),%r1
+	fldws -16(0,%r30),%fr8L
+L$0010
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws 0(0,%r3),%fr9L
+	ldw 0(0,%r26),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,0(0,%r26)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws -8(0,%r1),%fr9L
+	ldw -8(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,-8(0,%r2)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws -4(0,%r1),%fr9L
+	ldw -4(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,-4(0,%r2)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws 0(0,%r1),%fr9L
+	ldw 0(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,0(0,%r2)
+	ldo 16(%r1),%r1
+	ldo 16(%r3),%r3
+	ldo 16(%r2),%r2
+	bl L$0010,0
+	ldo 16(%r26),%r26
+L$0011
+	copy %r20,%r28
+	ldw -84(0,%r30),%r2
+	ldw -60(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -64(0,%r30),%r4
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_mul_word,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_word
+	.PROC
+	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	copy %r25,%r2
+	stwm %r4,64(0,%r30)
+	copy %r24,%r19
+	ldi 0,%r28
+	stw %r23,-16(0,%r30)
+	ldo 12(%r26),%r31
+	ldo 12(%r2),%r29
+	fldws -16(0,%r30),%fr8L
+L$0026
+	fldws 0(0,%r2),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,0(0,%r26)
+	fldws -8(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,-8(0,%r31)
+	fldws -4(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,-4(0,%r31)
+	fldws 0(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,0(0,%r31)
+	ldo 16(%r29),%r29
+	ldo 16(%r2),%r2
+	ldo 16(%r31),%r31
+	bl L$0026,0
+	ldo 16(%r26),%r26
+L$0027
+	ldw -84(0,%r30),%r2
+	bv 0(%r2)
+	ldwm -64(0,%r30),%r4
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+	.PROC
+	.CALLINFO FRAME=0,NO_CALLS
+	.ENTRY
+	ldo 28(%r26),%r19
+	ldo 12(%r25),%r28
+L$0042
+	fldws 0(0,%r25),%fr8L
+	fldws 0(0,%r25),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,0(0,%r26)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-24(0,%r19)
+	fldws -8(0,%r28),%fr8L
+	fldws -8(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-20(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-16(0,%r19)
+	fldws -4(0,%r28),%fr8L
+	fldws -4(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-12(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-8(0,%r19)
+	fldws 0(0,%r28),%fr8L
+	fldws 0(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-4(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,0(0,%r19)
+	ldo 16(%r28),%r28
+	ldo 16(%r25),%r25
+	ldo 32(%r19),%r19
+	bl L$0042,0
+	ldo 32(%r26),%r26
+L$0049
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.IMPORT BN_num_bits_word,CODE
+	.IMPORT fprintf,CODE
+	.IMPORT __iob,DATA
+	.SPACE $TEXT$
+	.SUBSPA $LIT$
+
+	.align 4
+L$C0000
+	.STRING "Division would overflow (%d)\x0a\x00"
+	.IMPORT abort,CODE
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+	.PROC
+	.CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r8,128(0,%r30)
+	stw %r7,-124(0,%r30)
+	stw %r4,-112(0,%r30)
+	stw %r3,-108(0,%r30)
+	copy %r26,%r3
+	copy %r25,%r4
+	stw %r6,-120(0,%r30)
+	ldi 0,%r7
+	stw %r5,-116(0,%r30)
+	movb,<> %r24,%r5,L$0051
+	ldi 2,%r6
+	bl L$0068,0
+	ldi -1,%r28
+L$0051
+	.CALL ARGW0=GR
+	bl BN_num_bits_word,%r2
+	copy %r5,%r26
+	copy %r28,%r24
+	ldi 32,%r19
+	comb,= %r19,%r24,L$0052
+	subi 31,%r24,%r19
+	mtsar %r19
+	zvdepi 1,32,%r19
+	comb,>>= %r19,%r3,L$0052
+	addil LR'__iob-$global$+32,%r27
+	ldo RR'__iob-$global$+32(%r1),%r26
+	ldil LR'L$C0000,%r25
+	.CALL ARGW0=GR,ARGW1=GR,ARGW2=GR
+	bl fprintf,%r2
+	ldo RR'L$C0000(%r25),%r25
+	.CALL 
+	bl abort,%r2
+	nop
+L$0052
+	comb,>> %r5,%r3,L$0053
+	subi 32,%r24,%r24
+	sub %r3,%r5,%r3
+L$0053
+	comib,= 0,%r24,L$0054
+	subi 31,%r24,%r19
+	mtsar %r19
+	zvdep %r5,32,%r5
+	zvdep %r3,32,%r21
+	subi 32,%r24,%r20
+	mtsar %r20
+	vshd 0,%r4,%r20
+	or %r21,%r20,%r3
+	mtsar %r19
+	zvdep %r4,32,%r4
+L$0054
+	extru %r5,15,16,%r23
+	extru %r5,31,16,%r28
+L$0055
+	extru %r3,15,16,%r19
+	comb,<> %r23,%r19,L$0058
+	copy %r3,%r26
+	bl L$0059,0
+	zdepi -1,31,16,%r29
+L$0058
+	.IMPORT $$divU,MILLICODE
+	bl $$divU,%r31
+	copy %r23,%r25
+L$0059
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r23,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr9
+	ldw -16(0,%r30),%r8
+	fstws %fr9R,-16(0,%r30)
+	copy %r8,%r22
+	ldw -16(0,%r30),%r8
+	extru %r4,15,16,%r24
+	copy %r8,%r21
+L$0060
+	sub %r3,%r21,%r20
+	copy %r20,%r19
+	depi 0,31,16,%r19
+	comib,<> 0,%r19,L$0061
+	zdep %r20,15,16,%r19
+	addl %r19,%r24,%r19
+	comb,>>= %r19,%r22,L$0061
+	sub %r22,%r28,%r22
+	sub %r21,%r23,%r21
+	bl L$0060,0
+	ldo -1(%r29),%r29
+L$0061
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r8
+	stw %r23,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	copy %r8,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,15,16,%r20
+	ldw -16(0,%r30),%r8
+	zdep %r19,15,16,%r19
+	addl %r8,%r20,%r20
+	comclr,<<= %r19,%r4,0
+	addi 1,%r20,%r20
+	comb,<<= %r20,%r3,L$0066
+	sub %r4,%r19,%r4
+	addl %r3,%r5,%r3
+	ldo -1(%r29),%r29
+L$0066
+	addib,= -1,%r6,L$0056
+	sub %r3,%r20,%r3
+	zdep %r29,15,16,%r7
+	shd %r3,%r4,16,%r3
+	bl L$0055,0
+	zdep %r4,15,16,%r4
+L$0056
+	or %r7,%r29,%r28
+L$0068
+	ldw -148(0,%r30),%r2
+	ldw -124(0,%r30),%r7
+	ldw -120(0,%r30),%r6
+	ldw -116(0,%r30),%r5
+	ldw -112(0,%r30),%r4
+	ldw -108(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -128(0,%r30),%r8
+	.EXIT
+	.PROCEND
diff --git a/crypto/bn/asm/r3000.s b/crypto/bn/asm/r3000.s
new file mode 100644
index 0000000000000000000000000000000000000000..5be2a0d0e6bf2a02857499ebfaadbc2b1fb4c3a4
--- /dev/null
+++ b/crypto/bn/asm/r3000.s
@@ -0,0 +1,646 @@
+	.file	1 "../bn_mulw.c"
+	.set	nobopt
+	.option pic2
+
+ # GNU C 2.6.3 [AL 1.1, MM 40] SGI running IRIX 5.0 compiled by GNU C
+
+ # Cc1 defaults:
+ # -mabicalls
+
+ # Cc1 arguments (-G value = 0, Cpu = 3000, ISA = 1):
+ # -quiet -dumpbase -O2 -o
+
+gcc2_compiled.:
+__gnu_compiled_c:
+	.rdata
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x34,0x39,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x33,0x34,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x35,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x32,0x33,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x37,0x38,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x33,0x2e,0x37,0x30,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x32,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x34,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+	.byte	0x0
+	.text
+	.align	2
+	.globl	bn_mul_add_word
+	.ent	bn_mul_add_word
+bn_mul_add_word:
+	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	move	$12,$4
+	move	$14,$5
+	move	$9,$6
+	move	$13,$7
+	move	$8,$0
+	addu	$10,$12,12
+	addu	$11,$14,12
+$L2:
+	lw	$6,0($14)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,0($12)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,0($12)
+	.set	macro
+	.set	reorder
+
+	lw	$6,-8($11)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,-8($10)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,-8($10)
+	.set	macro
+	.set	reorder
+
+	lw	$6,-4($11)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,-4($10)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,-4($10)
+	.set	macro
+	.set	reorder
+
+	lw	$6,0($11)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,0($10)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,0($10)
+	.set	macro
+	.set	reorder
+
+	addu	$11,$11,16
+	addu	$14,$14,16
+	addu	$10,$10,16
+	.set	noreorder
+	.set	nomacro
+	j	$L2
+	addu	$12,$12,16
+	.set	macro
+	.set	reorder
+
+$L3:
+	.set	noreorder
+	.set	nomacro
+	j	$31
+	move	$2,$8
+	.set	macro
+	.set	reorder
+
+	.end	bn_mul_add_word
+	.align	2
+	.globl	bn_mul_word
+	.ent	bn_mul_word
+bn_mul_word:
+	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	move	$11,$4
+	move	$12,$5
+	move	$8,$6
+	move	$6,$0
+	addu	$10,$11,12
+	addu	$9,$12,12
+$L10:
+	lw	$4,0($12)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,0($11)
+	.set	macro
+	.set	reorder
+
+	lw	$4,-8($9)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,-8($10)
+	.set	macro
+	.set	reorder
+
+	lw	$4,-4($9)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,-4($10)
+	.set	macro
+	.set	reorder
+
+	lw	$4,0($9)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,0($10)
+	.set	macro
+	.set	reorder
+
+	addu	$9,$9,16
+	addu	$12,$12,16
+	addu	$10,$10,16
+	.set	noreorder
+	.set	nomacro
+	j	$L10
+	addu	$11,$11,16
+	.set	macro
+	.set	reorder
+
+$L11:
+	.set	noreorder
+	.set	nomacro
+	j	$31
+	move	$2,$6
+	.set	macro
+	.set	reorder
+
+	.end	bn_mul_word
+	.align	2
+	.globl	bn_sqr_words
+	.ent	bn_sqr_words
+bn_sqr_words:
+	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	move	$9,$4
+	addu	$7,$9,28
+	addu	$8,$5,12
+$L18:
+	lw	$2,0($5)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,0($9)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,-24($7)
+	.set	macro
+	.set	reorder
+
+	lw	$2,-8($8)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,-20($7)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,-16($7)
+	.set	macro
+	.set	reorder
+
+	lw	$2,-4($8)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,-12($7)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,-8($7)
+	.set	macro
+	.set	reorder
+
+	lw	$2,0($8)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,-4($7)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,0($7)
+	.set	macro
+	.set	reorder
+
+	addu	$8,$8,16
+	addu	$5,$5,16
+	addu	$7,$7,32
+	.set	noreorder
+	.set	nomacro
+	j	$L18
+	addu	$9,$9,32
+	.set	macro
+	.set	reorder
+
+$L19:
+	j	$31
+	.end	bn_sqr_words
+	.rdata
+	.align	2
+$LC0:
+
+	.byte	0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e
+	.byte	0x20,0x77,0x6f,0x75,0x6c,0x64,0x20,0x6f
+	.byte	0x76,0x65,0x72,0x66,0x6c,0x6f,0x77,0xa
+	.byte	0x0
+	.text
+	.align	2
+	.globl	bn_div64
+	.ent	bn_div64
+bn_div64:
+	.frame	$sp,56,$31		# vars= 0, regs= 7/0, args= 16, extra= 8
+	.mask	0x901f0000,-8
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	subu	$sp,$sp,56
+	.cprestore 16
+	sw	$16,24($sp)
+	move	$16,$4
+	sw	$17,28($sp)
+	move	$17,$5
+	sw	$18,32($sp)
+	move	$18,$6
+	sw	$20,40($sp)
+	move	$20,$0
+	sw	$19,36($sp)
+	li	$19,0x00000002		# 2
+	sw	$31,48($sp)
+	.set	noreorder
+	.set	nomacro
+	bne	$18,$0,$L26
+	sw	$28,44($sp)
+	.set	macro
+	.set	reorder
+
+	.set	noreorder
+	.set	nomacro
+	j	$L43
+	li	$2,-1			# 0xffffffff
+	.set	macro
+	.set	reorder
+
+$L26:
+	move	$4,$18
+	jal	BN_num_bits_word
+	move	$4,$2
+	li	$2,0x00000020		# 32
+	.set	noreorder
+	.set	nomacro
+	beq	$4,$2,$L27
+	li	$2,0x00000001		# 1
+	.set	macro
+	.set	reorder
+
+	sll	$2,$2,$4
+	sltu	$2,$2,$16
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L44
+	li	$5,0x00000020		# 32
+	.set	macro
+	.set	reorder
+
+	la	$4,__iob+32
+	la	$5,$LC0
+	jal	fprintf
+	jal	abort
+$L27:
+	li	$5,0x00000020		# 32
+$L44:
+	sltu	$2,$16,$18
+	.set	noreorder
+	.set	nomacro
+	bne	$2,$0,$L28
+	subu	$4,$5,$4
+	.set	macro
+	.set	reorder
+
+	subu	$16,$16,$18
+$L28:
+	.set	noreorder
+	.set	nomacro
+	beq	$4,$0,$L29
+	li	$10,-65536			# 0xffff0000
+	.set	macro
+	.set	reorder
+
+	sll	$18,$18,$4
+	sll	$3,$16,$4
+	subu	$2,$5,$4
+	srl	$2,$17,$2
+	or	$16,$3,$2
+	sll	$17,$17,$4
+$L29:
+	srl	$7,$18,16
+	andi	$9,$18,0xffff
+$L30:
+	srl	$2,$16,16
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$7,$L34
+	li	$6,0x0000ffff		# 65535
+	.set	macro
+	.set	reorder
+
+	divu	$6,$16,$7
+$L34:
+	mult	$6,$9
+	mflo	$5
+	#nop
+	#nop
+	mult	$6,$7
+	and	$2,$17,$10
+	srl	$8,$2,16
+	mflo	$4
+$L35:
+	subu	$3,$16,$4
+	and	$2,$3,$10
+	.set	noreorder
+	.set	nomacro
+	bne	$2,$0,$L36
+	sll	$2,$3,16
+	.set	macro
+	.set	reorder
+
+	addu	$2,$2,$8
+	sltu	$2,$2,$5
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L36
+	subu	$5,$5,$9
+	.set	macro
+	.set	reorder
+
+	subu	$4,$4,$7
+	.set	noreorder
+	.set	nomacro
+	j	$L35
+	addu	$6,$6,-1
+	.set	macro
+	.set	reorder
+
+$L36:
+	mult	$6,$7
+	mflo	$5
+	#nop
+	#nop
+	mult	$6,$9
+	mflo	$4
+	#nop
+	#nop
+	srl	$3,$4,16
+	sll	$2,$4,16
+	and	$4,$2,$10
+	sltu	$2,$17,$4
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L40
+	addu	$5,$5,$3
+	.set	macro
+	.set	reorder
+
+	addu	$5,$5,1
+$L40:
+	sltu	$2,$16,$5
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L41
+	subu	$17,$17,$4
+	.set	macro
+	.set	reorder
+
+	addu	$16,$16,$18
+	addu	$6,$6,-1
+$L41:
+	addu	$19,$19,-1
+	.set	noreorder
+	.set	nomacro
+	beq	$19,$0,$L31
+	subu	$16,$16,$5
+	.set	macro
+	.set	reorder
+
+	sll	$20,$6,16
+	sll	$3,$16,16
+	srl	$2,$17,16
+	or	$16,$3,$2
+	.set	noreorder
+	.set	nomacro
+	j	$L30
+	sll	$17,$17,16
+	.set	macro
+	.set	reorder
+
+$L31:
+	or	$2,$20,$6
+$L43:
+	lw	$31,48($sp)
+	lw	$20,40($sp)
+	lw	$19,36($sp)
+	lw	$18,32($sp)
+	lw	$17,28($sp)
+	lw	$16,24($sp)
+	addu	$sp,$sp,56
+	j	$31
+	.end	bn_div64
+
+	.globl abort .text
+	.globl fprintf .text
+	.globl BN_num_bits_word .text
diff --git a/crypto/bn/asm/sparc.s b/crypto/bn/asm/sparc.s
new file mode 100644
index 0000000000000000000000000000000000000000..37c5fb194ede23547430afb4c30c4430699b3274
--- /dev/null
+++ b/crypto/bn/asm/sparc.s
@@ -0,0 +1,359 @@
+	.file	"bn_mulw.c"
+gcc2_compiled.:
+.section	".text"
+	.align 4
+	.global bn_mul_add_word
+	.type	 bn_mul_add_word,#function
+	.proc	016
+bn_mul_add_word:
+	!#PROLOGUE# 0
+	save %sp,-112,%sp
+	!#PROLOGUE# 1
+	mov %i0,%o0
+	mov %i1,%o2
+	mov %i2,%g1
+	mov %i3,%o1
+	mov 0,%i4
+	add %o0,12,%g4
+	add %o2,12,%o7
+.LL2:
+	mov %i4,%i3
+	mov 0,%i2
+	ld [%o0],%g2
+	mov %g2,%i1
+	ld [%o2],%g2
+	mov 0,%i0
+	umul %o1,%g2,%g3
+	rd %y,%g2
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %g3,%i3,%g3
+	addx %g2,%i2,%g2
+	st %g3,[%o0]
+	mov %g2,%i5
+	mov 0,%i4
+	addcc %g1,-1,%g1
+	be .LL3
+	mov %i5,%i4
+	mov %i4,%i3
+	mov 0,%i2
+	ld [%g4-8],%g2
+	mov %g2,%i1
+	ld [%o7-8],%g2
+	mov 0,%i0
+	umul %o1,%g2,%g3
+	rd %y,%g2
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %g3,%i3,%g3
+	addx %g2,%i2,%g2
+	st %g3,[%g4-8]
+	mov %g2,%i5
+	mov 0,%i4
+	addcc %g1,-1,%g1
+	be .LL3
+	mov %i5,%i4
+	mov %i4,%i3
+	mov 0,%i2
+	ld [%g4-4],%g2
+	mov %g2,%i1
+	ld [%o7-4],%g2
+	mov 0,%i0
+	umul %o1,%g2,%g3
+	rd %y,%g2
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %g3,%i3,%g3
+	addx %g2,%i2,%g2
+	st %g3,[%g4-4]
+	mov %g2,%i5
+	mov 0,%i4
+	addcc %g1,-1,%g1
+	be .LL3
+	mov %i5,%i4
+	mov %i4,%i3
+	mov 0,%i2
+	ld [%g4],%g2
+	mov %g2,%i1
+	ld [%o7],%g2
+	mov 0,%i0
+	umul %o1,%g2,%g3
+	rd %y,%g2
+	addcc %g3,%i1,%g3
+	addx %g2,%i0,%g2
+	addcc %g3,%i3,%g3
+	addx %g2,%i2,%g2
+	st %g3,[%g4]
+	mov %g2,%i5
+	mov 0,%i4
+	addcc %g1,-1,%g1
+	be .LL3
+	mov %i5,%i4
+	add %o7,16,%o7
+	add %o2,16,%o2
+	add %g4,16,%g4
+	b .LL2
+	add %o0,16,%o0
+.LL3:
+	ret
+	restore %g0,%i4,%o0
+.LLfe1:
+	.size	 bn_mul_add_word,.LLfe1-bn_mul_add_word
+	.align 4
+	.global bn_mul_word
+	.type	 bn_mul_word,#function
+	.proc	016
+bn_mul_word:
+	!#PROLOGUE# 0
+	save %sp,-112,%sp
+	!#PROLOGUE# 1
+	mov %i0,%o7
+	mov %i1,%o0
+	mov %i2,%i4
+	mov %i3,%g4
+	mov 0,%i0
+	add %o7,12,%g1
+	add %o0,12,%i5
+.LL18:
+	mov %i0,%g3
+	mov 0,%g2
+	ld [%o0],%i2
+	umul %g4,%i2,%i3
+	rd %y,%i2
+	addcc %i3,%g3,%i3
+	addx %i2,%g2,%i2
+	st %i3,[%o7]
+	mov %i2,%i1
+	mov 0,%i0
+	addcc %i4,-1,%i4
+	be .LL19
+	mov %i1,%i0
+	mov %i0,%g3
+	mov 0,%g2
+	ld [%i5-8],%i2
+	umul %g4,%i2,%i3
+	rd %y,%i2
+	addcc %i3,%g3,%i3
+	addx %i2,%g2,%i2
+	st %i3,[%g1-8]
+	mov %i2,%i1
+	mov 0,%i0
+	addcc %i4,-1,%i4
+	be .LL19
+	mov %i1,%i0
+	mov %i0,%g3
+	mov 0,%g2
+	ld [%i5-4],%i2
+	umul %g4,%i2,%i3
+	rd %y,%i2
+	addcc %i3,%g3,%i3
+	addx %i2,%g2,%i2
+	st %i3,[%g1-4]
+	mov %i2,%i1
+	mov 0,%i0
+	addcc %i4,-1,%i4
+	be .LL19
+	mov %i1,%i0
+	mov %i0,%g3
+	mov 0,%g2
+	ld [%i5],%i2
+	umul %g4,%i2,%i3
+	rd %y,%i2
+	addcc %i3,%g3,%i3
+	addx %i2,%g2,%i2
+	st %i3,[%g1]
+	mov %i2,%i1
+	mov 0,%i0
+	addcc %i4,-1,%i4
+	be .LL19
+	mov %i1,%i0
+	add %i5,16,%i5
+	add %o0,16,%o0
+	add %g1,16,%g1
+	b .LL18
+	add %o7,16,%o7
+.LL19:
+	ret
+	restore
+.LLfe2:
+	.size	 bn_mul_word,.LLfe2-bn_mul_word
+	.align 4
+	.global bn_sqr_words
+	.type	 bn_sqr_words,#function
+	.proc	020
+bn_sqr_words:
+	!#PROLOGUE# 0
+	!#PROLOGUE# 1
+	mov %o0,%g4
+	add %g4,28,%o3
+	add %o1,12,%g1
+.LL34:
+	ld [%o1],%o0
+	addcc %o2,-1,%o2
+	umul %o0,%o0,%o5
+	rd %y,%o4
+	st %o5,[%g4]
+	mov %o4,%g3
+	mov 0,%g2
+	be .LL35
+	st %g3,[%o3-24]
+	ld [%g1-8],%o0
+	addcc %o2,-1,%o2
+	umul %o0,%o0,%o5
+	rd %y,%o4
+	st %o5,[%o3-20]
+	mov %o4,%g3
+	mov 0,%g2
+	be .LL35
+	st %g3,[%o3-16]
+	ld [%g1-4],%o0
+	addcc %o2,-1,%o2
+	umul %o0,%o0,%o5
+	rd %y,%o4
+	st %o5,[%o3-12]
+	mov %o4,%g3
+	mov 0,%g2
+	be .LL35
+	st %g3,[%o3-8]
+	ld [%g1],%o0
+	addcc %o2,-1,%o2
+	umul %o0,%o0,%o5
+	rd %y,%o4
+	st %o5,[%o3-4]
+	mov %o4,%g3
+	mov 0,%g2
+	be .LL35
+	st %g3,[%o3]
+	add %g1,16,%g1
+	add %o1,16,%o1
+	add %o3,32,%o3
+	b .LL34
+	add %g4,32,%g4
+.LL35:
+	retl
+	nop
+.LLfe3:
+	.size	 bn_sqr_words,.LLfe3-bn_sqr_words
+.section	".rodata"
+	.align 8
+.LLC0:
+	.asciz	"Division would overflow\n"
+.section	".text"
+	.align 4
+	.global bn_div64
+	.type	 bn_div64,#function
+	.proc	016
+bn_div64:
+	!#PROLOGUE# 0
+	save %sp,-112,%sp
+	!#PROLOGUE# 1
+	mov 0,%l1
+	cmp %i2,0
+	bne .LL42
+	mov 2,%l0
+	b .LL59
+	mov -1,%i0
+.LL42:
+	call BN_num_bits_word,0
+	mov %i2,%o0
+	mov %o0,%o2
+	cmp %o2,32
+	be .LL43
+	mov 1,%o0
+	sll %o0,%o2,%o0
+	cmp %i0,%o0
+	bleu .LL60
+	mov 32,%o0
+	sethi %hi(__iob+32),%o0
+	or %o0,%lo(__iob+32),%o0
+	sethi %hi(.LLC0),%o1
+	call fprintf,0
+	or %o1,%lo(.LLC0),%o1
+	call abort,0
+	nop
+.LL43:
+	mov 32,%o0
+.LL60:
+	cmp %i0,%i2
+	blu .LL44
+	sub %o0,%o2,%o2
+	sub %i0,%i2,%i0
+.LL44:
+	cmp %o2,0
+	be .LL45
+	sethi %hi(-65536),%o7
+	sll %i2,%o2,%i2
+	sll %i0,%o2,%o1
+	sub %o0,%o2,%o0
+	srl %i1,%o0,%o0
+	or %o1,%o0,%i0
+	sll %i1,%o2,%i1
+.LL45:
+	srl %i2,16,%g2
+	sethi %hi(65535),%o0
+	or %o0,%lo(65535),%o1
+	and %i2,%o1,%g3
+	mov %o0,%g4
+	mov %o1,%g1
+.LL46:
+	srl %i0,16,%o0
+	cmp %o0,%g2
+	be .LL50
+	or %g4,%lo(65535),%o3
+	wr %g0,%g0,%y
+	nop
+	nop
+	nop
+	udiv %i0,%g2,%o3
+.LL50:
+	and %i1,%o7,%o0
+	srl %o0,16,%o5
+	smul %o3,%g3,%o4
+	smul %o3,%g2,%o2
+.LL51:
+	sub %i0,%o2,%o1
+	andcc %o1,%o7,%g0
+	bne .LL52
+	sll %o1,16,%o0
+	add %o0,%o5,%o0
+	cmp %o4,%o0
+	bleu .LL52
+	sub %o4,%g3,%o4
+	sub %o2,%g2,%o2
+	b .LL51
+	add %o3,-1,%o3
+.LL52:
+	smul %o3,%g2,%o2
+	smul %o3,%g3,%o0
+	srl %o0,16,%o1
+	sll %o0,16,%o0
+	and %o0,%o7,%o0
+	cmp %i1,%o0
+	bgeu .LL56
+	add %o2,%o1,%o2
+	add %o2,1,%o2
+.LL56:
+	cmp %i0,%o2
+	bgeu .LL57
+	sub %i1,%o0,%i1
+	add %i0,%i2,%i0
+	add %o3,-1,%o3
+.LL57:
+	addcc %l0,-1,%l0
+	be .LL47
+	sub %i0,%o2,%i0
+	sll %o3,16,%l1
+	sll %i0,16,%o0
+	srl %i1,16,%o1
+	or %o0,%o1,%i0
+	and %i1,%g1,%o0
+	b .LL46
+	sll %o0,16,%i1
+.LL47:
+	or %l1,%o3,%i0
+.LL59:
+	ret
+	restore
+.LLfe4:
+	.size	 bn_div64,.LLfe4-bn_div64
+	.ident	"GCC: (GNU) 2.7.0"
diff --git a/crypto/bn/asm/x86-bsdi.s b/crypto/bn/asm/x86-bsdi.s
new file mode 100644
index 0000000000000000000000000000000000000000..ca6687648ecadd4b86279703726bc77f26765443
--- /dev/null
+++ b/crypto/bn/asm/x86-bsdi.s
@@ -0,0 +1,272 @@
+	.file	"bn_mulw.c"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align 4
+.globl _bn_mul_add_word
+_bn_mul_add_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	# ax		L(t)
+	# dx		H(t)
+	# bx		a
+	# cx		w
+	# di		r
+	# si		c
+	# bp		num
+	xorl %esi,%esi		# c=0
+	movl 20(%esp),%edi	# r => edi
+	movl 24(%esp),%ebx	# a => exb
+	movl 32(%esp),%ecx	# w => ecx
+	movl 28(%esp),%ebp	# num => ebp
+
+	shrl $2,%ebp		# num/4
+	je .L910
+
+#	.align 4
+.L110:
+	# Round 1
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl (%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+= carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 2
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl 4(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+= carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 3
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl 8(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 4
+	movl %ecx,%eax		# w => eax
+	mull 12(%ebx)		# w * *a 
+	addl 12(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,12(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	addl $16,%ebx		# a+=4 (4 words)
+	addl $16,%edi		# r+=4 (4 words)
+
+	decl %ebp		# --num
+	je .L910
+	jmp .L110
+#	.align 4
+.L910:
+	movl 28(%esp),%ebp	# num => ebp
+	andl $3,%ebp
+	je .L111
+
+	# Round 1
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl (%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L111
+
+	# Round 2
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl 4(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L111
+
+	# Round 3
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl 8(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+#	.align 4
+.L111:
+	movl %esi,%eax		# return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe1:
+	.align 4
+.globl _bn_mul_word
+_bn_mul_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	# ax		L(t)
+	# dx		H(t)
+	# bx		a
+	# cx		w
+	# di		r
+	# num		bp
+	# si		c
+	xorl %esi,%esi		# c=0
+	movl 20(%esp),%edi	# r => edi
+	movl 24(%esp),%ebx	# a => exb
+	movl 28(%esp),%ebp	# num => bp
+	movl 32(%esp),%ecx	# w => ecx
+
+#	.align 4
+.L210:
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 12(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,12(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	addl $16,%ebx		# a+=4 (4 words)
+	addl $16,%edi		# r+=4 (4 words)
+
+	jmp .L210
+#	.align 4
+.L211:
+	movl %esi,%eax		# return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe2:
+	.align 4
+.globl _bn_sqr_words
+_bn_sqr_words:
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+	movl 16(%esp),%esi	# r
+	movl 20(%esp),%edi	# a
+	movl 24(%esp),%ebx	# n
+#	.align 4
+	shrl $2,%ebx
+	jz .L99
+.L28:
+	movl (%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,(%esi)	# put low into return addr
+	movl %edx,4(%esi)	# put high into return addr
+
+	movl 4(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,8(%esi)	# put low into return addr
+	movl %edx,12(%esi)	# put high into return addr
+
+	movl 8(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,16(%esi)	# put low into return addr
+	movl %edx,20(%esi)	# put high into return addr
+
+	movl 12(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,24(%esi)	# put low into return addr
+	movl %edx,28(%esi)	# put high into return addr
+
+	addl $16,%edi
+	addl $32,%esi
+	decl %ebx		# n-=4;
+	jz .L99
+	jmp .L28
+#	.align 4
+.L99:
+	movl 24(%esp),%ebx	# n
+	andl $3,%ebx
+	jz .L29
+	movl (%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,(%esi)	# put low into return addr
+	movl %edx,4(%esi)	# put high into return addr
+	decl %ebx		# n--;
+	jz .L29
+	movl 4(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,8(%esi)	# put low into return addr
+	movl %edx,12(%esi)	# put high into return addr
+	decl %ebx		# n--;
+	jz .L29
+	movl 8(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,16(%esi)	# put low into return addr
+	movl %edx,20(%esi)	# put high into return addr
+
+.L29:
+	popl %ebx
+	popl %esi
+	popl %edi
+	ret
+.Lfe3:
+	.align 4
+.globl _bn_div64
+_bn_div64:
+	movl 4(%esp),%edx	# a
+	movl 8(%esp),%eax	# b
+	divl 12(%esp)		# ab/c
+	ret
+.Lfe4:
+	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86-lnx.s b/crypto/bn/asm/x86-lnx.s
new file mode 100644
index 0000000000000000000000000000000000000000..51238674406276d7ae6b3506efef32a0ff04114f
--- /dev/null
+++ b/crypto/bn/asm/x86-lnx.s
@@ -0,0 +1,282 @@
+	.file	"bn_mulw.c"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align 16
+.globl bn_mul_add_word
+	.type	 bn_mul_add_word,@function
+bn_mul_add_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	# ax		L(t)
+	# dx		H(t)
+	# bx		a
+	# cx		w
+	# di		r
+	# si		c
+	# bp		num
+	xorl %esi,%esi		# c=0
+	movl 20(%esp),%edi	# r => edi
+	movl 24(%esp),%ebx	# a => exb
+	movl 32(%esp),%ecx	# w => ecx
+	movl 28(%esp),%ebp	# num => ebp
+
+	shrl $2,%ebp		# num/4
+	je .L910
+
+	.align 4
+.L110:
+	# Round 1
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl (%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+= carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 2
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl 4(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+= carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 3
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl 8(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 4
+	movl %ecx,%eax		# w => eax
+	mull 12(%ebx)		# w * *a 
+	addl 12(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,12(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	addl $16,%ebx		# a+=4 (4 words)
+	addl $16,%edi		# r+=4 (4 words)
+
+	decl %ebp		# --num
+	je .L910
+	jmp .L110
+	.align 4
+.L910:
+	movl 28(%esp),%ebp	# num => ebp
+	andl $3,%ebp
+	je .L111
+
+	# Round 1
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl (%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L111
+
+	# Round 2
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl 4(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L111
+
+	# Round 3
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl 8(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	.align 4
+.L111:
+	movl %esi,%eax		# return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe1:
+	.size	 bn_mul_add_word,.Lfe1-bn_mul_add_word
+	.align 16
+.globl bn_mul_word
+	.type	 bn_mul_word,@function
+bn_mul_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	# ax		L(t)
+	# dx		H(t)
+	# bx		a
+	# cx		w
+	# di		r
+	# num		bp
+	# si		c
+	xorl %esi,%esi		# c=0
+	movl 20(%esp),%edi	# r => edi
+	movl 24(%esp),%ebx	# a => exb
+	movl 28(%esp),%ebp	# num => bp
+	movl 32(%esp),%ecx	# w => ecx
+
+	.align 4
+.L210:
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 12(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,12(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	addl $16,%ebx		# a+=4 (4 words)
+	addl $16,%edi		# r+=4 (4 words)
+
+	jmp .L210
+	.align 16
+.L211:
+	movl %esi,%eax		# return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe2:
+	.size	 bn_mul_word,.Lfe2-bn_mul_word
+
+	.align 16
+.globl bn_sqr_words
+	.type	 bn_sqr_words,@function
+bn_sqr_words:
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+	movl 16(%esp),%esi	# r
+	movl 20(%esp),%edi	# a
+	movl 24(%esp),%ebx	# n
+	.align 4
+	shrl $2,%ebx
+	jz .L99
+.L28:
+	movl (%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,(%esi)	# put low into return addr
+	movl %edx,4(%esi)	# put high into return addr
+
+	movl 4(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,8(%esi)	# put low into return addr
+	movl %edx,12(%esi)	# put high into return addr
+
+	movl 8(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,16(%esi)	# put low into return addr
+	movl %edx,20(%esi)	# put high into return addr
+
+	movl 12(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,24(%esi)	# put low into return addr
+	movl %edx,28(%esi)	# put high into return addr
+
+	addl $16,%edi
+	addl $32,%esi
+	decl %ebx		# n-=4;
+	jz .L99
+	jmp .L28
+	.align 16
+.L99:
+	movl 24(%esp),%ebx	# n
+	andl $3,%ebx
+	jz .L29
+	movl (%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,(%esi)	# put low into return addr
+	movl %edx,4(%esi)	# put high into return addr
+	decl %ebx		# n--;
+	jz .L29
+	movl 4(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,8(%esi)	# put low into return addr
+	movl %edx,12(%esi)	# put high into return addr
+	decl %ebx		# n--;
+	jz .L29
+	movl 8(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,16(%esi)	# put low into return addr
+	movl %edx,20(%esi)	# put high into return addr
+
+.L29:
+	popl %ebx
+	popl %esi
+	popl %edi
+	ret
+.Lfe3:
+	.size	 bn_sqr_words,.Lfe3-bn_sqr_words
+
+	.align 16
+.globl bn_div64
+	.type	 bn_div64,@function
+bn_div64:
+	movl 4(%esp),%edx	# a
+	movl 8(%esp),%eax	# b
+	divl 12(%esp)		# ab/c
+	ret
+.Lfe4:
+	.size	 bn_div64,.Lfe4-bn_div64
+	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86-lnxa.s b/crypto/bn/asm/x86-lnxa.s
new file mode 100644
index 0000000000000000000000000000000000000000..74855dc74da00ef0cc6e5391857fc44029c5062c
--- /dev/null
+++ b/crypto/bn/asm/x86-lnxa.s
@@ -0,0 +1,282 @@
+	.file	"bn_mulw.c"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align 4
+.globl _bn_mul_add_word
+	.type	 _bn_mul_add_word,@function
+_bn_mul_add_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	# ax		L(t)
+	# dx		H(t)
+	# bx		a
+	# cx		w
+	# di		r
+	# si		c
+	# bp		num
+	xorl %esi,%esi		# c=0
+	movl 20(%esp),%edi	# r => edi
+	movl 24(%esp),%ebx	# a => exb
+	movl 32(%esp),%ecx	# w => ecx
+	movl 28(%esp),%ebp	# num => ebp
+
+	shrl $2,%ebp		# num/4
+	je .L910
+
+#	.align 4
+.L110:
+	# Round 1
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl (%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+= carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 2
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl 4(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+= carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 3
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl 8(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	# Round 4
+	movl %ecx,%eax		# w => eax
+	mull 12(%ebx)		# w * *a 
+	addl 12(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,12(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+	addl $16,%ebx		# a+=4 (4 words)
+	addl $16,%edi		# r+=4 (4 words)
+
+	decl %ebp		# --num
+	je .L910
+	jmp .L110
+#	.align 4
+.L910:
+	movl 28(%esp),%ebp	# num => ebp
+	andl $3,%ebp
+	je .L111
+
+	# Round 1
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl (%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L111
+
+	# Round 2
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl 4(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L111
+
+	# Round 3
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl 8(%edi),%eax	# *r+=L(t)
+	adcl $0,%edx		# H(t)+=carry
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r+=L(t)
+	movl %edx,%esi		# c=H(t)
+
+#	.align 4
+.L111:
+	movl %esi,%eax		# return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe1:
+	.size	 _bn_mul_add_word,.Lfe1-_bn_mul_add_word
+	.align 4
+.globl _bn_mul_word
+	.type	 _bn_mul_word,@function
+_bn_mul_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	# ax		L(t)
+	# dx		H(t)
+	# bx		a
+	# cx		w
+	# di		r
+	# num		bp
+	# si		c
+	xorl %esi,%esi		# c=0
+	movl 20(%esp),%edi	# r => edi
+	movl 24(%esp),%ebx	# a => exb
+	movl 28(%esp),%ebp	# num => bp
+	movl 32(%esp),%ecx	# w => ecx
+
+#	.align 4
+.L210:
+	movl %ecx,%eax		# w => eax
+	mull (%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 4(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,4(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 8(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,8(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	movl %ecx,%eax		# w => eax
+	mull 12(%ebx)		# w * *a 
+	addl %esi,%eax		# L(t)+=c
+	adcl $0,%edx		# H(t)+=carry
+	movl %eax,12(%edi)	# *r=L(t)
+	movl %edx,%esi		# c=H(t)
+	decl %ebp		# --num
+	je .L211
+
+	addl $16,%ebx		# a+=4 (4 words)
+	addl $16,%edi		# r+=4 (4 words)
+
+	jmp .L210
+#	.align 4
+.L211:
+	movl %esi,%eax		# return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe2:
+	.size	 _bn_mul_word,.Lfe2-_bn_mul_word
+
+	.align 4
+.globl _bn_sqr_words
+	.type	 _bn_sqr_words,@function
+_bn_sqr_words:
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+	movl 16(%esp),%esi	# r
+	movl 20(%esp),%edi	# a
+	movl 24(%esp),%ebx	# n
+#	.align 4
+	shrl $2,%ebx
+	jz .L99
+.L28:
+	movl (%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,(%esi)	# put low into return addr
+	movl %edx,4(%esi)	# put high into return addr
+
+	movl 4(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,8(%esi)	# put low into return addr
+	movl %edx,12(%esi)	# put high into return addr
+
+	movl 8(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,16(%esi)	# put low into return addr
+	movl %edx,20(%esi)	# put high into return addr
+
+	movl 12(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,24(%esi)	# put low into return addr
+	movl %edx,28(%esi)	# put high into return addr
+
+	addl $16,%edi
+	addl $32,%esi
+	decl %ebx		# n-=4;
+	jz .L99
+	jmp .L28
+#	.align 4
+.L99:
+	movl 24(%esp),%ebx	# n
+	andl $3,%ebx
+	jz .L29
+	movl (%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,(%esi)	# put low into return addr
+	movl %edx,4(%esi)	# put high into return addr
+	decl %ebx		# n--;
+	jz .L29
+	movl 4(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,8(%esi)	# put low into return addr
+	movl %edx,12(%esi)	# put high into return addr
+	decl %ebx		# n--;
+	jz .L29
+	movl 8(%edi),%eax	# get a
+	mull %eax		# a*a
+	movl %eax,16(%esi)	# put low into return addr
+	movl %edx,20(%esi)	# put high into return addr
+
+.L29:
+	popl %ebx
+	popl %esi
+	popl %edi
+	ret
+.Lfe3:
+	.size	 _bn_sqr_words,.Lfe3-_bn_sqr_words
+
+	.align 4
+.globl _bn_div64
+	.type	 _bn_div64,@function
+_bn_div64:
+	movl 4(%esp),%edx	# a
+	movl 8(%esp),%eax	# b
+	divl 12(%esp)		# ab/c
+	ret
+.Lfe4:
+	.size	 _bn_div64,.Lfe4-_bn_div64
+	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86-sol.s b/crypto/bn/asm/x86-sol.s
new file mode 100644
index 0000000000000000000000000000000000000000..c961e64fa04bbfe6987508d21ec5eaab4a679605
--- /dev/null
+++ b/crypto/bn/asm/x86-sol.s
@@ -0,0 +1,224 @@
+	.file	"bn_mulw.c"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align 16
+.globl bn_mul_add_word
+	.type	 bn_mul_add_word,@function
+bn_mul_add_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	/ ax		L(t)
+	/ dx		H(t)
+	/ bx		a
+	/ cx		w
+	/ di		r
+	/ si		c
+	/ bp		num
+	xorl %esi,%esi		/ c=0
+	movl 20(%esp),%edi	/ r => edi
+	movl 24(%esp),%ebx	/ a => exb
+	movl 28(%esp),%ebp	/ num => ebp
+	movl 32(%esp),%ecx	/ w => ecx
+
+	.align 4
+.L110:
+	movl %ecx,%eax		/ w => eax
+	mull (%ebx)		/ w * *a 
+	addl (%edi),%eax	/ L(t)+= *r
+	adcl $0,%edx		/ H(t)+= carry
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L111
+
+	movl %ecx,%eax		/ w => eax
+	mull 4(%ebx)		/ w * *a 
+	addl 4(%edi),%eax	/ L(t)+= *r
+	adcl $0,%edx		/ H(t)+= carry
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,4(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L111
+
+	movl %ecx,%eax		/ w => eax
+	mull 8(%ebx)		/ w * *a 
+	addl 8(%edi),%eax	/ L(t)+= *r
+	adcl $0,%edx		/ H(t)+= carry
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,8(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L111
+
+	movl %ecx,%eax		/ w => eax
+	mull 12(%ebx)		/ w * *a 
+	addl 12(%edi),%eax	/ L(t)+= *r
+	adcl $0,%edx		/ H(t)+= carry
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,12(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L111
+
+	addl $16,%ebx		/ a+=4 (4 words)
+	addl $16,%edi		/ r+=4 (4 words)
+
+	jmp .L110
+	.align 16
+.L111:
+	movl %esi,%eax		/ return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe1:
+	.size	 bn_mul_add_word,.Lfe1-bn_mul_add_word
+	.align 16
+.globl bn_mul_word
+	.type	 bn_mul_word,@function
+bn_mul_word:
+	pushl %ebp
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+
+	/ ax		L(t)
+	/ dx		H(t)
+	/ bx		a
+	/ cx		w
+	/ di		r
+	/ num		bp
+	/ si		c
+	xorl %esi,%esi		/ c=0
+	movl 20(%esp),%edi	/ r => edi
+	movl 24(%esp),%ebx	/ a => exb
+	movl 28(%esp),%ebp	/ num => ebp
+	movl 32(%esp),%ecx	/ w => ecx
+
+	.align 4
+.L210:
+	movl %ecx,%eax		/ w => eax
+	mull (%ebx)		/ w * *a 
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L211
+
+	movl %ecx,%eax		/ w => eax
+	mull 4(%ebx)		/ w * *a 
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,4(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L211
+
+	movl %ecx,%eax		/ w => eax
+	mull 8(%ebx)		/ w * *a 
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,8(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L211
+
+	movl %ecx,%eax		/ w => eax
+	mull 12(%ebx)		/ w * *a 
+	addl %esi,%eax		/ L(t)+=c
+	adcl $0,%edx		/ H(t)+=carry
+	movl %eax,12(%edi)	/ *r=L(t)
+	movl %edx,%esi		/ c=H(t)
+	decl %ebp		/ --num
+	je .L211
+
+	addl $16,%ebx		/ a+=4 (4 words)
+	addl $16,%edi		/ r+=4 (4 words)
+
+	jmp .L210
+	.align 16
+.L211:
+	movl %esi,%eax		/ return(c)
+	popl %ebx
+	popl %esi
+	popl %edi
+	popl %ebp
+	ret
+.Lfe2:
+	.size	 bn_mul_word,.Lfe2-bn_mul_word
+
+	.align 16
+.globl bn_sqr_words
+	.type	 bn_sqr_words,@function
+bn_sqr_words:
+	pushl %edi
+	pushl %esi
+	pushl %ebx
+	movl 16(%esp),%esi	/ r
+	movl 20(%esp),%edi	/ a
+	movl 24(%esp),%ebx	/ n
+	.align 4
+.L28:
+	movl (%edi),%eax	/ get a
+	mull %eax		/ a*a
+	movl %eax,(%esi)	/ put low into return addr
+	movl %edx,4(%esi)	/ put high into return addr
+	decl %ebx		/ n--;
+	je .L29
+
+	movl 4(%edi),%eax	/ get a
+	mull %eax		/ a*a
+	movl %eax,8(%esi)	/ put low into return addr
+	movl %edx,12(%esi)	/ put high into return addr
+	decl %ebx		/ n--;
+	je .L29
+
+	movl 8(%edi),%eax	/ get a
+	mull %eax		/ a*a
+	movl %eax,16(%esi)	/ put low into return addr
+	movl %edx,20(%esi)	/ put high into return addr
+	decl %ebx		/ n--;
+	je .L29
+
+	movl 12(%edi),%eax	/ get a
+	mull %eax		/ a*a
+	movl %eax,24(%esi)	/ put low into return addr
+	movl %edx,28(%esi)	/ put high into return addr
+	decl %ebx		/ n--;
+	je .L29
+
+	addl $16,%edi
+	addl $32,%esi
+	jmp .L28
+	.align 16
+.L29:
+	popl %ebx
+	popl %esi
+	popl %edi
+	ret
+.Lfe3:
+	.size	 bn_sqr_words,.Lfe3-bn_sqr_words
+
+	.align 16
+.globl bn_div64
+	.type	 bn_div64,@function
+bn_div64:
+	movl 4(%esp),%edx	/ a
+	movl 8(%esp),%eax	/ b
+	divl 12(%esp)		/ ab/c
+	ret
+.Lfe4:
+	.size	 bn_div64,.Lfe4-bn_div64
+	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86nt32.asm b/crypto/bn/asm/x86nt32.asm
new file mode 100644
index 0000000000000000000000000000000000000000..0198c2c583e8b5a20aefd5b8e2ac177315d80106
--- /dev/null
+++ b/crypto/bn/asm/x86nt32.asm
@@ -0,0 +1,288 @@
+	TITLE	bn_mulw.c
+	.386P
+.model FLAT
+PUBLIC	_bn_mul_add_word
+_TEXT	SEGMENT
+; File bn_mulw.c
+_bn_mul_add_word PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	edi,DWORD PTR 20[esp]   ; r
+	mov	ebx,DWORD PTR 24[esp]	; a
+	mov	ecx,DWORD PTR 32[esp]	; w
+	xor	esi,esi			; c=0
+
+	mov	ebp,DWORD PTR 28[esp]	; num
+	shr	ebp,2			; num/4
+	jz	$L666
+
+$L546:
+	; Round one
+	mov	eax,DWORD PTR [ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR [edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR [edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+
+	; Round two
+	mov	eax,DWORD PTR 4[ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR 4[edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR 4[edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+
+	; Round three
+	mov	eax,DWORD PTR 8[ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR 8[edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR 8[edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+
+	; Round four
+	mov	eax,DWORD PTR 12[ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR 12[edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR 12[edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+
+	add	ebx,16
+	add	edi,16
+
+	dec	ebp
+	jz	$L666
+	jmp	$L546
+$L666:
+	mov	ebp,DWORD PTR 28[esp]	; num
+	and	ebp,3			; num%4
+	jz	$L547
+
+	; Round one
+	mov	eax,DWORD PTR [ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR [edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR [edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+	dec	ebp
+	jz	$L547
+	; Round two
+	mov	eax,DWORD PTR 4[ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR 4[edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR 4[edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+	dec	ebp
+	jz	$L547
+	; Round three
+	mov	eax,DWORD PTR 8[ebx]	; edx:eax = *a * w
+	mul	ecx
+	add	eax,DWORD PTR 8[edi]	; *r+=ax
+	adc	edx,0
+	add	eax,esi			; edx:eax += c
+	adc	edx,0
+	mov	DWORD PTR 8[edi],eax	; *r+=ax
+	mov	esi,edx			; c = overflow
+
+$L547:
+	mov	eax,esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_bn_mul_add_word ENDP
+_TEXT	ENDS
+PUBLIC	_bn_mul_word
+_TEXT	SEGMENT
+_bn_mul_word PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+
+	mov	edi,DWORD PTR 20[esp]	; r
+	mov	ebx,DWORD PTR 24[esp]	; a
+	mov	ebp,DWORD PTR 28[esp]	; num
+	mov	ecx,DWORD PTR 32[esp]	; w
+	xor	esi,esi			; c=0
+
+	shr	ebp,2			; num/4
+	jz	$L266
+
+$L593:
+	; Round one
+	mov	eax,DWORD PTR [ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR [edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+	; Round two
+	mov	eax,DWORD PTR 4[ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR 4[edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+	; Round three
+	mov	eax,DWORD PTR 8[ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR 8[edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+	; Round four
+	mov	eax,DWORD PTR 12[ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR 12[edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+
+	add	ebx,16
+	add	edi,16
+
+	dec	ebp
+	jz	$L266
+	jmp	$L593
+$L266:
+	mov	ebp,DWORD PTR 28[esp]	; num
+	and	ebp,3	
+	jz	$L601
+
+	; Round one
+	mov	eax,DWORD PTR [ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR [edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+	dec	ebp
+	jz	$L601
+	; Round two
+	mov	eax,DWORD PTR 4[ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR 4[edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+	dec	ebp
+	jz	$L601
+	; Round three
+	mov	eax,DWORD PTR 8[ebx]	; edx:eax= w * *a 
+	mul	ecx
+	add	eax,esi			; edx:eax+=c
+	adc	edx,0
+	mov	DWORD PTR 8[edi],eax	; *r=eax
+	mov	esi,edx			; c=edx
+
+$L601:
+	mov	eax,esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_bn_mul_word ENDP
+_TEXT	ENDS
+PUBLIC	_bn_sqr_words
+_TEXT	SEGMENT
+_bn_sqr_words PROC NEAR
+	push	ebx
+	push	esi
+	push	edi
+	mov	esi,DWORD PTR 16[esp]	; r
+	mov	edi,DWORD PTR 20[esp]	; a
+	mov	ebx,DWORD PTR 24[esp]	; num
+	
+	shr	ebx,2			; num/4
+	jz	$L111
+$L640:
+	; Round 1
+	mov	eax, DWORD PTR [edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR [esi],eax
+	mov	DWORD PTR 4[esi],edx
+	; Round 2
+	mov	eax, DWORD PTR 4[edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR 8[esi],eax
+	mov	DWORD PTR 12[esi],edx
+	; Round 3
+	mov	eax, DWORD PTR 8[edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR 16[esi],eax
+	mov	DWORD PTR 20[esi],edx
+	; Round 4
+	mov	eax, DWORD PTR 12[edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR 24[esi],eax
+	mov	DWORD PTR 28[esi],edx
+
+	add	edi,16
+	add	esi,32
+
+	dec	ebx
+	jz	$L111
+	jmp	$L640
+$L111:
+	mov	ebx,DWORD PTR 24[esp]	; num
+	and	ebx,3			; num%3
+	jz	$L645
+
+	; Round 1
+	mov	eax, DWORD PTR [edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR [esi],eax
+	mov	DWORD PTR 4[esi],edx
+	dec	ebx
+	jz	$L645
+	; Round 2
+	mov	eax, DWORD PTR 4[edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR 8[esi],eax
+	mov	DWORD PTR 12[esi],edx
+	dec	ebx
+	jz	$L645
+	; Round 3
+	mov	eax, DWORD PTR 8[edi]
+	mul	eax			; *a * *a
+	mov	DWORD PTR 16[esi],eax
+	mov	DWORD PTR 20[esi],edx
+
+$L645:
+	pop	edi
+	pop	esi
+	pop	ebx
+	ret
+_bn_sqr_words ENDP
+_TEXT	ENDS
+PUBLIC	_bn_div64
+_TEXT	SEGMENT
+_bn_div64 PROC NEAR
+	mov	edx, DWORD PTR 4[esp]
+	mov	eax, DWORD PTR 8[esp]
+	div	DWORD PTR 12[esp]
+	ret
+_bn_div64 ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/bn/asm/x86nt32.uu b/crypto/bn/asm/x86nt32.uu
new file mode 100644
index 0000000000000000000000000000000000000000..99207987c1b4b7eb22c4dcfc610979019af1b042
--- /dev/null
+++ b/crypto/bn/asm/x86nt32.uu
@@ -0,0 +1,22 @@
+begin 640 x86nt32.obj
+M3`$"`/H&DC-6`@``"P`````````N=&5X=```````````````\@$``&0`````
+M```````````````@`#!@+F1A=&$```#R`0````````````!6`@``````````
+M````````0``PP%535E>+?"04BUPD&(M,)"`S]HML)!S![0)T7(L#]^$#!X/2
+M``/&@](`B0>+\HM#!/?A`T<$@](``\:#T@")1P2+\HM#"/?A`T<(@](``\:#
+MT@")1PB+\HM##/?A`T<,@](``\:#T@")1PR+\H/#$(/'$$UT`NNDBVPD'(/E
+M`W1"BP/WX0,'@](``\:#T@")!XOR370MBT,$]^$#1P2#T@`#QH/2`(E'!(OR
+M3705BT,(]^$#1PB#T@`#QH/2`(E'"(ORB\9?7EM=PU535E>+?"04BUPD&(ML
+M)!R+3"0@,_;![0)T18L#]^$#QH/2`(D'B_*+0P3WX0/&@](`B4<$B_*+0PCW
+MX0/&@](`B4<(B_*+0PSWX0/&@](`B4<,B_*#PQ"#QQ!-=`+KNXML)!R#Y0-T
+M,8L#]^$#QH/2`(D'B_)-="&+0P3WX0/&@](`B4<$B_)-=`^+0PCWX0/&@](`
+MB4<(B_*+QE]>6UW#4U97BW0D$(M\)!2+7"08P>L"=#6+!_?@B0:)5@2+1P3W
+MX(E&"(E6#(M'"/?@B480B584BT<,]^")1AB)5AR#QQ"#QB!+=`+KRXM<)!B#
+MXP-T)8L']^")!HE6!$MT&8M'!/?@B48(B58,2W0+BT<(]^")1A")5A1?7EO#
+MBU0D!(M$)`CW="0,PRYF:6QE`````````/[_``!G`BY<8W)Y<'1O7&)N7&%S
+M;5QX.#9N=#,R+F%S;0```````````"YT97AT``````````$````#`?(!````
+M`````````````````"YD871A``````````(````#`0``````````````````
+M```````````$``````````$`(``"```````5````R0````$`(``"```````B
+M````:@$```$`(``"```````P````Y0$```$`(``"`#H```!?8FY?;75L7V%D
+L9%]W;W)D`%]B;E]M=6Q?=V]R9`!?8FY?!HOL,_:+?A".7A*+7A2.1A:+3AJ+;AC1[='M=&"+P2;W)P,%@](`$\:#
+MT@")!8ORB\$F]V<"`T4"@](`$\:#T@")10*+\HO!)O=G!`-%!(/2`!/&@](`
+MB44$B_*+P2;W9P8#10:#T@`3QH/2`(E%!HOR@\,(@\<(370"ZZ"+[(MN&(/E
+M`TUX18O!)O"^+P2;W9P(#10*#T@`3QH/2`(E%
+M`HOR37@6B\$F]V<$`T4$@](`$\:#T@")102+\HO&!Q]?7EM=RY!54U97'@8S
+M]HOLBWX0CEX2BUX4CD86BTX:BVX8B\$F]R<#QH/2`(D%B_)-=$*+P2;W9P(#
+MQH/2`(E%`HOR370OB\$F]V<$`\:#T@")102+\DUT'(O!)O=G!@/&@](`B44&
+MB_)-=`F#PPB#QPCKKI"+Q@MT.2:+!??@B02)5`(FBT4"]^")1`2)5`8FBT4$]^")1`B)5`HF
+MBT4&]^")1`R)5`Z#QPB#QA!+=`+KQX/E`TUX*":+!??@B02)5`)->!LFBT4"
+M]^")1`2)5`9->`PFBT4$]^")1`B)5`H''U]>6UW+58OLBU8&BT8(]W8*7%(M>%HY&&&:+3AR+;AK1[='M#X2``&:+P68F]R=F
+M`P5F@](`9A/&9H/2`&:)!6:+\F:+P68F]V<$9@-%!&:#T@!F$\9F@](`9HE%
+M!&:+\F:+P68F]V<(9@-%"&:#T@!F$\9F@](`9HE%"&:+\F:+P68F]V<,9@-%
+M#&:#T@!F$\9F@](`9HE%#&:+\H/#$(/'$$UT`NN`B^R+;AJ#Y0-->%UFB\%F
+M)O#]FB\%F)O=G!&8#101F@](`9A/&
+M9H/2`&:)101FB_)->!YFB\%F)O=G"&8#10AF@](`9A/&9H/2`&:)10AFB_)F
+MB\9FB]9FP>H0!Q]?9EY;7!F8S]HOLBWX2CEX4BUX6CD889HM.
+M'(MN&F:+P68F]R=F`\9F@](`9HD%9HOR37149HO!9B;W9P1F`\9F@](`9HE%
+M!&:+\DUT.V:+P68F]V<(9@/&9H/2`&:)10AFB_)-=")FB\%F)O=G#&8#QF:#
+MT@!FB44,9HOR370)@\,0@\<0ZY:09HO&9HO69L'J$`6UW+D%535E<>
+M!HOLBW80CEX2BWX4CD86BUX8B^O1Z]'K=$EF)HL%9O?@9HD$9HE4!&8FBT4$
+M9O?@9HE$"&:)5`QF)HM%"&;WX&:)1!!FB5049B:+10QF]^!FB4089HE4'(/'
+M$(/&($MT`NNW@^4#37@T9B:+!6;WX&:)!&:)5`1->"-F)HM%!&;WX&:)1`AF
+MB50,37@09B:+10AF]^!FB4009HE4%`H07RR,(mont),ctx)
+
+#define BN_prime_checks		(5)
+
+#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
+#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
+#define BN_is_zero(a)	(((a)->top <= 1) && ((a)->d[0] == (BN_ULONG)0))
+#define BN_is_one(a)	(BN_is_word((a),1))
+#define BN_is_odd(a)	((a)->d[0] & 1)
+#define BN_one(a)	(BN_set_word((a),1))
+#define BN_zero(a)	(BN_set_word((a),0))
+
+#define bn_fix_top(a) \
+	{ \
+	BN_ULONG *fix_top_l; \
+	for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(fix_top_l--)) break; \
+	}
+
+#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b)))
+
+
+#ifndef NOPROTO
+BIGNUM *BN_value_one(void);
+char *	BN_options(void);
+BN_CTX *BN_CTX_new(void);
+void	BN_CTX_free(BN_CTX *c);
+int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_num_bits(BIGNUM *a);
+int	BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void	BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2bin(BIGNUM *a, unsigned char *to);
+int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+void	bn_qsub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+void	bn_qadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+int	BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
+BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
+BN_ULONG BN_div_word(BIGNUM *a, unsigned long w);
+int	BN_add_word(BIGNUM *a, unsigned long w);
+int	BN_set_word(BIGNUM *a, unsigned long w);
+unsigned long BN_get_word(BIGNUM *a);
+int	BN_cmp(BIGNUM *a, BIGNUM *b);
+void	BN_free(BIGNUM *a);
+int	BN_is_bit_set(BIGNUM *a, int n);
+int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BIGNUM *m,BN_CTX *ctx);
+int	BN_mask_bits(BIGNUM *a,int n);
+int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
+	BIGNUM *i, int nb, BN_CTX *ctx);
+int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, BIGNUM *m,
+	BN_CTX *ctx);
+#ifndef WIN16
+int	BN_print_fp(FILE *fp, BIGNUM *a);
+#endif
+#ifdef HEADER_BIO_H
+int	BN_print(BIO *fp, BIGNUM *a);
+#else
+int	BN_print(char *fp, BIGNUM *a);
+#endif
+int	BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, BIGNUM *a);
+void	BN_clear(BIGNUM *a);
+BIGNUM *bn_expand2(BIGNUM *b, int bits);
+BIGNUM *BN_dup(BIGNUM *a);
+int	BN_ucmp(BIGNUM *a, BIGNUM *b);
+int	BN_set_bit(BIGNUM *a, int n);
+int	BN_clear_bit(BIGNUM *a, int n);
+char *	BN_bn2ascii(BIGNUM *a);
+int 	BN_ascii2bn(BIGNUM **a,char *str);
+int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
+BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
+		BIGNUM *rem,void (*callback)(int,int));
+int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
+		BN_CTX *ctx);
+void	ERR_load_BN_strings(void );
+
+BN_ULONG bn_mul_add_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+BN_ULONG bn_div64(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void );
+int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
+	BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
+
+#else
+
+BIGNUM *BN_value_one();
+char *	BN_options();
+BN_CTX *BN_CTX_new();
+void	BN_CTX_free();
+int     BN_rand();
+int	BN_num_bits();
+int	BN_num_bits_word();
+BIGNUM *BN_new();
+void	BN_clear_free();
+BIGNUM *BN_copy();
+BIGNUM *BN_bin2bn();
+int	BN_bn2bin();
+int	BN_sub();
+void	bn_qsub();
+void	bn_qadd();
+int	BN_add();
+int	BN_mod();
+int	BN_div();
+int	BN_mul();
+int	BN_sqr();
+BN_ULONG BN_mod_word();
+BN_ULONG BN_div_word();
+int	BN_add_word();
+int	BN_set_word();
+unsigned long BN_get_word();
+int	BN_cmp();
+void	BN_free();
+int	BN_is_bit_set();
+int	BN_lshift();
+int	BN_lshift1();
+int	BN_mod_exp();
+int	BN_mod_exp_mont();
+int	BN_mod_exp_recp();
+int	BN_mod_exp_simple();
+int	BN_mask_bits();
+int	BN_mod_mul_reciprocal();
+int	BN_mod_mul();
+#ifndef WIN16
+int	BN_print_fp();
+#endif
+int	BN_print();
+int	BN_reciprocal();
+int	BN_rshift();
+int	BN_rshift1();
+void	BN_clear();
+BIGNUM *bn_expand2();
+BIGNUM *BN_dup();
+int	BN_ucmp();
+int	BN_set_bit();
+int	BN_clear_bit();
+char *	BN_bn2ascii();
+int 	BN_ascii2bn();
+int	BN_gcd();
+BIGNUM *BN_mod_inverse();
+BIGNUM *BN_generate_prime();
+int	BN_is_prime();
+void	ERR_load_BN_strings();
+
+BN_ULONG bn_mul_add_word();
+BN_ULONG bn_mul_word();
+void     bn_sqr_words();
+BN_ULONG bn_div64();
+
+int BN_mod_mul_montgomery();
+int BN_from_montgomery();
+BN_MONT_CTX *BN_MONT_CTX_new();
+void BN_MONT_CTX_free();
+int BN_MONT_CTX_set();
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+#define BN_F_BN_BL_CTX_INIT				 100
+#define BN_F_BN_BL_CTX_NEW				 101
+#define BN_F_BN_BN2ASCII				 102
+#define BN_F_BN_CTX_NEW					 103
+#define BN_F_BN_DIV					 104
+#define BN_F_BN_EXPAND2					 105
+#define BN_F_BN_MOD_EXP_MONT				 106
+#define BN_F_BN_MOD_INVERSE				 107
+#define BN_F_BN_MOD_MUL_RECIPROCAL			 108
+#define BN_F_BN_NEW					 109
+#define BN_F_BN_RAND					 110
+
+/* Reason codes. */
+#define BN_R_BAD_RECIPROCAL				 100
+#define BN_R_CALLED_WITH_EVEN_MODULUS			 101
+#define BN_R_DIV_BY_ZERO				 102
+#define BN_R_NO_INVERSE					 103
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/bn/bn.org b/crypto/bn/bn.org
new file mode 100644
index 0000000000000000000000000000000000000000..9326f4df50538fc313b4c636ff93c209c638ac49
--- /dev/null
+++ b/crypto/bn/bn.org
@@ -0,0 +1,433 @@
+/* crypto/bn/bn.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
+ *
+ * Always modify bn.org since bn.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+#ifndef HEADER_BN_H
+#define HEADER_BN_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#undef BN_LLONG
+
+#ifdef WIN32
+#define BN_LLONG /* This comment stops Configure mutilating things */
+#endif
+
+#define RECP_MUL_MOD
+#define MONT_MUL_MOD
+
+/* This next option uses the C libraries (2 word)/(1 word) function.
+ * If it is not defined, I use my C version (which is slower).
+ * The reason for this flag is that when the particular C compiler
+ * library routine is used, and the library is linked with a different
+ * compiler, the library is missing.  This mostly happens when the
+ * library is built with gcc and then linked using nornal cc.  This would
+ * be a common occurance because gcc normally produces code that is
+ * 2 times faster than system compilers for the big number stuff.
+ * For machines with only one compiler (or shared libraries), this should
+ * be on.  Again this in only really a problem on machines
+ * using "long long's", are 32bit, and are not using my assember code. */
+#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
+#define BN_DIV2W
+#endif
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+
+/* assuming long is 64bit - this is the DEC Alpha
+ * unsigned long long is only 64 bits :-(, don't define
+ * BN_LLONG for the DEC Alpha */
+#ifdef SIXTY_FOUR_BIT_LONG
+#define BN_ULLONG	unsigned long long
+#define BN_ULONG	unsigned long
+#define BN_LONG		long
+#define BN_BITS		128
+#define BN_BYTES	8
+#define BN_BITS2	64
+#define BN_BITS4	32
+#define BN_MASK2	(0xffffffffffffffffL)
+#define BN_MASK2l	(0xffffffffL)
+#define BN_MASK2h	(0xffffffff00000000L)
+#define BN_MASK2h1	(0xffffffff80000000L)
+#define BN_TBIT		(0x8000000000000000L)
+#endif
+
+#ifdef SIXTY_FOUR_BIT
+#undef BN_LLONG
+/* #define BN_ULLONG	unsigned long long */
+#define BN_ULONG	unsigned long long
+#define BN_LONG		long long
+#define BN_BITS		128
+#define BN_BYTES	8
+#define BN_BITS2	64
+#define BN_BITS4	32
+#define BN_MASK2	(0xffffffffffffffffLL)
+#define BN_MASK2l	(0xffffffffL)
+#define BN_MASK2h	(0xffffffff00000000LL)
+#define BN_MASK2h1	(0xffffffff80000000LL)
+#define BN_TBIT		(0x8000000000000000LL)
+#endif
+
+#ifdef THIRTY_TWO_BIT
+#ifdef WIN32
+#define BN_ULLONG	unsigned _int64
+#else
+#define BN_ULLONG	unsigned long long
+#endif
+#define BN_ULONG	unsigned long
+#define BN_LONG		long
+#define BN_BITS		64
+#define BN_BYTES	4
+#define BN_BITS2	32
+#define BN_BITS4	16
+#define BN_MASK2	(0xffffffffL)
+#define BN_MASK2l	(0xffff)
+#define BN_MASK2h1	(0xffff8000L)
+#define BN_MASK2h	(0xffff0000L)
+#define BN_TBIT		(0x80000000L)
+#endif
+
+#ifdef SIXTEEN_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG	unsigned long
+#define BN_ULONG	unsigned short
+#define BN_LONG		short
+#define BN_BITS		32
+#define BN_BYTES	2
+#define BN_BITS2	16
+#define BN_BITS4	8
+#define BN_MASK2	(0xffff)
+#define BN_MASK2l	(0xff)
+#define BN_MASK2h1	(0xff80)
+#define BN_MASK2h	(0xff00)
+#define BN_TBIT		(0x8000)
+#endif
+
+#ifdef EIGHT_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG	unsigned short
+#define BN_ULONG	unsigned char
+#define BN_LONG		char
+#define BN_BITS		16
+#define BN_BYTES	1
+#define BN_BITS2	8
+#define BN_BITS4	4
+#define BN_MASK2	(0xff)
+#define BN_MASK2l	(0xf)
+#define BN_MASK2h1	(0xf8)
+#define BN_MASK2h	(0xf0)
+#define BN_TBIT		(0x80)
+#endif
+
+#define BN_DEFAULT_BITS	1280
+
+#ifdef BIGNUM
+#undef BIGNUM
+#endif
+
+typedef struct bignum_st
+	{
+	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
+	int top;	/* Index of last used d +1. */
+	/* The next are internal book keeping for bn_expand. */
+	int max;	/* Size of the d array. */
+	int neg;	/* one if the number is negative */
+	} BIGNUM;
+
+/* Used for temp variables */
+#define BN_CTX_NUM	12
+typedef struct bignum_ctx
+	{
+	int tos;
+	BIGNUM *bn[BN_CTX_NUM+1];
+	} BN_CTX;
+
+/* Used for montgomery multiplication */
+typedef struct bn_mont_ctx_st
+        {
+        int ri;         /* number of bits in R */
+        BIGNUM *RR;     /* used to convert to montgomery form */
+        BIGNUM *N;      /* The modulus */
+        BIGNUM *Ni;     /* The inverse of N */
+	BN_ULONG n0;	/* word form of inverse, normally only one of
+			 * Ni or n0 is defined */
+        } BN_MONT_CTX;
+
+#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
+	r,a,(mont)->RR,(mont),ctx)
+
+#define BN_prime_checks		(5)
+
+#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
+#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
+#define BN_is_zero(a)	(((a)->top <= 1) && ((a)->d[0] == (BN_ULONG)0))
+#define BN_is_one(a)	(BN_is_word((a),1))
+#define BN_is_odd(a)	((a)->d[0] & 1)
+#define BN_one(a)	(BN_set_word((a),1))
+#define BN_zero(a)	(BN_set_word((a),0))
+
+#define bn_fix_top(a) \
+	{ \
+	BN_ULONG *fix_top_l; \
+	for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(fix_top_l--)) break; \
+	}
+
+#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b)))
+
+
+#ifndef NOPROTO
+BIGNUM *BN_value_one(void);
+char *	BN_options(void);
+BN_CTX *BN_CTX_new(void);
+void	BN_CTX_free(BN_CTX *c);
+int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_num_bits(BIGNUM *a);
+int	BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void	BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2bin(BIGNUM *a, unsigned char *to);
+int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+void	bn_qsub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+void	bn_qadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+int	BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
+BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
+BN_ULONG BN_div_word(BIGNUM *a, unsigned long w);
+int	BN_add_word(BIGNUM *a, unsigned long w);
+int	BN_set_word(BIGNUM *a, unsigned long w);
+unsigned long BN_get_word(BIGNUM *a);
+int	BN_cmp(BIGNUM *a, BIGNUM *b);
+void	BN_free(BIGNUM *a);
+int	BN_is_bit_set(BIGNUM *a, int n);
+int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BIGNUM *m,BN_CTX *ctx);
+int	BN_mask_bits(BIGNUM *a,int n);
+int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
+	BIGNUM *i, int nb, BN_CTX *ctx);
+int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, BIGNUM *m,
+	BN_CTX *ctx);
+#ifndef WIN16
+int	BN_print_fp(FILE *fp, BIGNUM *a);
+#endif
+#ifdef HEADER_BIO_H
+int	BN_print(BIO *fp, BIGNUM *a);
+#else
+int	BN_print(char *fp, BIGNUM *a);
+#endif
+int	BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, BIGNUM *a);
+void	BN_clear(BIGNUM *a);
+BIGNUM *bn_expand2(BIGNUM *b, int bits);
+BIGNUM *BN_dup(BIGNUM *a);
+int	BN_ucmp(BIGNUM *a, BIGNUM *b);
+int	BN_set_bit(BIGNUM *a, int n);
+int	BN_clear_bit(BIGNUM *a, int n);
+char *	BN_bn2ascii(BIGNUM *a);
+int 	BN_ascii2bn(BIGNUM **a,char *str);
+int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
+BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
+		BIGNUM *rem,void (*callback)(int,int));
+int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
+		BN_CTX *ctx);
+void	ERR_load_BN_strings(void );
+
+BN_ULONG bn_mul_add_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_word(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+BN_ULONG bn_div64(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void );
+int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
+	BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
+
+#else
+
+BIGNUM *BN_value_one();
+char *	BN_options();
+BN_CTX *BN_CTX_new();
+void	BN_CTX_free();
+int     BN_rand();
+int	BN_num_bits();
+int	BN_num_bits_word();
+BIGNUM *BN_new();
+void	BN_clear_free();
+BIGNUM *BN_copy();
+BIGNUM *BN_bin2bn();
+int	BN_bn2bin();
+int	BN_sub();
+void	bn_qsub();
+void	bn_qadd();
+int	BN_add();
+int	BN_mod();
+int	BN_div();
+int	BN_mul();
+int	BN_sqr();
+BN_ULONG BN_mod_word();
+BN_ULONG BN_div_word();
+int	BN_add_word();
+int	BN_set_word();
+unsigned long BN_get_word();
+int	BN_cmp();
+void	BN_free();
+int	BN_is_bit_set();
+int	BN_lshift();
+int	BN_lshift1();
+int	BN_mod_exp();
+int	BN_mod_exp_mont();
+int	BN_mod_exp_recp();
+int	BN_mod_exp_simple();
+int	BN_mask_bits();
+int	BN_mod_mul_reciprocal();
+int	BN_mod_mul();
+#ifndef WIN16
+int	BN_print_fp();
+#endif
+int	BN_print();
+int	BN_reciprocal();
+int	BN_rshift();
+int	BN_rshift1();
+void	BN_clear();
+BIGNUM *bn_expand2();
+BIGNUM *BN_dup();
+int	BN_ucmp();
+int	BN_set_bit();
+int	BN_clear_bit();
+char *	BN_bn2ascii();
+int 	BN_ascii2bn();
+int	BN_gcd();
+BIGNUM *BN_mod_inverse();
+BIGNUM *BN_generate_prime();
+int	BN_is_prime();
+void	ERR_load_BN_strings();
+
+BN_ULONG bn_mul_add_word();
+BN_ULONG bn_mul_word();
+void     bn_sqr_words();
+BN_ULONG bn_div64();
+
+int BN_mod_mul_montgomery();
+int BN_from_montgomery();
+BN_MONT_CTX *BN_MONT_CTX_new();
+void BN_MONT_CTX_free();
+int BN_MONT_CTX_set();
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+#define BN_F_BN_BL_CTX_INIT				 100
+#define BN_F_BN_BL_CTX_NEW				 101
+#define BN_F_BN_BN2ASCII				 102
+#define BN_F_BN_CTX_NEW					 103
+#define BN_F_BN_DIV					 104
+#define BN_F_BN_EXPAND2					 105
+#define BN_F_BN_MOD_EXP_MONT				 106
+#define BN_F_BN_MOD_INVERSE				 107
+#define BN_F_BN_MOD_MUL_RECIPROCAL			 108
+#define BN_F_BN_NEW					 109
+#define BN_F_BN_RAND					 110
+
+/* Reason codes. */
+#define BN_R_BAD_RECIPROCAL				 100
+#define BN_R_CALLED_WITH_EVEN_MODULUS			 101
+#define BN_R_DIV_BY_ZERO				 102
+#define BN_R_NO_INVERSE					 103
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
new file mode 100644
index 0000000000000000000000000000000000000000..ecdb7453b5bced26c644d21b7622334f1004dec3
--- /dev/null
+++ b/crypto/bn/bn_add.c
@@ -0,0 +1,170 @@
+/* crypto/bn/bn_add.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r can == a or b */
+int BN_add(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int i;
+	BIGNUM *tmp;
+
+	/*  a +  b	a+b
+	 *  a + -b	a-b
+	 * -a +  b	b-a
+	 * -a + -b	-(a+b)
+	 */
+	if (a->neg ^ b->neg)
+		{
+		/* only one is negative */
+		if (a->neg)
+			{ tmp=a; a=b; b=tmp; }
+
+		/* we are now a - b */
+		if (bn_expand(r,((a->top > b->top)?a->top:b->top)*BN_BITS2)
+			== NULL) return(0);
+
+		if (BN_ucmp(a,b) < 0)
+			{
+			bn_qsub(r,b,a);
+			r->neg=1;
+			}
+		else
+			{
+			bn_qsub(r,a,b);
+			r->neg=0;
+			}
+		return(1);
+		}
+
+	if (a->neg) /* both are neg */
+		r->neg=1;
+	else
+		r->neg=0;
+
+	i=(a->top > b->top);
+	if (bn_expand(r,(((i)?a->top:b->top)+1)*BN_BITS2) == NULL) return(0);
+
+	if (i)
+		bn_qadd(r,a,b);
+	else
+		bn_qadd(r,b,a);
+	return(1);
+	}
+
+/* unsigned add of b to a, r must be large enough */
+void bn_qadd(r,a,b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	register int i;
+	int max,min;
+	BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+
+	max=a->top;
+	min=b->top;
+	r->top=max;
+
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+	carry=0;
+	for (i=0; i= ((~t1)&BN_MASK2));
+			t2=(t1+t2+1)&BN_MASK2;
+			}
+		else
+			{
+			t2=(t1+t2)&BN_MASK2;
+			carry=(t2 < t1);
+			}
+		*(rp++)=t2;
+		}
+	if (carry)
+		{
+		while (i < max)
+			{
+			t1= *(ap++);
+			t2=(t1+1)&BN_MASK2;
+			*(rp++)=t2;
+			carry=(t2 < t1);
+			i++;
+			if (!carry) break;
+			}
+		if ((i >= max) && carry)
+			{
+			*(rp++)=1;
+			r->top++;
+			}
+		}
+	for (; i
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_BL_CTX *BN_BL_CTX_new()
+	{
+	BN_BL_CTX *ret;
+
+	if ((ret=(BN_BL_CTX *)Malloc(sizeof(BN_BL_CTX))) == NULL)
+		{
+		BNerr(BN_F_BN_BL_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	if ((ret->num=BN_new()) == NULL) goto err;
+	if ((ret->mod=BN_new()) == NULL) goto err;
+	ret->inum=NULL;
+	ret->count=16;
+	ret->count=1;
+	return(ret);
+	}
+
+int BN_BL_CTX_Init(a,mod)
+BN_BL_CTX *a;
+BIGNUM *mod;
+	{
+	int i;
+	BN_CTX *ctx;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto m_err;
+
+	if (BN_copy(a->mod,mod) == NULL) goto err;
+	i=BN_num_bits(mod);
+	if (!BN_rand(a->num,i,1,0)) goto err;
+	
+	if (a->inum != NULL) BN_clear_free(a->inum);
+	a->inum=BN_mod_inverse(a->num,a->mod,ctx)
+	ret->count=16;
+	return(1);
+m_err:
+	BNerr(BN_F_BN_BL_CTX_INIT,ERR_R_MALLOC_FAILURE);
+err:
+	return(0);
+	}
+
+BN_BL_CTX *BN_BL_CTX_Update(a)
+BN_BL_CTX *a;
+	{
+	BN_CTX *ctx;
+	BN_BL_CTX *new;
+
+	if (--a->count > 0)
+		return(1);
+
+	new=BN_BL_CTX_new();
+	/* set/get lock */
+	if ((ctx=BN_CTX_new()) == NULL)
+		return(NULL);
+	new->inum=BN_new();
+
+	BN_mod_mul(new->num,a->num,a->num,a->mod,ctx);
+	BN_mod_mul(new->inum,a->inum,a->inum,a->mod,ctx);
+	BN_copy(new->mod,a->mod);
+	BN_BL_CTX_free(a);
+	return(new);
+	}
+
+void BN_BL_CTX_free(a)
+BN_BL_CTX *a;
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_RSA);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"BN_BL_CTX_free, bad reference count\n");
+		abort();
+		}
+#endif
+	if (a->num == NULL) BN_clear_free(a->num);
+	if (a->inum == NULL) BN_clear_free(a->inum);
+	if (a->mod == NULL) BN_clear_free(a->mod);
+	}
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
new file mode 100644
index 0000000000000000000000000000000000000000..0ce4d4182fcecddbdfd1fb74d01205fe1be7f8a2
--- /dev/null
+++ b/crypto/bn/bn_div.c
@@ -0,0 +1,286 @@
+/* crypto/bn/bn_div.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* The old slow way */
+#if 0
+int BN_div(dv, rem, m, d,ctx)
+BIGNUM *dv;
+BIGNUM *rem;
+BIGNUM *m;
+BIGNUM *d;
+BN_CTX *ctx;
+	{
+	int i,nm,nd;
+	BIGNUM *D;
+
+	if (BN_is_zero(d))
+		{
+		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+		return(0);
+		}
+
+	if (BN_ucmp(m,d) < 0)
+		{
+		if (rem != NULL)
+			{ if (BN_copy(rem,m) == NULL) return(0); }
+		if (dv != NULL) BN_zero(dv);
+		return(1);
+		}
+
+	D=ctx->bn[ctx->tos];
+	if (dv == NULL) dv=ctx->bn[ctx->tos+1];
+	if (rem == NULL) rem=ctx->bn[ctx->tos+2];
+
+	nd=BN_num_bits(d);
+	nm=BN_num_bits(m);
+	if (BN_copy(D,d) == NULL) return(0);
+	if (BN_copy(rem,m) == NULL) return(0);
+
+	/* The next 2 are needed so we can do a dv->d[0]|=1 later
+	 * since BN_lshift1 will only work once there is a value :-) */
+	BN_zero(dv);
+	dv->top=1;
+
+	if (!BN_lshift(D,D,nm-nd)) return(0);
+	for (i=nm-nd; i>=0; i--)
+		{
+		if (!BN_lshift1(dv,dv)) return(0);
+		if (BN_ucmp(rem,D) >= 0)
+			{
+			dv->d[0]|=1;
+			bn_qsub(rem,rem,D);
+			}
+/* CAN IMPROVE (and have now :=) */
+		if (!BN_rshift1(D,D)) return(0);
+		}
+	rem->neg=BN_is_zero(rem)?0:m->neg;
+	dv->neg=m->neg^d->neg;
+	return(1);
+	}
+
+#else
+
+int BN_div(dv, rm, num, divisor,ctx)
+BIGNUM *dv;
+BIGNUM *rm;
+BIGNUM *num;
+BIGNUM *divisor;
+BN_CTX *ctx;
+	{
+	int norm_shift,i,j,loop;
+	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+	BN_ULONG *resp,*wnump;
+	BN_ULONG d0,d1;
+	int num_n,div_n;
+
+	if (BN_is_zero(num))
+		{
+		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+		return(0);
+		}
+
+	if (BN_ucmp(num,divisor) < 0)
+		{
+		if (rm != NULL)
+			{ if (BN_copy(rm,num) == NULL) return(0); }
+		if (dv != NULL) BN_zero(dv);
+		return(1);
+		}
+
+	tmp=ctx->bn[ctx->tos]; 
+	tmp->neg=0;
+	snum=ctx->bn[ctx->tos+1];
+	sdiv=ctx->bn[ctx->tos+2];
+	if (dv == NULL)
+		res=ctx->bn[ctx->tos+3];
+	else	res=dv;
+
+	/* First we normalise the numbers */
+	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+	BN_lshift(sdiv,divisor,norm_shift);
+	sdiv->neg=0;
+	norm_shift+=BN_BITS2;
+	BN_lshift(snum,num,norm_shift);
+	snum->neg=0;
+	div_n=sdiv->top;
+	num_n=snum->top;
+	loop=num_n-div_n;
+
+	/* Lets setup a 'window' into snum
+	 * This is the part that corresponds to the current
+	 * 'area' being divided */
+	wnum.d=	 &(snum->d[loop]);
+	wnum.top= div_n;
+	wnum.max= snum->max; /* a bit of a lie */
+	wnum.neg= 0;
+
+	/* Get the top 2 words of sdiv */
+	/* i=sdiv->top; */
+	d0=sdiv->d[div_n-1];
+	d1=(div_n == 1)?0:sdiv->d[div_n-2];
+
+	/* pointer to the 'top' of snum */
+	wnump= &(snum->d[num_n-1]);
+
+	/* Setup to 'res' */
+	res->neg= (num->neg^divisor->neg);
+	res->top=loop;
+	if (!bn_expand(res,(loop+1)*BN_BITS2)) goto err;
+	resp= &(res->d[loop-1]);
+
+	/* space for temp */
+	if (!bn_expand(tmp,(div_n+1)*BN_BITS2)) goto err;
+
+	if (BN_ucmp(&wnum,sdiv) >= 0)
+		{
+		bn_qsub(&wnum,&wnum,sdiv);
+		*resp=1;
+		res->d[res->top-1]=1;
+		}
+	else
+		res->top--;
+	resp--;
+
+	for (i=0; i>BN_BITS2) ||
+				(t2 <= ((BN_ULLONG)(rem< t1l) t3h++;
+			t3h=(t1h-t3h);
+
+			/*if ((t3>>BN_BITS2) ||
+				(t2 <= ((t3<d,sdiv->d,div_n,q);
+		tmp->d[div_n]=l0;
+		for (j=div_n+1; j>0; j--)
+			if (tmp->d[j-1]) break;
+		tmp->top=j;
+
+		j=wnum.top;
+		BN_sub(&wnum,&wnum,tmp);
+
+		snum->top=snum->top+wnum.top-j;
+
+		if (wnum.neg)
+			{
+			q--;
+			j=wnum.top;
+			BN_add(&wnum,&wnum,sdiv);
+			snum->top+=wnum.top-j;
+			}
+		*(resp--)=q;
+		wnump--;
+		}
+	if (rm != NULL)
+		{
+		BN_rshift(rm,snum,norm_shift);
+		rm->neg=num->neg;
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+#endif
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..38818d6e672024dee7822096c3c48e96da7eaeda
--- /dev/null
+++ b/crypto/bn/bn_err.c
@@ -0,0 +1,98 @@
+/* lib/bn/bn_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "bn.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA BN_str_functs[]=
+	{
+{ERR_PACK(0,BN_F_BN_BL_CTX_INIT,0),	"BN_BL_CTX_INIT"},
+{ERR_PACK(0,BN_F_BN_BL_CTX_NEW,0),	"BN_BL_CTX_NEW"},
+{ERR_PACK(0,BN_F_BN_BN2ASCII,0),	"BN_bn2ascii"},
+{ERR_PACK(0,BN_F_BN_CTX_NEW,0),	"BN_CTX_new"},
+{ERR_PACK(0,BN_F_BN_DIV,0),	"BN_div"},
+{ERR_PACK(0,BN_F_BN_EXPAND2,0),	"bn_expand2"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),	"BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),	"BN_mod_inverse"},
+{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),	"BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
+{ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA BN_str_reasons[]=
+	{
+{BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
+{BN_R_DIV_BY_ZERO                        ,"div by zero"},
+{BN_R_NO_INVERSE                         ,"no inverse"},
+{0,NULL},
+	};
+
+void ERR_load_BN_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_BN,BN_str_functs);
+		ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+		}
+	}
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
new file mode 100644
index 0000000000000000000000000000000000000000..0a0db370c35bcdced30a5d63ecf339ec35e69c71
--- /dev/null
+++ b/crypto/bn/bn_exp.c
@@ -0,0 +1,510 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* slow but works */
+int BN_mod_mul(ret, a, b, m, ctx)
+BIGNUM *ret;
+BIGNUM *a;
+BIGNUM *b;
+BIGNUM *m;
+BN_CTX *ctx;
+	{
+	BIGNUM *t;
+	int r=0;
+
+	t=ctx->bn[ctx->tos++];
+	if (a == b)
+		{ if (!BN_sqr(t,a,ctx)) goto err; }
+	else
+		{ if (!BN_mul(t,a,b)) goto err; }
+	if (!BN_mod(ret,t,m,ctx)) goto err;
+	r=1;
+err:
+	ctx->tos--;
+	return(r);
+	}
+
+#if 0
+/* this one works - simple but works */
+int BN_mod_exp(r,a,p,m,ctx)
+BIGNUM *r,*a,*p,*m;
+BN_CTX *ctx;
+	{
+	int i,bits,ret=0;
+	BIGNUM *v,*tmp;
+
+	v=ctx->bn[ctx->tos++];
+	tmp=ctx->bn[ctx->tos++];
+
+	if (BN_copy(v,a) == NULL) goto err;
+	bits=BN_num_bits(p);
+
+	if (BN_is_odd(p))
+		{ if (BN_copy(r,a) == NULL) goto err; }
+	else	{ if (BN_one(r)) goto err; }
+
+	for (i=1; itos-=2;
+	return(ret);
+	}
+
+#endif
+
+int BN_mod_exp(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+	{
+	int ret;
+
+#ifdef MONT_MUL_MOD
+	/* I have finally been able to take out this pre-condition of
+	 * the top bit being set.  It was caused by an error in BN_div
+	 * with negatives.  There was also another problem when for a^b%m
+	 * a >= m.  eay 07-May-97 */
+/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+	if (BN_is_odd(m))
+		{ ret=BN_mod_exp_mont(r,a,p,m,ctx); }
+	else
+#endif
+#ifdef RECP_MUL_MOD
+		{ ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+#else
+		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+#endif
+
+	return(ret);
+	}
+
+/* #ifdef RECP_MUL_MOD */
+int BN_mod_exp_recp(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+	{
+	int nb,i,j,bits,ret=0,wstart,wend,window,wvalue;
+	int start=1;
+	BIGNUM *d,*aa;
+	BIGNUM *val[16];
+
+	d=ctx->bn[ctx->tos++];
+	aa=ctx->bn[ctx->tos++];
+	bits=BN_num_bits(p);
+
+	if (bits == 0)
+		{
+		BN_one(r);
+		return(1);
+		}
+	nb=BN_reciprocal(d,m,ctx);
+	if (nb == -1) goto err;
+
+	val[0]=BN_new();
+	if (!BN_mod(val[0],a,m,ctx)) goto err;		/* 1 */
+	if (!BN_mod_mul_reciprocal(aa,val[0],val[0],m,d,nb,ctx))
+		goto err;				/* 2 */
+
+	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits >= 256)
+		window=5;	/* max size of window */
+	else if (bits >= 128)
+		window=4;
+	else
+		window=3;
+
+	j=1<<(window-1);
+	for (i=1; i>1],m,d,nb,ctx))
+			goto err;
+
+		/* move the 'window' down further */
+		wstart-=wend+1;
+		wvalue=0;
+		start=0;
+		if (wstart < 0) break;
+		}
+	ret=1;
+err:
+	ctx->tos-=2;
+	for (i=0; i<16; i++)
+		if (val[i] != NULL) BN_clear_free(val[i]);
+	return(ret);
+	}
+/* #endif */
+
+/* #ifdef MONT_MUL_MOD */
+int BN_mod_exp_mont(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+	{
+	int i,j,bits,ret=0,wstart,wend,window,wvalue;
+	int start=1;
+	BIGNUM *d,*aa;
+	BIGNUM *val[16];
+	BN_MONT_CTX *mont=NULL;
+
+	if (!(m->d[0] & 1))
+		{
+		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+		return(0);
+		}
+	d=ctx->bn[ctx->tos++];
+	bits=BN_num_bits(p);
+	if (bits == 0)
+		{
+		BN_one(r);
+		return(1);
+		}
+
+	/* If this is not done, things will break in the montgomery
+	 * part */
+
+	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+	if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+
+	val[0]=BN_new();
+	if (BN_ucmp(a,m) >= 0)
+		{
+		BN_mod(val[0],a,m,ctx);
+		aa=val[0];
+		}
+	else
+		aa=a;
+	if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
+	if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
+
+	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits >= 256)
+		window=5;	/* max size of window */
+	else if (bits >= 128)
+		window=4;
+	else
+		window=3;
+
+	j=1<<(window-1);
+	for (i=1; i>1],mont,ctx))
+			goto err;
+
+		/* move the 'window' down further */
+		wstart-=wend+1;
+		wvalue=0;
+		start=0;
+		if (wstart < 0) break;
+		}
+	BN_from_montgomery(r,r,mont,ctx);
+	ret=1;
+err:
+	if (mont != NULL) BN_MONT_CTX_free(mont);
+	ctx->tos--;
+	for (i=0; i<16; i++)
+		if (val[i] != NULL) BN_clear_free(val[i]);
+	return(ret);
+	}
+/* #endif */
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(r,a,p,m,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *p;
+BIGNUM *m;
+BN_CTX *ctx;
+	{
+	int i,j,bits,ret=0,wstart,wend,window,wvalue;
+	int start=1;
+	BIGNUM *d;
+	BIGNUM *val[16];
+
+	d=ctx->bn[ctx->tos++];
+	bits=BN_num_bits(p);
+
+	if (bits == 0)
+		{
+		BN_one(r);
+		return(1);
+		}
+
+	val[0]=BN_new();
+	if (!BN_mod(val[0],a,m,ctx)) goto err;		/* 1 */
+	if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+		goto err;				/* 2 */
+
+	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits >= 256)
+		window=5;	/* max size of window */
+	else if (bits >= 128)
+		window=4;
+	else
+		window=3;
+
+	j=1<<(window-1);
+	for (i=1; i>1],m,ctx))
+			goto err;
+
+		/* move the 'window' down further */
+		wstart-=wend+1;
+		wvalue=0;
+		start=0;
+		if (wstart < 0) break;
+		}
+	ret=1;
+err:
+	ctx->tos--;
+	for (i=0; i<16; i++)
+		if (val[i] != NULL) BN_clear_free(val[i]);
+	return(ret);
+	}
+
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
new file mode 100644
index 0000000000000000000000000000000000000000..9b0bc2b1002e325c49186d5a2641af27dd44ec37
--- /dev/null
+++ b/crypto/bn/bn_gcd.c
@@ -0,0 +1,203 @@
+/* crypto/bn/bn_gcd.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifndef NOPROTO
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+#else
+static BIGNUM *euclid();
+#endif
+
+int BN_gcd(r,in_a,in_b,ctx)
+BIGNUM *r,*in_a,*in_b;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*b,*t;
+	int ret=0;
+
+	a=ctx->bn[ctx->tos];
+	b=ctx->bn[ctx->tos+1];
+
+	if (BN_copy(a,in_a) == NULL) goto err;
+	if (BN_copy(b,in_b) == NULL) goto err;
+
+	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
+	t=euclid(a,b);
+	if (t == NULL) goto err;
+
+	if (BN_copy(r,t) == NULL) goto err;
+	ret=1;
+err:
+	return(ret);
+	}
+
+static BIGNUM *euclid(a,b)
+BIGNUM *a,*b;
+	{
+	BIGNUM *t;
+	int shifts=0;
+
+	for (;;)
+		{
+		if (BN_is_zero(b))
+			break;
+
+		if (BN_is_odd(a))
+			{
+			if (BN_is_odd(b))
+				{
+				if (!BN_sub(a,a,b)) goto err;
+				if (!BN_rshift1(a,a)) goto err;
+				if (BN_cmp(a,b) < 0)
+					{ t=a; a=b; b=t; }
+				}
+			else		/* a odd - b even */
+				{
+				if (!BN_rshift1(b,b)) goto err;
+				if (BN_cmp(a,b) < 0)
+					{ t=a; a=b; b=t; }
+				}
+			}
+		else			/* a is even */
+			{
+			if (BN_is_odd(b))
+				{
+				if (!BN_rshift1(a,a)) goto err;
+				if (BN_cmp(a,b) < 0)
+					{ t=a; a=b; b=t; }
+				}
+			else		/* a even - b even */
+				{
+				if (!BN_rshift1(a,a)) goto err;
+				if (!BN_rshift1(b,b)) goto err;
+				shifts++;
+				}
+			}
+		}
+	if (shifts)
+		{
+		if (!BN_lshift(a,a,shifts)) goto err;
+		}
+	return(a);
+err:
+	return(NULL);
+	}
+
+/* solves ax == 1 (mod n) */
+BIGNUM *BN_mod_inverse(a, n, ctx)
+BIGNUM *a;
+BIGNUM *n;
+BN_CTX *ctx;
+	{
+	BIGNUM *A,*B,*X,*Y,*M,*D,*R;
+	BIGNUM *ret=NULL,*T;
+	int sign;
+
+	A=ctx->bn[ctx->tos];
+	B=ctx->bn[ctx->tos+1];
+	X=ctx->bn[ctx->tos+2];
+	D=ctx->bn[ctx->tos+3];
+	M=ctx->bn[ctx->tos+4];
+	Y=ctx->bn[ctx->tos+5];
+	ctx->tos+=6;
+	R=BN_new();
+	if (R == NULL) goto err;
+
+	BN_zero(X);
+	BN_one(Y);
+	if (BN_copy(A,a) == NULL) goto err;
+	if (BN_copy(B,n) == NULL) goto err;
+	sign=1;
+
+	while (!BN_is_zero(B))
+		{
+		if (!BN_div(D,M,A,B,ctx)) goto err;
+		T=A;
+		A=B;
+		B=M;
+		/* T has a struct, M does not */
+
+		if (!BN_mul(T,D,X)) goto err;
+		if (!BN_add(T,T,Y)) goto err;
+		M=Y;
+		Y=X;
+		X=T;
+		sign= -sign;
+		}
+	if (sign < 0)
+		{
+		if (!BN_sub(Y,n,Y)) goto err;
+		}
+
+	if (BN_is_one(A))
+		{ if (!BN_mod(R,Y,n,ctx)) goto err; }
+	else
+		{
+		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+		goto err;
+		}
+	ret=R;
+err:
+	if ((ret == NULL) && (R != NULL)) BN_free(R);
+	ctx->tos-=6;
+	return(ret);
+	}
+
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
new file mode 100644
index 0000000000000000000000000000000000000000..4d44651df839727fc379e73720b4165a85f48811
--- /dev/null
+++ b/crypto/bn/bn_lcl.h
@@ -0,0 +1,216 @@
+/* crypto/bn/bn_lcl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BN_LCL_H
+#define HEADER_BN_LCL_H
+
+#include "bn.h"
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*************************************************************
+ * Using the long long type
+ */
+#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *fix_top_l; \
+        for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(fix_top_l--)) break; \
+	}
+
+#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b)))
+
+#ifdef BN_LLONG
+#define mul_add(r,a,w,c) { \
+	BN_ULLONG t; \
+	t=(BN_ULLONG)w * (a) + (r) + (c); \
+	(r)=Lw(t); \
+	(c)= Hw(t); \
+	}
+
+#define mul(r,a,w,c) { \
+	BN_ULLONG t; \
+	t=(BN_ULLONG)w * (a) + (c); \
+	(r)=Lw(t); \
+	(c)= Hw(t); \
+	}
+
+#define bn_mul_words(r1,r2,a,b) \
+	{ \
+	BN_ULLONG t; \
+	t=(BN_ULLONG)(a)*(b); \
+	r1=Lw(t); \
+	r2=Hw(t); \
+	}
+
+#else
+/*************************************************************
+ * No long long type
+ */
+
+#define LBITS(a)	((a)&BN_MASK2l)
+#define HBITS(a)	(((a)>>BN_BITS4)&BN_MASK2l)
+#define	L2HBITS(a)	((BN_ULONG)((a)&BN_MASK2l)<>BN_BITS2)&BN_MASKl)
+#define	LL2HBITS(a)	((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \
+	m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+	l+=m; if ((l&BN_MASK2) < m) h++; \
+	(lo)=l; \
+	(ho)=h; \
+	}
+
+#define mul_add(r,a,bl,bh,c) { \
+	BN_ULONG l,h; \
+ \
+	h= (a); \
+	l=LBITS(h); \
+	h=HBITS(h); \
+	mul64(l,h,(bl),(bh)); \
+ \
+	/* non-multiply part */ \
+	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+	(c)=(r); \
+	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+	(c)=h&BN_MASK2; \
+	(r)=l&BN_MASK2; \
+	}
+
+#define mul(r,a,bl,bh,c) { \
+	BN_ULONG l,h; \
+ \
+	h= (a); \
+	l=LBITS(h); \
+	h=HBITS(h); \
+	mul64(l,h,(bl),(bh)); \
+ \
+	/* non-multiply part */ \
+	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+	(c)=h&BN_MASK2; \
+	(r)=l&BN_MASK2; \
+	}
+
+#define bn_mul_words(r1,r2,a,b) \
+	{ \
+	BN_ULONG l,h,bl,bh; \
+ \
+	h=(a); \
+	l=LBITS(h); \
+	h=HBITS(h); \
+	bh=(b); \
+	bl=LBITS(bh); \
+	bh=HBITS(bh); \
+ \
+	mul64(l,h,bl,bh); \
+ \
+	(r1)=l; \
+	(r2)=h; \
+	}
+#endif
+
+#ifndef NOPROTO
+
+BIGNUM *bn_expand2(BIGNUM *b, int bits);
+
+#else
+
+BIGNUM *bn_expand2();
+
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
new file mode 100644
index 0000000000000000000000000000000000000000..288ebca68ce23695030ae2e928d3e2da07a7e708
--- /dev/null
+++ b/crypto/bn/bn_lib.c
@@ -0,0 +1,565 @@
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+char *BN_version="Big Number part of SSLeay 0.8.1b 29-Jun-1998";
+
+BIGNUM *BN_value_one()
+	{
+	static BN_ULONG data_one=1L;
+	static BIGNUM const_one={&data_one,1,1,0};
+
+	return(&const_one);
+	}
+
+char *BN_options()
+	{
+	static int init=0;
+	static char data[16];
+
+	if (!init)
+		{
+		init++;
+#ifdef BN_LLONG
+		sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
+			(int)sizeof(BN_ULONG)*8);
+#else
+		sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
+			(int)sizeof(BN_ULONG)*8);
+#endif
+		}
+	return(data);
+	}
+
+int BN_num_bits_word(l)
+BN_ULONG l;
+	{
+	static char bits[256]={
+		0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
+		5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
+		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+		};
+
+#ifdef SIXTY_FOUR_BIT_LONG
+	if (l & 0xffffffff00000000L)
+		{
+		if (l & 0xffff000000000000L)
+			{
+			if (l & 0xff00000000000000L)
+				{
+				return(bits[l>>56]+56);
+				}
+			else	return(bits[l>>48]+48);
+			}
+		else
+			{
+			if (l & 0x0000ff0000000000L)
+				{
+				return(bits[l>>40]+40);
+				}
+			else	return(bits[l>>32]+32);
+			}
+		}
+	else
+#else
+#ifdef SIXTY_FOUR_BIT
+	if (l & 0xffffffff00000000LL)
+		{
+		if (l & 0xffff000000000000LL)
+			{
+			if (l & 0xff00000000000000LL)
+				{
+				return(bits[l>>56]+56);
+				}
+			else	return(bits[l>>48]+48);
+			}
+		else
+			{
+			if (l & 0x0000ff0000000000LL)
+				{
+				return(bits[l>>40]+40);
+				}
+			else	return(bits[l>>32]+32);
+			}
+		}
+	else
+#endif
+#endif
+		{
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+		if (l & 0xffff0000L)
+			{
+			if (l & 0xff000000L)
+				return(bits[l>>24L]+24);
+			else	return(bits[l>>16L]+16);
+			}
+		else
+#endif
+			{
+#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+			if (l & 0xff00L)
+				return(bits[l>>8]+8);
+			else	
+#endif
+				return(bits[l   ]  );
+			}
+		}
+	}
+
+int BN_num_bits(a)
+BIGNUM *a;
+	{
+	BN_ULONG l;
+	int i;
+
+	if (a->top == 0) return(0);
+	l=a->d[a->top-1];
+	i=(a->top-1)*BN_BITS2;
+	if (l == 0)
+		{
+#ifndef WIN16
+		fprintf(stderr,"BAD TOP VALUE\n");
+#endif
+		abort();
+		}
+	return(i+BN_num_bits_word(l));
+	}
+
+void BN_clear_free(a)
+BIGNUM *a;
+	{
+	if (a == NULL) return;
+	if (a->d != NULL)
+		{
+		memset(a->d,0,a->max*sizeof(a->d[0]));
+		Free(a->d);
+		}
+	memset(a,0,sizeof(BIGNUM));
+	Free(a);
+	}
+
+void BN_free(a)
+BIGNUM *a;
+	{
+	if (a == NULL) return;
+	if (a->d != NULL) Free(a->d);
+	Free(a);
+	}
+
+BIGNUM *BN_new()
+	{
+	BIGNUM *ret;
+	BN_ULONG *p;
+
+	ret=(BIGNUM *)Malloc(sizeof(BIGNUM));
+	if (ret == NULL) goto err;
+	ret->top=0;
+	ret->neg=0;
+	ret->max=(BN_DEFAULT_BITS/BN_BITS2);
+	p=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(ret->max+1));
+	if (p == NULL) goto err;
+	ret->d=p;
+
+	memset(p,0,(ret->max+1)*sizeof(p[0]));
+	return(ret);
+err:
+	BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+	return(NULL);
+	}
+
+BN_CTX *BN_CTX_new()
+	{
+	BN_CTX *ret;
+	BIGNUM *n;
+	int i,j;
+
+	ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
+	if (ret == NULL) goto err2;
+
+	for (i=0; ibn[i]=n;
+		}
+
+	/* There is actually an extra one, this is for debugging my
+	 * stuff */
+	ret->bn[BN_CTX_NUM]=NULL;
+
+	ret->tos=0;
+	return(ret);
+err:
+	for (j=0; jbn[j]);
+	Free(ret);
+err2:
+	BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+	return(NULL);
+	}
+
+void BN_CTX_free(c)
+BN_CTX *c;
+	{
+	int i;
+
+	for (i=0; ibn[i]);
+	Free(c);
+	}
+
+BIGNUM *bn_expand2(b, bits)
+BIGNUM *b;
+int bits;
+	{
+	BN_ULONG *p;
+	register int n;
+
+	while (bits > b->max*BN_BITS2)
+		{
+		n=((bits+BN_BITS2-1)/BN_BITS2)*2;
+		p=b->d=(BN_ULONG *)Realloc(b->d,sizeof(BN_ULONG)*(n+1));
+		if (p == NULL)
+			{
+			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		memset(&(p[b->max]),0,((n+1)-b->max)*sizeof(BN_ULONG));
+		b->max=n;
+		}
+	return(b);
+	}
+
+BIGNUM *BN_dup(a)
+BIGNUM *a;
+	{
+	BIGNUM *r;
+
+	r=BN_new();
+	if (r == NULL) return(NULL);
+	return((BIGNUM *)BN_copy(r,a));
+	}
+
+BIGNUM *BN_copy(a, b)
+BIGNUM *a;
+BIGNUM *b;
+	{
+	if (bn_expand(a,b->top*BN_BITS2) == NULL) return(NULL);
+	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+/*	memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
+	a->top=b->top;
+	a->neg=b->neg;
+	return(a);
+	}
+
+void BN_clear(a)
+BIGNUM *a;
+	{
+	memset(a->d,0,a->max*sizeof(a->d[0]));
+	a->top=0;
+	a->neg=0;
+	}
+
+unsigned long BN_get_word(a)
+BIGNUM *a;
+	{
+	int i,n;
+	unsigned long ret=0;
+
+	n=BN_num_bytes(a);
+	if (n > sizeof(unsigned long))
+#ifdef SIXTY_FOUR_BIT_LONG
+		return(BN_MASK2);
+#else
+		return(0xFFFFFFFFL);
+#endif
+	for (i=a->top-1; i>=0; i--)
+		{
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+		ret<<=BN_BITS4; /* stops the compiler complaining */
+		ret<<=BN_BITS4;
+#endif
+		ret|=a->d[i];
+		}
+	return(ret);
+	}
+
+int BN_set_word(a,w)
+BIGNUM *a;
+unsigned long w;
+	{
+	int i,n;
+	if (bn_expand(a,sizeof(unsigned long)*8) == NULL) return(0);
+
+	n=sizeof(unsigned long)/BN_BYTES;
+	a->neg=0;
+	a->top=0;
+	a->d[0]=(BN_ULONG)w&BN_MASK2;
+	if (a->d[0] != 0) a->top=1;
+	for (i=1; i>=BN_BITS2 so compilers don't complain
+		 * on builds where sizeof(long) == BN_TYPES */
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+		w>>=BN_BITS4;
+		w>>=BN_BITS4;
+#endif
+		a->d[i]=(BN_ULONG)w&BN_MASK2;
+		if (a->d[i] != 0) a->top=i+1;
+		}
+	return(1);
+	}
+
+/* ignore negative */
+BIGNUM *BN_bin2bn(s, len, ret)
+unsigned char *s;
+int len;
+BIGNUM *ret;
+	{
+	unsigned int i,m;
+	unsigned int n;
+	BN_ULONG l;
+
+	if (ret == NULL) ret=BN_new();
+	if (ret == NULL) return(NULL);
+	l=0;
+	n=len;
+	if (n == 0)
+		{
+		ret->top=0;
+		return(ret);
+		}
+	if (bn_expand(ret,(int)(n+2)*8) == NULL)
+		return(NULL);
+	i=((n-1)/BN_BYTES)+1;
+	m=((n-1)%(BN_BYTES));
+	ret->top=i;
+	while (n-- > 0)
+		{
+		l=(l<<8L)| *(s++);
+		if (m-- == 0)
+			{
+			ret->d[--i]=l;
+			l=0;
+			m=BN_BYTES-1;
+			}
+		}
+	/* need to call this due to clear byte at top if avoiding
+	 * having the top bit set (-ve number) */
+	bn_fix_top(ret);
+	return(ret);
+	}
+
+/* ignore negative */
+int BN_bn2bin(a, to)
+BIGNUM *a;
+unsigned char *to;
+	{
+	int n,i;
+	BN_ULONG l;
+
+	n=i=BN_num_bytes(a);
+	while (i-- > 0)
+		{
+		l=a->d[i/BN_BYTES];
+		*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
+		}
+	return(n);
+	}
+
+int BN_ucmp(a, b)
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int i;
+	BN_ULONG t1,t2,*ap,*bp;
+
+	i=a->top-b->top;
+	if (i != 0) return(i);
+	ap=a->d;
+	bp=b->d;
+	for (i=a->top-1; i>=0; i--)
+		{
+		t1= ap[i];
+		t2= bp[i];
+		if (t1 != t2)
+			return(t1 > t2?1:-1);
+		}
+	return(0);
+	}
+
+int BN_cmp(a, b)
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int i;
+	int gt,lt;
+	BN_ULONG t1,t2;
+
+	if ((a == NULL) || (b == NULL))
+		{
+		if (a != NULL)
+			return(-1);
+		else if (b != NULL)
+			return(1);
+		else
+			return(0);
+		}
+	if (a->neg != b->neg)
+		{
+		if (a->neg)
+			return(-1);
+		else	return(1);
+		}
+	if (a->neg == 0)
+		{ gt=1; lt= -1; }
+	else	{ gt= -1; lt=1; }
+
+	if (a->top > b->top) return(gt);
+	if (a->top < b->top) return(lt);
+	for (i=a->top-1; i>=0; i--)
+		{
+		t1=a->d[i];
+		t2=b->d[i];
+		if (t1 > t2) return(gt);
+		if (t1 < t2) return(lt);
+		}
+	return(0);
+	}
+
+int BN_set_bit(a, n)
+BIGNUM *a;
+int n;
+	{
+	int i,j;
+
+	i=n/BN_BITS2;
+	j=n%BN_BITS2;
+	if (a->top <= i) return(0);
+
+	a->d[i]|=(1L<top <= i) return(0);
+
+	a->d[i]&=(~(1L<top <= i) return(0);
+	return((a->d[i]&(((BN_ULONG)1)<= a->top) return(0);
+	if (b == 0)
+		a->top=w;
+	else
+		{
+		a->top=w+1;
+		a->d[w]&= ~(BN_MASK2<= 0) && (a->d[w] == 0))
+			{
+			a->top--;
+			w--;
+			}
+		}
+	return(1);
+	}
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
new file mode 100644
index 0000000000000000000000000000000000000000..c94241f59e2cee41f494f07294303741a2aa3f51
--- /dev/null
+++ b/crypto/bn/bn_mod.c
@@ -0,0 +1,97 @@
+/* crypto/bn/bn_mod.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* rem != m */
+int BN_mod(rem, m, d,ctx)
+BIGNUM *rem;
+BIGNUM *m;
+BIGNUM *d;
+BN_CTX *ctx;
+	{
+#if 0 /* The old slow way */
+	int i,nm,nd;
+	BIGNUM *dv;
+
+	if (BN_ucmp(m,d) < 0)
+		return((BN_copy(rem,m) == NULL)?0:1);
+
+	dv=ctx->bn[ctx->tos];
+
+	if (!BN_copy(rem,m)) return(0);
+
+	nm=BN_num_bits(rem);
+	nd=BN_num_bits(d);
+	if (!BN_lshift(dv,d,nm-nd)) return(0);
+	for (i=nm-nd; i>=0; i--)
+		{
+		if (BN_cmp(rem,dv) >= 0)
+			{
+			if (!BN_sub(rem,rem,dv)) return(0);
+			}
+		if (!BN_rshift1(dv,dv)) return(0);
+		}
+	return(1);
+#else
+	return(BN_div(NULL,rem,m,d,ctx));
+#endif
+	}
+
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
new file mode 100644
index 0000000000000000000000000000000000000000..932d10b73615ecc01a4b3dfdf8ba0ca1c14c72ed
--- /dev/null
+++ b/crypto/bn/bn_mont.c
@@ -0,0 +1,280 @@
+/* crypto/bn/bn_mont.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_mod_mul_montgomery(r,a,b,mont,ctx)
+BIGNUM *r,*a,*b;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+	{
+	BIGNUM *tmp;
+
+        tmp=ctx->bn[ctx->tos++];
+
+	if (a == b)
+		{
+		if (!BN_sqr(tmp,a,ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_mul(tmp,a,b)) goto err;
+		}
+	/* reduce from aRR to aR */
+	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+	ctx->tos--;
+	return(1);
+err:
+	return(0);
+	}
+
+#define MONT_WORD
+
+#ifdef MONT_WORD
+int BN_from_montgomery(ret,a,mont,ctx)
+BIGNUM *ret;
+BIGNUM *a;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+	{
+	BIGNUM *n,*t1,*r;
+	BN_ULONG *ap,*np,*rp,k,n0,v,v2;
+	int al,nl,max,i,x;
+	int retn=0;
+
+	t1=ctx->bn[ctx->tos];
+	r=ctx->bn[ctx->tos+1];
+
+	if (!BN_copy(r,a)) goto err;
+	n=mont->N;
+
+	if (!BN_copy(t1,a)) goto err;
+	BN_mask_bits(t1,mont->ri);
+
+	a=t1;
+
+	al=a->top;
+	nl=n->top;
+	if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+
+	max=(nl+al+1); /* allow for overflow (no?) XXX */
+	if (bn_expand(r,(max)*BN_BITS2) == NULL) goto err;
+
+	r->neg=a->neg^n->neg;
+	ap=a->d;
+	np=n->d;
+	rp=r->d;
+
+	/* clear the top bytes of T */
+	for (i=r->top; id[i]=0;
+/*	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); */
+
+	r->top=max;
+	n0=mont->n0;
+
+	for (i=0; id[r->top-1] == 0)
+		r->top--;
+
+	BN_rshift(ret,r,mont->ri);
+
+	if (BN_ucmp(ret,mont->N) >= 0)
+		{
+		bn_qsub(ret,ret,mont->N); /* XXX */
+		}
+	retn=1;
+err:
+	return(retn);
+	}
+#else
+int BN_from_montgomery(r,a,mont,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+	{
+	BIGNUM *t1,*t2;
+
+	t1=ctx->bn[ctx->tos];
+	t2=ctx->bn[ctx->tos+1];
+
+	if (!BN_copy(t1,a)) goto err;
+	/* can cheat */
+	BN_mask_bits(t1,mont->ri);
+
+	if (!BN_mul(t2,t1,mont->Ni)) goto err;
+	BN_mask_bits(t2,mont->ri);
+
+	if (!BN_mul(t1,t2,mont->N)) goto err;
+	if (!BN_add(t2,a,t1)) goto err;
+	BN_rshift(r,t2,mont->ri);
+
+	if (BN_ucmp(r,mont->N) >= 0)
+		bn_qsub(r,r,mont->N);
+
+	return(1);
+err:
+	return(0);
+	}
+#endif
+
+BN_MONT_CTX *BN_MONT_CTX_new()
+	{
+	BN_MONT_CTX *ret;
+
+	if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL)
+		return(NULL);
+	ret->ri=0;
+	ret->RR=BN_new();
+	ret->N=BN_new();
+	ret->Ni=NULL;
+	if ((ret->RR == NULL) || (ret->N == NULL))
+		{
+		BN_MONT_CTX_free(ret);
+		return(NULL);
+		}
+	return(ret);
+	}
+
+void BN_MONT_CTX_free(mont)
+BN_MONT_CTX *mont;
+	{
+	if (mont->RR != NULL) BN_free(mont->RR);
+	if (mont->N != NULL) BN_free(mont->N);
+	if (mont->Ni != NULL) BN_free(mont->Ni);
+	Free(mont);
+	}
+
+int BN_MONT_CTX_set(mont,mod,ctx)
+BN_MONT_CTX *mont;
+BIGNUM *mod;
+BN_CTX *ctx;
+	{
+	BIGNUM *Ri=NULL,*R=NULL;
+
+	if (mont->RR == NULL) mont->RR=BN_new();
+	if (mont->N == NULL)  mont->N=BN_new();
+
+	R=mont->RR;					/* grab RR as a temp */
+	BN_copy(mont->N,mod);				/* Set N */
+
+#ifdef MONT_WORD
+{
+	BIGNUM tmod;
+	BN_ULONG buf[2];
+	/* int z; */
+
+	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+	BN_lshift(R,BN_value_one(),BN_BITS2);		/* R */
+	/* I was bad, this modification of a passed variable was
+	 * breaking the multithreaded stuff :-(
+	 * z=mod->top;
+	 * mod->top=1; */
+
+	buf[0]=mod->d[0];
+	buf[1]=0;
+	tmod.d=buf;
+	tmod.top=1;
+	tmod.max=mod->max;
+	tmod.neg=mod->neg;
+
+	if ((Ri=BN_mod_inverse(R,&tmod,ctx)) == NULL) goto err; /* Ri */
+	BN_lshift(Ri,Ri,BN_BITS2);			/* R*Ri */
+	bn_qsub(Ri,Ri,BN_value_one());			/* R*Ri - 1 */
+	BN_div(Ri,NULL,Ri,&tmod,ctx);
+	mont->n0=Ri->d[0];
+	BN_free(Ri);
+	/* mod->top=z; */
+}
+#else
+	mont->ri=BN_num_bits(mod);
+	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
+	if ((Ri=BN_mod_inverse(R,mod,ctx)) == NULL) goto err;	/* Ri */
+	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
+	bn_qsub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
+	BN_div(Ri,NULL,Ri,mod,ctx);
+	if (mont->Ni != NULL) BN_free(mont->Ni);
+	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+#endif
+
+	/* setup RR for conversions */
+	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+
+	return(1);
+err:
+	return(0);
+	}
+
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
new file mode 100644
index 0000000000000000000000000000000000000000..3c8bf23a705f89d94911e39874794b7ba77b6b92
--- /dev/null
+++ b/crypto/bn/bn_mul.c
@@ -0,0 +1,99 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must be different to a and b */
+int BN_mul(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int i;
+	int max,al,bl;
+	BN_ULONG *ap,*bp,*rp;
+
+	al=a->top;
+	bl=b->top;
+	if ((al == 0) || (bl == 0))
+		{
+		r->top=0;
+		return(1);
+		}
+
+	max=(al+bl);
+	if (bn_expand(r,(max)*BN_BITS2) == NULL) return(0);
+	r->top=max;
+	r->neg=a->neg^b->neg;
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+
+	rp[al]=bn_mul_word(rp,ap,al,*(bp++));
+	rp++;
+	for (i=1; id[max-1] == 0) r->top--;
+	return(1);
+	}
+
diff --git a/crypto/bn/bn_mulw.c b/crypto/bn/bn_mulw.c
new file mode 100644
index 0000000000000000000000000000000000000000..d9031273953ecb3414112128e604187c72c2e004
--- /dev/null
+++ b/crypto/bn/bn_mulw.c
@@ -0,0 +1,303 @@
+/* crypto/bn/bn_mulw.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifdef BN_LLONG 
+
+BN_ULONG bn_mul_add_word(rp,ap,num,w)
+BN_ULONG *rp,*ap;
+int num;
+BN_ULONG w;
+	{
+	BN_ULONG c1=0;
+
+	for (;;)
+		{
+		mul_add(rp[0],ap[0],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[1],ap[1],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[2],ap[2],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[3],ap[3],w,c1);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	
+	return(c1);
+	} 
+
+BN_ULONG bn_mul_word(rp,ap,num,w)
+BN_ULONG *rp,*ap;
+int num;
+BN_ULONG w;
+	{
+	BN_ULONG c1=0;
+
+	for (;;)
+		{
+		mul(rp[0],ap[0],w,c1);
+		if (--num == 0) break;
+		mul(rp[1],ap[1],w,c1);
+		if (--num == 0) break;
+		mul(rp[2],ap[2],w,c1);
+		if (--num == 0) break;
+		mul(rp[3],ap[3],w,c1);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(c1);
+	} 
+
+void bn_sqr_words(r,a,n)
+BN_ULONG *r,*a;
+int n;
+        {
+	for (;;)
+		{
+		BN_ULLONG t;
+
+		t=(BN_ULLONG)(a[0])*(a[0]);
+		r[0]=Lw(t); r[1]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[1])*(a[1]);
+		r[2]=Lw(t); r[3]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[2])*(a[2]);
+		r[4]=Lw(t); r[5]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[3])*(a[3]);
+		r[6]=Lw(t); r[7]=Hw(t);
+		if (--n == 0) break;
+
+		a+=4;
+		r+=8;
+		}
+	}
+
+#else
+
+BN_ULONG bn_mul_add_word(rp,ap,num,w)
+BN_ULONG *rp,*ap;
+int num;
+BN_ULONG w;
+	{
+	BN_ULONG c=0;
+	BN_ULONG bl,bh;
+
+	bl=LBITS(w);
+	bh=HBITS(w);
+
+	for (;;)
+		{
+		mul_add(rp[0],ap[0],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[1],ap[1],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[2],ap[2],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[3],ap[3],bl,bh,c);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(c);
+	} 
+
+BN_ULONG bn_mul_word(rp,ap,num,w)
+BN_ULONG *rp,*ap;
+int num;
+BN_ULONG w;
+	{
+	BN_ULONG carry=0;
+	BN_ULONG bl,bh;
+
+	bl=LBITS(w);
+	bh=HBITS(w);
+
+	for (;;)
+		{
+		mul(rp[0],ap[0],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[1],ap[1],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[2],ap[2],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[3],ap[3],bl,bh,carry);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(carry);
+	} 
+
+void bn_sqr_words(r,a,n)
+BN_ULONG *r,*a;
+int n;
+        {
+	for (;;)
+		{
+		sqr64(r[0],r[1],a[0]);
+		if (--n == 0) break;
+
+		sqr64(r[2],r[3],a[1]);
+		if (--n == 0) break;
+
+		sqr64(r[4],r[5],a[2]);
+		if (--n == 0) break;
+
+		sqr64(r[6],r[7],a[3]);
+		if (--n == 0) break;
+
+		a+=4;
+		r+=8;
+		}
+	}
+
+#endif
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div64(h,l,d)
+BN_ULONG h,l,d;
+	{
+	return((BN_ULONG)(((((BN_ULLONG)h)< (BN_ULONG)1<= d) h-=d;
+
+	if (i)
+		{
+		d<<=i;
+		h=(h<>(BN_BITS2-i));
+		l<<=i;
+		}
+	dh=(d&BN_MASK2h)>>BN_BITS4;
+	dl=(d&BN_MASK2l);
+	for (;;)
+		{
+		if ((h>>BN_BITS4) == dh)
+			q=BN_MASK2l;
+		else
+			q=h/dh;
+
+		for (;;)
+			{
+			t=(h-q*dh);
+			if ((t&BN_MASK2h) ||
+				((dl*q) <= (
+					(t<>BN_BITS4))))
+				break;
+			q--;
+			}
+		th=q*dh;
+		tl=q*dl;
+		t=(tl>>BN_BITS4);
+		tl=(tl<>BN_BITS4))&BN_MASK2;
+		l=(l&BN_MASK2l)<
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include "rand.h"
+
+/* The quick seive algorithm approach to weeding out primes is
+ * Philip Zimmermann's, as implemented in PGP.  I have had a read of
+ * his comments and implemented my own version.
+ */
+#include "bn_prime.h"
+
+#ifndef NOPROTO
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx);
+static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime_dh_strong(BIGNUM *rnd, int bits,
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+#else
+static int witness();
+static int probable_prime();
+static int probable_prime_dh();
+static int probable_prime_dh_strong();
+#endif
+
+BIGNUM *BN_generate_prime(bits,strong,add,rem,callback)
+int bits;
+int strong;
+BIGNUM *add;
+BIGNUM *rem;
+void (*callback)(P_I_I); 
+	{
+	BIGNUM *rnd=NULL;
+	BIGNUM *ret=NULL;
+	BIGNUM *t=NULL;
+	int i,j,c1=0;
+	BN_CTX *ctx;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	if ((rnd=BN_new()) == NULL) goto err;
+	if (strong)
+		if ((t=BN_new()) == NULL) goto err;
+loop: 
+	/* make a random number and set the top and bottom bits */
+	if (add == NULL)
+		{
+		if (!probable_prime(rnd,bits)) goto err;
+		}
+	else
+		{
+		if (strong)
+			{
+			if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx))
+				 goto err;
+			}
+		else
+			{
+			if (!probable_prime_dh(rnd,bits,add,rem,ctx))
+				goto err;
+			}
+		}
+	/* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
+	if (callback != NULL) callback(0,c1++);
+
+	if (!strong)
+		{
+		i=BN_is_prime(rnd,BN_prime_checks,callback,ctx);
+		if (i == -1) goto err;
+		if (i == 0) goto loop;
+		}
+	else
+		{
+		/* for a strong prime generation,
+		 * check that (p-1)/2 is prime.
+		 * Since a prime is odd, We just
+		 * need to divide by 2 */
+		if (!BN_rshift1(t,rnd)) goto err;
+
+		for (i=0; ibn[ctx->tos++];
+	for (i=0; itos--;
+	if ((ctx_passed == NULL) && (ctx != NULL))
+		BN_CTX_free(ctx);
+		
+	return(ret);
+	}
+
+#define RECP_MUL_MOD
+
+static int witness(a, n,ctx)
+BIGNUM *a;
+BIGNUM *n;
+BN_CTX *ctx;
+	{
+	int k,i,nb,ret= -1;
+	BIGNUM *d,*dd,*tmp;
+	BIGNUM *d1,*d2,*x,*n1,*inv;
+
+	d1=ctx->bn[ctx->tos];
+	d2=ctx->bn[ctx->tos+1];
+	x=ctx->bn[ctx->tos+2];
+	n1=ctx->bn[ctx->tos+3];
+	inv=ctx->bn[ctx->tos+4];
+	ctx->tos+=5;
+
+	d=d1;
+	dd=d2;
+	if (!BN_one(d)) goto err;
+	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
+	k=BN_num_bits(n1);
+
+	/* i=BN_num_bits(n); */
+#ifdef RECP_MUL_MOD
+	nb=BN_reciprocal(inv,n,ctx); /**/
+	if (nb == -1) goto err;
+#endif
+
+	for (i=k-1; i>=0; i--)
+		{
+		if (BN_copy(x,d) == NULL) goto err;
+#ifndef RECP_MUL_MOD
+		if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
+#else
+		if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
+#endif
+		if (	BN_is_one(dd) &&
+			!BN_is_one(x) &&
+			(BN_cmp(x,n1) != 0))
+			{
+			ret=1;
+			goto err;
+			}
+		if (BN_is_bit_set(n1,i))
+			{
+#ifndef RECP_MUL_MOD
+			if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
+#else
+			if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; 
+#endif
+			}
+		else
+			{
+			tmp=d;
+			d=dd;
+			dd=tmp;
+			}
+		}
+	if (BN_is_one(d))
+		i=0;
+	else	i=1;
+	ret=i;
+err:
+	ctx->tos-=5;
+	return(ret);
+	}
+
+static int probable_prime(rnd, bits)
+BIGNUM *rnd;
+int bits;
+	{
+	int i;
+	MS_STATIC BN_ULONG mods[NUMPRIMES];
+	BN_ULONG delta;
+
+	if (!BN_rand(rnd,bits,1,1)) return(0);
+	/* we now have a random number 'rand' to test. */
+	for (i=1; ibn[ctx->tos++];
+
+	if (!BN_rand(rnd,bits,0,1)) goto err;
+
+	/* we need ((rnd-rem) % add) == 0 */
+
+	if (!BN_mod(t1,rnd,add,ctx)) goto err;
+	if (!BN_sub(rnd,rnd,t1)) goto err;
+	if (rem == NULL)
+		{ if (!BN_add_word(rnd,1)) goto err; }
+	else
+		{ if (!BN_add(rnd,rnd,rem)) goto err; }
+
+	/* we now have a random number 'rand' to test. */
+
+	loop: for (i=1; itos--;
+	return(ret);
+	}
+
+static int probable_prime_dh_strong(p, bits, padd, rem,ctx)
+BIGNUM *p;
+int bits;
+BIGNUM *padd;
+BIGNUM *rem;
+BN_CTX *ctx;
+	{
+	int i,ret=0;
+	BIGNUM *t1,*qadd=NULL,*q=NULL;
+
+	bits--;
+	t1=ctx->bn[ctx->tos++];
+	q=ctx->bn[ctx->tos++];
+	qadd=ctx->bn[ctx->tos++];
+
+	if (!BN_rshift1(qadd,padd)) goto err;
+		
+	if (!BN_rand(q,bits,0,1)) goto err;
+
+	/* we need ((rnd-rem) % add) == 0 */
+	if (!BN_mod(t1,q,qadd,ctx)) goto err;
+	if (!BN_sub(q,q,t1)) goto err;
+	if (rem == NULL)
+		{ if (!BN_add_word(q,1)) goto err; }
+	else
+		{
+		if (!BN_rshift1(t1,rem)) goto err;
+		if (!BN_add(q,q,t1)) goto err;
+		}
+
+	/* we now have a random number 'rand' to test. */
+	if (!BN_lshift1(p,q)) goto err;
+	if (!BN_add_word(p,1)) goto err;
+
+	loop: for (i=1; itos-=3;
+	return(ret);
+	}
+
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
new file mode 100644
index 0000000000000000000000000000000000000000..1d6df587a8a8b0bcb38e7b18763968e11cbdaaa6
--- /dev/null
+++ b/crypto/bn/bn_prime.h
@@ -0,0 +1,325 @@
+/* crypto/bn/bn_prime.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef EIGHT_BIT
+#define NUMPRIMES 2048
+#else
+#define NUMPRIMES 54
+#endif
+static unsigned int primes[NUMPRIMES]=
+	{
+	   2,   3,   5,   7,  11,  13,  17,  19,
+	  23,  29,  31,  37,  41,  43,  47,  53,
+	  59,  61,  67,  71,  73,  79,  83,  89,
+	  97, 101, 103, 107, 109, 113, 127, 131,
+	 137, 139, 149, 151, 157, 163, 167, 173,
+	 179, 181, 191, 193, 197, 199, 211, 223,
+	 227, 229, 233, 239, 241, 251,
+#ifndef EIGHT_BIT
+	 257, 263,
+	 269, 271, 277, 281, 283, 293, 307, 311,
+	 313, 317, 331, 337, 347, 349, 353, 359,
+	 367, 373, 379, 383, 389, 397, 401, 409,
+	 419, 421, 431, 433, 439, 443, 449, 457,
+	 461, 463, 467, 479, 487, 491, 499, 503,
+	 509, 521, 523, 541, 547, 557, 563, 569,
+	 571, 577, 587, 593, 599, 601, 607, 613,
+	 617, 619, 631, 641, 643, 647, 653, 659,
+	 661, 673, 677, 683, 691, 701, 709, 719,
+	 727, 733, 739, 743, 751, 757, 761, 769,
+	 773, 787, 797, 809, 811, 821, 823, 827,
+	 829, 839, 853, 857, 859, 863, 877, 881,
+	 883, 887, 907, 911, 919, 929, 937, 941,
+	 947, 953, 967, 971, 977, 983, 991, 997,
+	1009,1013,1019,1021,1031,1033,1039,1049,
+	1051,1061,1063,1069,1087,1091,1093,1097,
+	1103,1109,1117,1123,1129,1151,1153,1163,
+	1171,1181,1187,1193,1201,1213,1217,1223,
+	1229,1231,1237,1249,1259,1277,1279,1283,
+	1289,1291,1297,1301,1303,1307,1319,1321,
+	1327,1361,1367,1373,1381,1399,1409,1423,
+	1427,1429,1433,1439,1447,1451,1453,1459,
+	1471,1481,1483,1487,1489,1493,1499,1511,
+	1523,1531,1543,1549,1553,1559,1567,1571,
+	1579,1583,1597,1601,1607,1609,1613,1619,
+	1621,1627,1637,1657,1663,1667,1669,1693,
+	1697,1699,1709,1721,1723,1733,1741,1747,
+	1753,1759,1777,1783,1787,1789,1801,1811,
+	1823,1831,1847,1861,1867,1871,1873,1877,
+	1879,1889,1901,1907,1913,1931,1933,1949,
+	1951,1973,1979,1987,1993,1997,1999,2003,
+	2011,2017,2027,2029,2039,2053,2063,2069,
+	2081,2083,2087,2089,2099,2111,2113,2129,
+	2131,2137,2141,2143,2153,2161,2179,2203,
+	2207,2213,2221,2237,2239,2243,2251,2267,
+	2269,2273,2281,2287,2293,2297,2309,2311,
+	2333,2339,2341,2347,2351,2357,2371,2377,
+	2381,2383,2389,2393,2399,2411,2417,2423,
+	2437,2441,2447,2459,2467,2473,2477,2503,
+	2521,2531,2539,2543,2549,2551,2557,2579,
+	2591,2593,2609,2617,2621,2633,2647,2657,
+	2659,2663,2671,2677,2683,2687,2689,2693,
+	2699,2707,2711,2713,2719,2729,2731,2741,
+	2749,2753,2767,2777,2789,2791,2797,2801,
+	2803,2819,2833,2837,2843,2851,2857,2861,
+	2879,2887,2897,2903,2909,2917,2927,2939,
+	2953,2957,2963,2969,2971,2999,3001,3011,
+	3019,3023,3037,3041,3049,3061,3067,3079,
+	3083,3089,3109,3119,3121,3137,3163,3167,
+	3169,3181,3187,3191,3203,3209,3217,3221,
+	3229,3251,3253,3257,3259,3271,3299,3301,
+	3307,3313,3319,3323,3329,3331,3343,3347,
+	3359,3361,3371,3373,3389,3391,3407,3413,
+	3433,3449,3457,3461,3463,3467,3469,3491,
+	3499,3511,3517,3527,3529,3533,3539,3541,
+	3547,3557,3559,3571,3581,3583,3593,3607,
+	3613,3617,3623,3631,3637,3643,3659,3671,
+	3673,3677,3691,3697,3701,3709,3719,3727,
+	3733,3739,3761,3767,3769,3779,3793,3797,
+	3803,3821,3823,3833,3847,3851,3853,3863,
+	3877,3881,3889,3907,3911,3917,3919,3923,
+	3929,3931,3943,3947,3967,3989,4001,4003,
+	4007,4013,4019,4021,4027,4049,4051,4057,
+	4073,4079,4091,4093,4099,4111,4127,4129,
+	4133,4139,4153,4157,4159,4177,4201,4211,
+	4217,4219,4229,4231,4241,4243,4253,4259,
+	4261,4271,4273,4283,4289,4297,4327,4337,
+	4339,4349,4357,4363,4373,4391,4397,4409,
+	4421,4423,4441,4447,4451,4457,4463,4481,
+	4483,4493,4507,4513,4517,4519,4523,4547,
+	4549,4561,4567,4583,4591,4597,4603,4621,
+	4637,4639,4643,4649,4651,4657,4663,4673,
+	4679,4691,4703,4721,4723,4729,4733,4751,
+	4759,4783,4787,4789,4793,4799,4801,4813,
+	4817,4831,4861,4871,4877,4889,4903,4909,
+	4919,4931,4933,4937,4943,4951,4957,4967,
+	4969,4973,4987,4993,4999,5003,5009,5011,
+	5021,5023,5039,5051,5059,5077,5081,5087,
+	5099,5101,5107,5113,5119,5147,5153,5167,
+	5171,5179,5189,5197,5209,5227,5231,5233,
+	5237,5261,5273,5279,5281,5297,5303,5309,
+	5323,5333,5347,5351,5381,5387,5393,5399,
+	5407,5413,5417,5419,5431,5437,5441,5443,
+	5449,5471,5477,5479,5483,5501,5503,5507,
+	5519,5521,5527,5531,5557,5563,5569,5573,
+	5581,5591,5623,5639,5641,5647,5651,5653,
+	5657,5659,5669,5683,5689,5693,5701,5711,
+	5717,5737,5741,5743,5749,5779,5783,5791,
+	5801,5807,5813,5821,5827,5839,5843,5849,
+	5851,5857,5861,5867,5869,5879,5881,5897,
+	5903,5923,5927,5939,5953,5981,5987,6007,
+	6011,6029,6037,6043,6047,6053,6067,6073,
+	6079,6089,6091,6101,6113,6121,6131,6133,
+	6143,6151,6163,6173,6197,6199,6203,6211,
+	6217,6221,6229,6247,6257,6263,6269,6271,
+	6277,6287,6299,6301,6311,6317,6323,6329,
+	6337,6343,6353,6359,6361,6367,6373,6379,
+	6389,6397,6421,6427,6449,6451,6469,6473,
+	6481,6491,6521,6529,6547,6551,6553,6563,
+	6569,6571,6577,6581,6599,6607,6619,6637,
+	6653,6659,6661,6673,6679,6689,6691,6701,
+	6703,6709,6719,6733,6737,6761,6763,6779,
+	6781,6791,6793,6803,6823,6827,6829,6833,
+	6841,6857,6863,6869,6871,6883,6899,6907,
+	6911,6917,6947,6949,6959,6961,6967,6971,
+	6977,6983,6991,6997,7001,7013,7019,7027,
+	7039,7043,7057,7069,7079,7103,7109,7121,
+	7127,7129,7151,7159,7177,7187,7193,7207,
+	7211,7213,7219,7229,7237,7243,7247,7253,
+	7283,7297,7307,7309,7321,7331,7333,7349,
+	7351,7369,7393,7411,7417,7433,7451,7457,
+	7459,7477,7481,7487,7489,7499,7507,7517,
+	7523,7529,7537,7541,7547,7549,7559,7561,
+	7573,7577,7583,7589,7591,7603,7607,7621,
+	7639,7643,7649,7669,7673,7681,7687,7691,
+	7699,7703,7717,7723,7727,7741,7753,7757,
+	7759,7789,7793,7817,7823,7829,7841,7853,
+	7867,7873,7877,7879,7883,7901,7907,7919,
+	7927,7933,7937,7949,7951,7963,7993,8009,
+	8011,8017,8039,8053,8059,8069,8081,8087,
+	8089,8093,8101,8111,8117,8123,8147,8161,
+	8167,8171,8179,8191,8209,8219,8221,8231,
+	8233,8237,8243,8263,8269,8273,8287,8291,
+	8293,8297,8311,8317,8329,8353,8363,8369,
+	8377,8387,8389,8419,8423,8429,8431,8443,
+	8447,8461,8467,8501,8513,8521,8527,8537,
+	8539,8543,8563,8573,8581,8597,8599,8609,
+	8623,8627,8629,8641,8647,8663,8669,8677,
+	8681,8689,8693,8699,8707,8713,8719,8731,
+	8737,8741,8747,8753,8761,8779,8783,8803,
+	8807,8819,8821,8831,8837,8839,8849,8861,
+	8863,8867,8887,8893,8923,8929,8933,8941,
+	8951,8963,8969,8971,8999,9001,9007,9011,
+	9013,9029,9041,9043,9049,9059,9067,9091,
+	9103,9109,9127,9133,9137,9151,9157,9161,
+	9173,9181,9187,9199,9203,9209,9221,9227,
+	9239,9241,9257,9277,9281,9283,9293,9311,
+	9319,9323,9337,9341,9343,9349,9371,9377,
+	9391,9397,9403,9413,9419,9421,9431,9433,
+	9437,9439,9461,9463,9467,9473,9479,9491,
+	9497,9511,9521,9533,9539,9547,9551,9587,
+	9601,9613,9619,9623,9629,9631,9643,9649,
+	9661,9677,9679,9689,9697,9719,9721,9733,
+	9739,9743,9749,9767,9769,9781,9787,9791,
+	9803,9811,9817,9829,9833,9839,9851,9857,
+	9859,9871,9883,9887,9901,9907,9923,9929,
+	9931,9941,9949,9967,9973,10007,10009,10037,
+	10039,10061,10067,10069,10079,10091,10093,10099,
+	10103,10111,10133,10139,10141,10151,10159,10163,
+	10169,10177,10181,10193,10211,10223,10243,10247,
+	10253,10259,10267,10271,10273,10289,10301,10303,
+	10313,10321,10331,10333,10337,10343,10357,10369,
+	10391,10399,10427,10429,10433,10453,10457,10459,
+	10463,10477,10487,10499,10501,10513,10529,10531,
+	10559,10567,10589,10597,10601,10607,10613,10627,
+	10631,10639,10651,10657,10663,10667,10687,10691,
+	10709,10711,10723,10729,10733,10739,10753,10771,
+	10781,10789,10799,10831,10837,10847,10853,10859,
+	10861,10867,10883,10889,10891,10903,10909,10937,
+	10939,10949,10957,10973,10979,10987,10993,11003,
+	11027,11047,11057,11059,11069,11071,11083,11087,
+	11093,11113,11117,11119,11131,11149,11159,11161,
+	11171,11173,11177,11197,11213,11239,11243,11251,
+	11257,11261,11273,11279,11287,11299,11311,11317,
+	11321,11329,11351,11353,11369,11383,11393,11399,
+	11411,11423,11437,11443,11447,11467,11471,11483,
+	11489,11491,11497,11503,11519,11527,11549,11551,
+	11579,11587,11593,11597,11617,11621,11633,11657,
+	11677,11681,11689,11699,11701,11717,11719,11731,
+	11743,11777,11779,11783,11789,11801,11807,11813,
+	11821,11827,11831,11833,11839,11863,11867,11887,
+	11897,11903,11909,11923,11927,11933,11939,11941,
+	11953,11959,11969,11971,11981,11987,12007,12011,
+	12037,12041,12043,12049,12071,12073,12097,12101,
+	12107,12109,12113,12119,12143,12149,12157,12161,
+	12163,12197,12203,12211,12227,12239,12241,12251,
+	12253,12263,12269,12277,12281,12289,12301,12323,
+	12329,12343,12347,12373,12377,12379,12391,12401,
+	12409,12413,12421,12433,12437,12451,12457,12473,
+	12479,12487,12491,12497,12503,12511,12517,12527,
+	12539,12541,12547,12553,12569,12577,12583,12589,
+	12601,12611,12613,12619,12637,12641,12647,12653,
+	12659,12671,12689,12697,12703,12713,12721,12739,
+	12743,12757,12763,12781,12791,12799,12809,12821,
+	12823,12829,12841,12853,12889,12893,12899,12907,
+	12911,12917,12919,12923,12941,12953,12959,12967,
+	12973,12979,12983,13001,13003,13007,13009,13033,
+	13037,13043,13049,13063,13093,13099,13103,13109,
+	13121,13127,13147,13151,13159,13163,13171,13177,
+	13183,13187,13217,13219,13229,13241,13249,13259,
+	13267,13291,13297,13309,13313,13327,13331,13337,
+	13339,13367,13381,13397,13399,13411,13417,13421,
+	13441,13451,13457,13463,13469,13477,13487,13499,
+	13513,13523,13537,13553,13567,13577,13591,13597,
+	13613,13619,13627,13633,13649,13669,13679,13681,
+	13687,13691,13693,13697,13709,13711,13721,13723,
+	13729,13751,13757,13759,13763,13781,13789,13799,
+	13807,13829,13831,13841,13859,13873,13877,13879,
+	13883,13901,13903,13907,13913,13921,13931,13933,
+	13963,13967,13997,13999,14009,14011,14029,14033,
+	14051,14057,14071,14081,14083,14087,14107,14143,
+	14149,14153,14159,14173,14177,14197,14207,14221,
+	14243,14249,14251,14281,14293,14303,14321,14323,
+	14327,14341,14347,14369,14387,14389,14401,14407,
+	14411,14419,14423,14431,14437,14447,14449,14461,
+	14479,14489,14503,14519,14533,14537,14543,14549,
+	14551,14557,14561,14563,14591,14593,14621,14627,
+	14629,14633,14639,14653,14657,14669,14683,14699,
+	14713,14717,14723,14731,14737,14741,14747,14753,
+	14759,14767,14771,14779,14783,14797,14813,14821,
+	14827,14831,14843,14851,14867,14869,14879,14887,
+	14891,14897,14923,14929,14939,14947,14951,14957,
+	14969,14983,15013,15017,15031,15053,15061,15073,
+	15077,15083,15091,15101,15107,15121,15131,15137,
+	15139,15149,15161,15173,15187,15193,15199,15217,
+	15227,15233,15241,15259,15263,15269,15271,15277,
+	15287,15289,15299,15307,15313,15319,15329,15331,
+	15349,15359,15361,15373,15377,15383,15391,15401,
+	15413,15427,15439,15443,15451,15461,15467,15473,
+	15493,15497,15511,15527,15541,15551,15559,15569,
+	15581,15583,15601,15607,15619,15629,15641,15643,
+	15647,15649,15661,15667,15671,15679,15683,15727,
+	15731,15733,15737,15739,15749,15761,15767,15773,
+	15787,15791,15797,15803,15809,15817,15823,15859,
+	15877,15881,15887,15889,15901,15907,15913,15919,
+	15923,15937,15959,15971,15973,15991,16001,16007,
+	16033,16057,16061,16063,16067,16069,16073,16087,
+	16091,16097,16103,16111,16127,16139,16141,16183,
+	16187,16189,16193,16217,16223,16229,16231,16249,
+	16253,16267,16273,16301,16319,16333,16339,16349,
+	16361,16363,16369,16381,16411,16417,16421,16427,
+	16433,16447,16451,16453,16477,16481,16487,16493,
+	16519,16529,16547,16553,16561,16567,16573,16603,
+	16607,16619,16631,16633,16649,16651,16657,16661,
+	16673,16691,16693,16699,16703,16729,16741,16747,
+	16759,16763,16787,16811,16823,16829,16831,16843,
+	16871,16879,16883,16889,16901,16903,16921,16927,
+	16931,16937,16943,16963,16979,16981,16987,16993,
+	17011,17021,17027,17029,17033,17041,17047,17053,
+	17077,17093,17099,17107,17117,17123,17137,17159,
+	17167,17183,17189,17191,17203,17207,17209,17231,
+	17239,17257,17291,17293,17299,17317,17321,17327,
+	17333,17341,17351,17359,17377,17383,17387,17389,
+	17393,17401,17417,17419,17431,17443,17449,17467,
+	17471,17477,17483,17489,17491,17497,17509,17519,
+	17539,17551,17569,17573,17579,17581,17597,17599,
+	17609,17623,17627,17657,17659,17669,17681,17683,
+	17707,17713,17729,17737,17747,17749,17761,17783,
+	17789,17791,17807,17827,17837,17839,17851,17863,
+#endif
+	};
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
new file mode 100644
index 0000000000000000000000000000000000000000..979385a3343a012fff95e7b85d85426fcb7b16e7
--- /dev/null
+++ b/crypto/bn/bn_prime.pl
@@ -0,0 +1,56 @@
+#!/usr/local/bin/perl
+# bn_prime.pl
+
+$num=2048;
+$num=$ARGV[0] if ($#ARGV >= 0);
+
+push(@primes,2);
+$p=1;
+loop: while ($#primes < $num-1)
+	{
+	$p+=2;
+	$s=int(sqrt($p));
+
+	for ($i=0; $primes[$i]<=$s; $i++)
+		{
+		next loop if (($p%$primes[$i]) == 0);
+		}
+	push(@primes,$p);
+	}
+
+print <<"EOF";
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+ * All rights reserved.
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * See the COPYRIGHT file in the SSLeay distribution for more details.
+ */
+
+EOF
+
+for ($i=0; $i <= $#primes; $i++)
+	{
+	if ($primes[$i] > 256)
+		{
+		$eight=$i;
+		last;
+		}
+	}
+
+printf "#ifndef EIGHT_BIT\n";
+printf "#define NUMPRIMES %d\n",$num;
+printf "#else\n";
+printf "#define NUMPRIMES %d\n",$eight;
+printf "#endif\n";
+print "static unsigned int primes[NUMPRIMES]=\n\t{\n\t";
+$init=0;
+for ($i=0; $i <= $#primes; $i++)
+	{
+	printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
+	printf("\n\t") if (($i%8) == 0) && ($i != 0);
+	printf("%4d,",$primes[$i]);
+	}
+print "\n#endif\n\t};\n";
+
+
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
new file mode 100644
index 0000000000000000000000000000000000000000..36bc0d14302e5748db6cac68295da1f414d726d5
--- /dev/null
+++ b/crypto/bn/bn_print.c
@@ -0,0 +1,218 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+#include "bn_lcl.h"
+
+static char *Hex="0123456789ABCDEF";
+
+/* Must 'Free' the returned data */
+char *BN_bn2ascii(a)
+BIGNUM *a;
+	{
+	int i,j,v,z=0;
+	char *buf;
+	char *p;
+
+	buf=(char *)Malloc(a->top*BN_BYTES*2+2);
+	if (buf == NULL)
+		{
+		BNerr(BN_F_BN_BN2ASCII,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=buf;
+	if (a->neg) *(p++)='-';
+	if (a->top == 0) *(p++)='0';
+	for (i=a->top-1; i >=0; i--)
+		{
+		for (j=BN_BITS2-8; j >= 0; j-=8)
+			{
+			/* strip leading zeros */
+			v=((int)(a->d[i]>>(long)j))&0xff;
+			if (z || (v != 0))
+				{
+				*(p++)=Hex[v>>4];
+				*(p++)=Hex[v&0x0f];
+				z=1;
+				}
+			}
+		}
+	*p='\0';
+err:
+	return(buf);
+	}
+
+int BN_ascii2bn(bn,a)
+BIGNUM **bn;
+char *a;
+	{
+	BIGNUM *ret=NULL;
+	BN_ULONG l=0;
+	int neg=0,h,m,i,j,k,c;
+	int num;
+
+	if ((a == NULL) || (*a == '\0')) return(0);
+
+	if (*a == '-') { neg=1; a++; }
+
+	for (i=0; isxdigit(a[i]); i++)
+		;
+
+	num=i+neg;
+	if (bn == NULL) return(num);
+
+	/* a is the start of the hex digets, and it is 'i' long */
+	if (*bn == NULL)
+		{
+		if ((ret=BN_new()) == NULL) return(0);
+		}
+	else
+		{
+		ret= *bn;
+		BN_zero(ret);
+		}
+
+	/* i is the number of hex digests; */
+	if (bn_expand(ret,i*4) == NULL) goto err;
+
+	j=i; /* least significate 'hex' */
+	m=0;
+	h=0;
+	while (j > 0)
+		{
+		m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
+		l=0;
+		for (;;)
+			{
+			c=a[j-m];
+			if ((c >= '0') && (c <= '9')) k=c-'0';
+			else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
+			else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
+			else k=0; /* paranoia */
+			l=(l<<4)|k;
+
+			if (--m <= 0)
+				{
+				ret->d[h++]=l;
+				break;
+				}
+			}
+		j-=(BN_BYTES*2);
+		}
+	ret->top=h;
+	bn_fix_top(ret);
+	ret->neg=neg;
+
+	*bn=ret;
+	return(num);
+err:
+	if (*bn == NULL) BN_free(ret);
+	return(0);
+	}
+
+#ifndef NO_BIO
+
+#ifndef WIN16
+int BN_print_fp(fp, a)
+FILE *fp;
+BIGNUM *a;
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		return(0);
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=BN_print(b,a);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int BN_print(bp, a)
+BIO *bp;
+BIGNUM *a;
+	{
+	int i,j,v,z=0;
+	int ret=0;
+
+	if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
+	if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end;
+	for (i=a->top-1; i >=0; i--)
+		{
+		for (j=BN_BITS2-4; j >= 0; j-=4)
+			{
+			/* strip leading zeros */
+			v=((int)(a->d[i]>>(long)j))&0x0f;
+			if (z || (v != 0))
+				{
+				if (BIO_write(bp,&(Hex[v]),1) != 1)
+					goto end;
+				z=1;
+				}
+			}
+		}
+	ret=1;
+end:
+	return(ret);
+	}
+
+#endif
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
new file mode 100644
index 0000000000000000000000000000000000000000..e3530a5bf2ed0ad4a6efd318eac058993cea6991
--- /dev/null
+++ b/crypto/bn/bn_rand.c
@@ -0,0 +1,121 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include "rand.h"
+
+int BN_rand(rnd, bits, top, bottom)
+BIGNUM *rnd;
+int bits;
+int top;
+int bottom;
+	{
+	unsigned char *buf=NULL;
+	int ret=0,bit,bytes,mask;
+	time_t tim;
+
+	bytes=(bits+7)/8;
+	bit=(bits-1)%8;
+	mask=0xff<
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_mod_mul_reciprocal(r, x, y, m, i, nb, ctx)
+BIGNUM *r;
+BIGNUM *x;
+BIGNUM *y;
+BIGNUM *m;
+BIGNUM *i;
+int nb;
+BN_CTX *ctx;
+	{
+	int ret=0,j;
+	BIGNUM *a,*b,*c,*d;
+
+	a=ctx->bn[ctx->tos++];
+	b=ctx->bn[ctx->tos++];
+	c=ctx->bn[ctx->tos++];
+	d=ctx->bn[ctx->tos++];
+
+	if (x == y)
+		{ if (!BN_sqr(a,x,ctx)) goto err; }
+	else
+		{ if (!BN_mul(a,x,y)) goto err; }
+	if (!BN_rshift(d,a,nb)) goto err;
+	if (!BN_mul(b,d,i)) goto err;
+	if (!BN_rshift(c,b,nb)) goto err;
+	if (!BN_mul(b,m,c)) goto err;
+	if (!BN_sub(r,a,b)) goto err;
+	j=0;
+	while (BN_cmp(r,m) >= 0)
+		{
+		if (j++ > 2)
+			{
+			BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
+			goto err;
+			}
+		if (!BN_sub(r,r,m)) goto err;
+		}
+
+	ret=1;
+err:
+	ctx->tos-=4;
+	return(ret);
+	}
+
+int BN_reciprocal(r, m,ctx)
+BIGNUM *r;
+BIGNUM *m;
+BN_CTX *ctx;
+	{
+	int nm,ret= -1;
+	BIGNUM *t;
+
+	t=ctx->bn[ctx->tos++];
+
+	nm=BN_num_bits(m);
+	if (!BN_lshift(t,BN_value_one(),nm*2)) goto err;
+
+	if (!BN_div(r,NULL,t,m,ctx)) goto err;
+	ret=nm;
+err:
+	ctx->tos--;
+	return(ret);
+	}
+
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
new file mode 100644
index 0000000000000000000000000000000000000000..d711887373b43566bc45d55d885c8a85f4fe1e57
--- /dev/null
+++ b/crypto/bn/bn_shift.c
@@ -0,0 +1,210 @@
+/* crypto/bn/bn_shift.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(r, a)
+BIGNUM *r;
+BIGNUM *a;
+	{
+	register BN_ULONG *ap,*rp,t,c;
+	int i;
+
+	if (r != a)
+		{
+		r->neg=a->neg;
+		if (bn_expand(r,(a->top+1)*BN_BITS2) == NULL) return(0);
+		r->top=a->top;
+		}
+	else
+		{
+		if (bn_expand(r,(a->top+1)*BN_BITS2) == NULL) return(0);
+		}
+	ap=a->d;
+	rp=r->d;
+	c=0;
+	for (i=0; itop; i++)
+		{
+		t= *(ap++);
+		*(rp++)=((t<<1)|c)&BN_MASK2;
+		c=(t & BN_TBIT)?1:0;
+		}
+	if (c)
+		{
+		*rp=1;
+		r->top++;
+		}
+	return(1);
+	}
+
+int BN_rshift1(r, a)
+BIGNUM *r;
+BIGNUM *a;
+	{
+	BN_ULONG *ap,*rp,t,c;
+	int i;
+
+	if (BN_is_zero(a))
+		{
+		BN_zero(r);
+		return(1);
+		}
+	if (a != r)
+		{
+		if (bn_expand(r,a->top*BN_BITS2) == NULL) return(0);
+		r->top=a->top;
+		r->neg=a->neg;
+		}
+	ap=a->d;
+	rp=r->d;
+	c=0;
+	for (i=a->top-1; i>=0; i--)
+		{
+		t=ap[i];
+		rp[i]=((t>>1)&BN_MASK2)|c;
+		c=(t&1)?BN_TBIT:0;
+		}
+	bn_fix_top(r);
+	return(1);
+	}
+
+int BN_lshift(r, a, n)
+BIGNUM *r;
+BIGNUM *a;
+int n;
+	{
+	int i,nw,lb,rb;
+	BN_ULONG *t,*f;
+	BN_ULONG l;
+
+	r->neg=a->neg;
+	if (bn_expand(r,(a->top*BN_BITS2)+n) == NULL) return(0);
+	nw=n/BN_BITS2;
+	lb=n%BN_BITS2;
+	rb=BN_BITS2-lb;
+	f=a->d;
+	t=r->d;
+	t[a->top+nw]=0;
+	if (lb == 0)
+		for (i=a->top-1; i>=0; i--)
+			t[nw+i]=f[i];
+	else
+		for (i=a->top-1; i>=0; i--)
+			{
+			l=f[i];
+			t[nw+i+1]|=(l>>rb)&BN_MASK2;
+			t[nw+i]=(l<top=a->top+nw+1;
+	bn_fix_top(r);
+	return(1);
+	}
+
+int BN_rshift(r, a, n)
+BIGNUM *r;
+BIGNUM *a;
+int n;
+	{
+	int i,j,nw,lb,rb;
+	BN_ULONG *t,*f;
+	BN_ULONG l,tmp;
+
+	nw=n/BN_BITS2;
+	rb=n%BN_BITS2;
+	lb=BN_BITS2-rb;
+	if (nw > a->top)
+		{
+		BN_zero(r);
+		return(1);
+		}
+	if (r != a)
+		{
+		r->neg=a->neg;
+		if (bn_expand(r,(a->top-nw+1)*BN_BITS2) == NULL) return(0);
+		}
+
+	f= &(a->d[nw]);
+	t=r->d;
+	j=a->top-nw;
+	r->top=j;
+
+	if (rb == 0)
+		{
+		for (i=j+1; i > 0; i--)
+			*(t++)= *(f++);
+		}
+	else
+		{
+		l= *(f++);
+		for (i=1; i>rb)&BN_MASK2;
+			l= *(f++);
+			*(t++) =(tmp|(l<>rb)&BN_MASK2;
+		}
+	*t=0;
+	bn_fix_top(r);
+	return(1);
+	}
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
new file mode 100644
index 0000000000000000000000000000000000000000..4c3f0a0986ea01dba661962d862b934a313961d2
--- /dev/null
+++ b/crypto/bn/bn_sqr.c
@@ -0,0 +1,161 @@
+/* crypto/bn/bn_sqr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
+int BN_sqr(r, a, ctx)
+BIGNUM *r;
+BIGNUM *a;
+BN_CTX *ctx;
+	{
+	int i,j,max,al;
+	BIGNUM *tmp;
+	BN_ULONG *ap,*rp,c;
+
+	tmp=ctx->bn[ctx->tos];
+
+	al=a->top;
+	if (al == 0)
+		{
+		r->top=0;
+		return(1);
+		}
+
+	max=(al*2);
+	if (bn_expand(r,max*BN_BITS2) == NULL) return(0);
+	if (bn_expand(tmp,max*BN_BITS2) == NULL) return(0);
+
+	r->neg=0;
+
+	ap=a->d;
+	rp=r->d;
+	rp[0]=rp[max-1]=0;
+	rp++;
+	j=al;
+
+	if (--j > 0)
+		{
+		ap++;
+		rp[j]=bn_mul_word(rp,ap,j,ap[-1]);
+		rp+=2;
+		}
+
+	for (i=2; id;
+	c=0;
+	for (i=0; id,a->d,al);
+
+	/* inlined add */
+	ap=tmp->d;
+	rp=r->d;
+	c=0;
+	j=max;
+	for (i=0; i= ((~t1)&BN_MASK2));
+			t2=(t1+t2+1)&BN_MASK2;
+			}
+		else
+			{
+			t2=(t1+t2)&BN_MASK2;
+			c=(t2top=max;
+	if (r->d[max-1] == 0) r->top--;
+	return(1);
+	}
+
diff --git a/crypto/bn/bn_sub.c b/crypto/bn/bn_sub.c
new file mode 100644
index 0000000000000000000000000000000000000000..b0febc342149bc4e9d19a9fbaba0218cf31b82ff
--- /dev/null
+++ b/crypto/bn/bn_sub.c
@@ -0,0 +1,176 @@
+/* crypto/bn/bn_sub.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+void bn_qsub(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int max,min;
+	register BN_ULONG t1,t2,*ap,*bp,*rp;
+	int i,carry;
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+	int dummy;
+#endif
+
+	max=a->top;
+	min=b->top;
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+
+	carry=0;
+	for (i=0; i t2) break;
+			}
+		}
+	memcpy(rp,ap,sizeof(*rp)*(max-i));
+/*	for (; itop=max;
+	bn_fix_top(r);
+	}
+
+int BN_sub(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int max,i;
+	int add=0,neg=0;
+	BIGNUM *tmp;
+
+	/*  a -  b	a-b
+	 *  a - -b	a+b
+	 * -a -  b	-(a+b)
+	 * -a - -b	b-a
+	 */
+	if (a->neg)
+		{
+		if (b->neg)
+			{ tmp=a; a=b; b=tmp; }
+		else
+			{ add=1; neg=1; }
+		}
+	else
+		{
+		if (b->neg) { add=1; neg=0; }
+		}
+
+	if (add)
+		{
+		i=(a->top > b->top);
+	        if (bn_expand(r,(((i)?a->top:b->top)+1)*BN_BITS2) == NULL)
+			return(0);
+		if (i)
+			bn_qadd(r,a,b);
+		else
+			bn_qadd(r,b,a);
+		r->neg=neg;
+		return(1);
+		}
+
+	/* We are actually doing a - b :-) */
+
+	max=(a->top > b->top)?a->top:b->top;
+	if (bn_expand(r,max*BN_BITS2) == NULL) return(0);
+	if (BN_ucmp(a,b) < 0)
+		{
+		bn_qsub(r,b,a);
+		r->neg=1;
+		}
+	else
+		{
+		bn_qsub(r,a,b);
+		r->neg=0;
+		}
+	return(1);
+	}
+
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
new file mode 100644
index 0000000000000000000000000000000000000000..b61ddd95cebd836b673b3654028f38f18d29000d
--- /dev/null
+++ b/crypto/bn/bn_word.c
@@ -0,0 +1,155 @@
+/* crypto/bn/bn_word.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(a, w)
+BIGNUM *a;
+unsigned long w;
+	{
+#ifndef BN_LLONG
+	BN_ULONG ret=0;
+#else
+	BN_ULLONG ret=0;
+#endif
+	int i;
+
+	for (i=a->top-1; i>=0; i--)
+		{
+#ifndef BN_LLONG
+		ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%(int)w;
+		ret=((ret<d[i]&BN_MASK2l))%(int)w;
+#else
+		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
+			(BN_ULLONG)w);
+#endif
+		}
+	return((BN_ULONG)ret);
+	}
+
+BN_ULONG BN_div_word(a, w)
+BIGNUM *a;
+unsigned long w;
+	{
+	BN_ULONG ret;
+	int i;
+
+	if (a->top == 0) return(0);
+	ret=0;
+	for (i=a->top-1; i>=0; i--)
+		{
+#ifndef BN_LLONG
+		ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%(int)w;
+		ret=((ret<d[i]&BN_MASK2l))%(int)w;
+#else
+		BN_ULLONG ll;
+
+		ll=((BN_ULLONG)ret<<(BN_ULONG)BN_BITS2)|a->d[i];
+		a->d[i]=(BN_ULONG)(ll/w);
+		ret=(BN_ULONG)(ll%w);
+#endif
+		}
+	if (a->d[a->top-1] == 0)
+		a->top--;
+	return(ret);
+	}
+
+int BN_add_word(a, w)
+BIGNUM *a;
+unsigned long w;
+	{
+	BN_ULONG l;
+	int i;
+
+	if (bn_expand(a,a->top*BN_BITS2+1) == NULL) return(0);
+	i=0;
+	for (;;)
+		{
+		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+		a->d[i]=l;
+		if (w > l)
+			w=1;
+		else
+			break;
+		i++;
+		}
+	if (i >= a->top)
+		a->top++;
+	return(1);
+	}
+
+#ifdef undef
+BN_ULONG *BN_mod_inverse_word(a)
+BN_ULONG a;
+	{
+	BN_ULONG A,B,X,Y,M,D,R,RET,T;
+	int sign,hight=1;
+
+	X=0;
+	Y=1;
+	A=0;
+	B=a;
+	sign=1;
+
+	while (B != 0)
+		{
+
+#endif
+
diff --git a/crypto/bn/bnspeed.c b/crypto/bn/bnspeed.c
new file mode 100644
index 0000000000000000000000000000000000000000..3b83a26dea98fc7620b312edb395c7692e1ad038
--- /dev/null
+++ b/crypto/bn/bnspeed.c
@@ -0,0 +1,240 @@
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#undef PROG
+#define PROG bnspeed_main
+
+#include 
+#include 
+#include 
+#include 
+#include "crypto.h"
+#include "err.h"
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#ifndef VMS
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+#else /* VMS */
+#include 
+struct tms {
+	time_t tms_utime;
+	time_t tms_stime;
+	time_t tms_uchild;	/* I dunno...  */
+	time_t tms_uchildsys;	/* so these names are a guess :-) */
+	}
+#endif
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef sun
+#include 
+#include 
+#endif
+
+#include "bn.h"
+#include "x509.h"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   ifndef VMS
+#    define HZ	100.0
+#   else /* VMS */
+#    define HZ	100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE	((long)1024*8)
+int run=0;
+
+#ifndef NOPROTO
+static double Time_F(int s);
+#else
+static double Time_F();
+#endif
+
+#define START	0
+#define STOP	1
+
+static double Time_F(s)
+int s;
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret < 1e-3)?1e-3:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret < 0.001)?0.001:ret);
+		}
+#endif
+	}
+
+#define NUM_SIZES	5
+/*static int sizes[NUM_SIZES]={256,512,1024,2048};*/
+static int sizes[NUM_SIZES]={59,179,299,419,539};
+
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
+
+int main(argc,argv)
+int argc;
+char **argv;
+	{
+	BN_CTX *ctx;
+	BIGNUM *a,*b,*c,*r;
+
+	ctx=BN_CTX_new();
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	r=BN_new();
+
+	do_mul(a,b,c,ctx);
+	}
+
+void do_mul(r,a,b,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+BN_CTX *ctx;
+	{
+	int i,j,k;
+	double tm;
+
+	for (i=0; i %7.4f\n",sizes[i],sizes[j],tm/10.0);
+			}
+		}
+
+	for (i=0; i %7.4f\n",sizes[i],sizes[i],tm/10.0);
+		}
+
+	for (i=0; i %7.4f\n",sizes[j],sizes[i],tm/10.0);
+			}
+		}
+	}
+
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
new file mode 100644
index 0000000000000000000000000000000000000000..7a2f0b8d6d9bbb70ea94b5f8bcd17f8ff63f605f
--- /dev/null
+++ b/crypto/bn/bntest.c
@@ -0,0 +1,775 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "bio.h"
+#include "bn.h"
+#include "rand.h"
+#include "x509.h"
+#include "err.h"
+
+#ifndef NOPROTO
+int test_add (BIO *bp);
+int test_sub (BIO *bp);
+int test_lshift1 (BIO *bp);
+int test_lshift (BIO *bp);
+int test_rshift1 (BIO *bp);
+int test_rshift (BIO *bp);
+int test_div (BIO *bp,BN_CTX *ctx);
+int test_mul (BIO *bp);
+int test_sqr (BIO *bp,BN_CTX *ctx);
+int test_mont (BIO *bp,BN_CTX *ctx);
+int test_mod (BIO *bp,BN_CTX *ctx);
+int test_mod_mul (BIO *bp,BN_CTX *ctx);
+int test_mod_exp (BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+#else
+int test_add ();
+int test_sub ();
+int test_lshift1 ();
+int test_lshift ();
+int test_rshift1 ();
+int test_rshift ();
+int test_div ();
+int test_mul ();
+int test_sqr ();
+int test_mont ();
+int test_mod ();
+int test_mod_mul ();
+int test_mod_exp ();
+int rand_neg();
+#endif
+
+static int results=0;
+
+#ifdef WIN16
+#define APPS_WIN16
+#include "../bio/bss_file.c"
+#endif
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BN_CTX *ctx;
+	BIO *out;
+	char *outfile=NULL;
+
+	srand((unsigned int)time(NULL));
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-results") == 0)
+			results=1;
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) break;
+			outfile= *(++argv);
+			}
+		argc--;
+		argv++;
+		}
+
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) exit(1);
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) exit(1);
+	if (outfile == NULL)
+		{
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		}
+	else
+		{
+		if (!BIO_write_filename(out,outfile))
+			{
+			perror(outfile);
+			exit(1);
+			}
+		}
+
+	if (!results)
+		BIO_puts(out,"obase=16\nibase=16\n");
+
+	fprintf(stderr,"test BN_add\n");
+	if (!test_add(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_sub\n");
+	if (!test_sub(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_lshift1\n");
+	if (!test_lshift1(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_lshift\n");
+	if (!test_lshift(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_rshift1\n");
+	if (!test_rshift1(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_rshift\n");
+	if (!test_rshift(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_div\n");
+	if (!test_div(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mod\n");
+	if (!test_mod(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mul\n");
+	if (!test_mul(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_sqr\n");
+	if (!test_sqr(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mod_mul\n");
+	if (!test_mod_mul(out,ctx)) goto err;
+	fflush(stdout);
+
+/*
+	fprintf(stderr,"test BN_mont\n");
+	if (!test_mont(out,ctx)) goto err;
+	fflush(stdout);
+*/
+	fprintf(stderr,"test BN_mod_exp\n");
+	if (!test_mod_exp(out,ctx)) goto err;
+	fflush(stdout);
+
+/**/
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(out);
+	exit(1);
+	return(1);
+	}
+
+int test_add(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+	int j;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+
+	BN_rand(a,512,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(b,450+i,0,0);
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<10000; j++)
+				BN_add(c,a,b);
+		BN_add(c,a,b);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," + ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_sub(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+	int j;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+
+	BN_rand(a,512,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(b,400+i,0,0);
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<10000; j++)
+				BN_sub(c,a,b);
+		BN_sub(c,a,b);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," - ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_div(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*b,*c,*d;
+	int i;
+	int j;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+
+	BN_rand(a,400,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(b,50+i,0,0);
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_div(d,c,a,b,ctx);
+		BN_div(d,c,a,b,ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," / ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,d);
+			BIO_puts(bp,"\n");
+
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," % ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	return(1);
+	}
+
+int test_mul(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+	int j;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+
+	BN_rand(a,200,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(b,250+i,0,0);
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mul(c,a,b);
+		BN_mul(c,a,b);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_sqr(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*c;
+	int i;
+	int j;
+
+	a=BN_new();
+	c=BN_new();
+
+	for (i=0; i<40; i++)
+		{
+		BN_rand(a,40+i*10,0,0);
+		a->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_sqr(c,a,ctx);
+		BN_sqr(c,a,ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,a);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(c);
+	return(1);
+	}
+
+int test_mont(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*b,*c,*A,*B;
+	BIGNUM *n;
+	int i;
+	int j;
+	BN_MONT_CTX *mont;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	A=BN_new();
+	B=BN_new();
+	n=BN_new();
+
+	mont=BN_MONT_CTX_new();
+
+	BN_rand(a,100,0,0); /**/
+	BN_rand(b,100,0,0); /**/
+	for (i=0; i<10; i++)
+		{
+		BN_rand(n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
+		BN_MONT_CTX_set(mont,n,ctx);
+
+		BN_to_montgomery(A,a,mont,ctx);
+		BN_to_montgomery(B,b,mont,ctx);
+
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
+		BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
+		BN_from_montgomery(A,c,mont,ctx);/**/
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(a),
+BN_num_bits(b),
+BN_num_bits(mont->N));
+#endif
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,b);
+				BIO_puts(bp," % ");
+				BN_print(bp,mont->N);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,A);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_MONT_CTX_free(mont);
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_mod(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+	int j;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+
+	BN_rand(a,1024,0,0); /**/
+	for (i=0; i<20; i++)
+		{
+		BN_rand(b,450+i*10,0,0); /**/
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mod(c,a,b,ctx);/**/
+		BN_mod(c,a,b,ctx);/**/
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," % ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_mod_mul(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*b,*c,*d,*e;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_rand(c,1024,0,0); /**/
+	for (i=0; i<10; i++)
+		{
+		BN_rand(a,475+i*10,0,0); /**/
+		BN_rand(b,425+i*10,0,0); /**/
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+	/*	if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mod_mul(d,a,b,c,ctx);*/ /**/
+
+		if (!BN_mod_mul(e,a,b,c,ctx))
+			{
+			unsigned long l;
+
+			while ((l=ERR_get_error()))
+				fprintf(stderr,"ERROR:%s\n",
+					ERR_error_string(l,NULL));
+			exit(1);
+			}
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,b);
+				BIO_puts(bp," % ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,e);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return(1);
+	}
+
+int test_mod_exp(bp,ctx)
+BIO *bp;
+BN_CTX *ctx;
+	{
+	BIGNUM *a,*b,*c,*d,*e;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_rand(c,30,0,1); /* must be odd for montgomery */
+	for (i=0; i<6; i++)
+		{
+		BN_rand(a,20+i*5,0,0); /**/
+		BN_rand(b,2+i,0,0); /**/
+
+		if (!BN_mod_exp(d,a,b,c,ctx))
+			return(00);
+
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," ^ ");
+				BN_print(bp,b);
+				BIO_puts(bp," % ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,d);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return(1);
+	}
+
+int test_lshift(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	BN_one(c);
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_lshift(b,a,i+1);
+		BN_add(c,c,c);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_lshift1(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_lshift1(b,a);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * 2");
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		BN_copy(a,b);
+		}
+	BN_free(a);
+	BN_free(b);
+	return(1);
+	}
+
+int test_rshift(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	BN_one(c);
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_rshift(b,a,i+1);
+		BN_add(c,c,c);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," / ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_rshift1(bp)
+BIO *bp;
+	{
+	BIGNUM *a,*b;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_rshift1(b,a);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," / 2");
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		BN_copy(a,b);
+		}
+	BN_free(a);
+	BN_free(b);
+	return(1);
+	}
+
+int rand_neg()
+	{
+	static unsigned int neg=0;
+	static int sign[8]={0,0,0,1,1,0,1,1};
+
+	return(sign[(neg++)%8]);
+	}
diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c
new file mode 100644
index 0000000000000000000000000000000000000000..4880df1116040bd006c76ca05e8961d4789079c9
--- /dev/null
+++ b/crypto/bn/exptest.c
@@ -0,0 +1,148 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "bio.h"
+#include "bn.h"
+#include "rand.h"
+#include "err.h"
+
+#define NUM_BITS	(BN_BITS*2)
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BN_CTX *ctx;
+	BIO *out=NULL;
+	int i,ret;
+	unsigned char c;
+	BIGNUM *r_mont,*r_recp,*a,*b,*m;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) exit(1);
+	r_mont=BN_new();
+	r_recp=BN_new();
+	a=BN_new();
+	b=BN_new();
+	m=BN_new();
+	if (	(r_mont == NULL) || (r_recp == NULL) ||
+		(a == NULL) || (b == NULL))
+		goto err;
+
+#ifdef WIN16
+	out=BIO_new(BIO_s_file_internal_w16());
+#else
+	out=BIO_new(BIO_s_file());
+#endif
+	if (out == NULL) exit(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	for (i=0; i<200; i++)
+		{
+		RAND_bytes(&c,1);
+		c=(c%BN_BITS)-BN_BITS2;
+		BN_rand(a,NUM_BITS+c,0,0);
+
+		RAND_bytes(&c,1);
+		c=(c%BN_BITS)-BN_BITS2;
+		BN_rand(b,NUM_BITS+c,0,0);
+
+		RAND_bytes(&c,1);
+		c=(c%BN_BITS)-BN_BITS2;
+		BN_rand(m,NUM_BITS+c,0,1);
+
+		BN_mod(a,a,m,ctx);
+		BN_mod(b,b,m,ctx);
+
+		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx);
+		if (ret <= 0)
+			{ printf("BN_mod_exp_mont() problems\n"); exit(1); }
+
+		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+		if (ret <= 0)
+			{ printf("BN_mod_exp_recp() problems\n"); exit(1); }
+		
+		if (BN_cmp(r_mont,r_recp) != 0)
+			{
+			printf("\nmont and recp results differ\n");
+			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
+			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+			printf("\nrecp     =");	BN_print(out,r_recp);
+			printf("\nmont     ="); BN_print(out,r_mont);
+			printf("\n");
+			exit(1);
+			}
+		else
+			{
+			printf(".");
+			fflush(stdout);
+			}
+		}
+	printf(" done\n");
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(out);
+	exit(1);
+	return(1);
+	}
+
diff --git a/crypto/bn/stuff/bn_knuth.c b/crypto/bn/stuff/bn_knuth.c
new file mode 100644
index 0000000000000000000000000000000000000000..9a3f4130ede203b1357b789e87fe8cd12b35eb4c
--- /dev/null
+++ b/crypto/bn/stuff/bn_knuth.c
@@ -0,0 +1,378 @@
+/* crypto/bn/bn_knuth.c */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+
+/* This is just a test implementation, it has not been modified for
+ * speed and it still has memory leaks. */
+
+int BN_mask_bits(BIGNUM *a,int n);
+
+#undef DEBUG
+#define MAIN
+
+/* r must be different to a and b
+ * Toom-Cook multiplication algorithm, taken from
+ * The Art Of Computer Programming, Volume 2, Donald Knuth
+ */
+
+#define	CODE1		((BIGNUM *)0x01)
+#define	CODE2		((BIGNUM *)0x02)
+#define	CODE3		((BIGNUM *)0x03)
+#define MAXK		(30+1)
+
+#define C3	3
+#define C4	4
+#define C5	5
+#define C6	6
+#define C7	7
+#define C8	8
+#define C9	9
+#define C10	10
+#define DONE	11
+
+int new_total=0;
+int Free_total=0;
+int max=0,max_total=0;
+
+BIGNUM *LBN_new(void );
+BIGNUM *LBN_dup(BIGNUM *a);
+void LBN_free(BIGNUM *a);
+
+int BN_mul_knuth(w, a, b)
+BIGNUM *w;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	int ret=1;
+	int i,j,n,an,bn,y,z;
+	BIGNUM *U[MAXK],*V[MAXK],*T[MAXK];
+	BIGNUM *C[(MAXK*2*3)];
+	BIGNUM *W[(MAXK*2)],*t1,*t2,*t3,*t4;
+	int Utos,Vtos,Ctos,Wtos,Ttos;
+	unsigned int k,Q,R;
+	unsigned int q[MAXK];
+	unsigned int r[MAXK];
+	int state;
+
+	/* C1 */
+	Utos=Vtos=Ctos=Wtos=Ttos=0;
+	k=1;
+	q[0]=q[1]=64;
+	r[0]=r[1]=4;
+	Q=6;
+	R=2;
+
+	if (!bn_expand(w,BN_BITS2*2)) goto err;
+	an=BN_num_bits(a);
+	bn=BN_num_bits(b);
+	n=(an > bn)?an:bn;
+	while ((q[k-1]+q[k]) < n)
+		{
+		k++;
+		Q+=R;
+		i=R+1;
+		if ((i*i) <= Q) R=i;
+		q[k]=(1<top == 0) || (t1->top == 0))
+					w->top=0;
+				else
+					BN_mul(w,t1,t2);
+
+				LBN_free(t1); /* FREE */
+				LBN_free(t2); /* FREE */
+				state=C10;
+				}
+			else
+				{
+				lr=r[k];
+				lq=q[k];
+				lp=q[k-1]+q[k];
+				state=C4;
+				}
+			break;
+		case C4:
+			for (z=0; z<2; z++) /* do for u and v */
+				{
+				/* break the item at C[Ctos-1] 
+				 * into lr+1 parts of lq bits each
+				 * for j=0; j<=2r; j++
+				 */
+				t1=C[--Ctos]; /* pop off u */
+#ifdef DEBUG
+				printf("Ctos=%d poped %d\n",Ctos,1);
+#endif
+				if ((t2=LBN_dup(t1)) == NULL) goto err;
+				BN_mask_bits(t2,lq);
+				T[Ttos++]=t2;
+#ifdef DEBUG
+				printf("C4 r=0 bits=%d\n",BN_num_bits(t2));
+#endif
+				for (i=1; i<=lr; i++)
+					{
+					if (!BN_rshift(t1,t1,lq)) goto err;
+					if ((t2=LBN_dup(t1)) == NULL) goto err;
+					BN_mask_bits(t2,lq);
+					T[Ttos++]=t2;
+#ifdef DEBUG
+					printf("C4 r=%d bits=%d\n",i,
+						BN_num_bits(t2));
+#endif
+					}
+				LBN_free(t1);
+
+				if ((t2=LBN_new()) == NULL) goto err;
+				if ((t3=LBN_new()) == NULL) goto err;
+				for (j=0; j<=2*lr; j++)
+					{
+					if ((t1=LBN_new()) == NULL) goto err;
+
+					if (!BN_set_word(t3,j)) goto err;
+					for (i=lr; i>=0; i--)
+						{
+						if (!BN_mul(t2,t1,t3)) goto err;
+						if (!BN_add(t1,t2,T[i])) goto err;
+						}
+					/* t1 is U(j) */
+					if (z == 0)
+						U[Utos++]=t1;
+					else
+						V[Vtos++]=t1;
+					}
+				LBN_free(t2);
+				LBN_free(t3);
+				while (Ttos) LBN_free(T[--Ttos]);
+				}
+#ifdef DEBUG
+			for (i=0; i0; i--)
+				{
+				C[Ctos++]=V[i];
+				C[Ctos++]=U[i];
+				C[Ctos++]=CODE3;
+				}
+			C[Ctos++]=V[0];
+			C[Ctos++]=U[0];
+#ifdef DEBUG
+				printf("Ctos=%d pushed %d\n",Ctos,2*lr*3+3);
+#endif
+			Vtos=Utos=0;
+			state=C3;
+			break;
+		case C6:
+			if ((t1=LBN_dup(w)) == NULL) goto err;
+			W[Wtos++]=t1;
+#ifdef DEBUG
+			printf("put %d bit number onto w\n",BN_num_bits(t1));
+#endif
+			state=C3;
+			break;
+		case C7:
+			lr=r[k];
+			lq=q[k];
+			lp=q[k]+q[k-1];
+			z=Wtos-2*lr-1;
+			for (j=1; j<=2*lr; j++)
+				{
+				for (i=2*lr; i>=j; i--)
+					{
+					if (!BN_sub(W[z+i],W[z+i],W[z+i-1])) goto err;
+					BN_div_word(W[z+i],j);
+					}
+				}
+			state=C8;
+			break;
+		case C8:
+			y=2*lr-1;
+			if ((t1=LBN_new()) == NULL) goto err;
+			if ((t3=LBN_new()) == NULL) goto err;
+
+			for (j=y; j>0; j--)
+				{
+				if (!BN_set_word(t3,j)) goto err;
+				for (i=j; i<=y; i++)
+					{
+					if (!BN_mul(t1,W[z+i+1],t3)) goto err;
+					if (!BN_sub(W[z+i],W[z+i],t1)) goto err;
+					}
+				}
+			LBN_free(t1);
+			LBN_free(t3);
+			state=C9;
+			break;
+		case C9:
+			BN_zero(w);
+#ifdef DEBUG
+			printf("lq=%d\n",lq);
+#endif
+			for (i=lr*2; i>=0; i--)
+				{
+				BN_lshift(w,w,lq);
+				BN_add(w,w,W[z+i]);
+				}
+			for (i=0; i<=lr*2; i++)
+				LBN_free(W[--Wtos]);
+			state=C10;
+			break;
+		case C10:
+			k++;
+			t1=C[--Ctos];
+#ifdef DEBUG
+			printf("Ctos=%d poped %d\n",Ctos,1);
+			printf("code= CODE%d\n",t1);
+#endif
+			if (t1 == CODE3)
+				state=C6;
+			else if (t1 == CODE2)
+				{
+				if ((t2=LBN_dup(w)) == NULL) goto err;
+				W[Wtos++]=t2;
+				state=C7;
+				}
+			else if (t1 == CODE1)
+				{
+				state=DONE;
+				}
+			else
+				{
+				printf("BAD ERROR\n");
+				goto err;
+				}
+			break;
+		default:
+			printf("bad state\n");
+			goto err;
+			break;
+			}
+		if (state == DONE) break;
+		}
+	ret=1;
+err:
+	if (ret == 0) printf("ERROR\n");
+	return(ret);
+	}
+
+#ifdef MAIN
+main()
+	{
+	BIGNUM *a,*b,*r;
+	int i;
+
+	if ((a=LBN_new()) == NULL) goto err;
+	if ((b=LBN_new()) == NULL) goto err;
+	if ((r=LBN_new()) == NULL) goto err;
+
+	if (!BN_rand(a,1024*2,0,0)) goto err;
+	if (!BN_rand(b,1024*2,0,0)) goto err;
+
+	for (i=0; i<10; i++)
+		{
+		if (!BN_mul_knuth(r,a,b)) goto err; /**/
+		/*if (!BN_mul(r,a,b)) goto err; /**/
+		}
+BN_print(stdout,a); printf(" * ");
+BN_print(stdout,b); printf(" =\n");
+BN_print(stdout,r); printf("\n");
+
+printf("BN_new() =%d\nBN_free()=%d max=%d\n",new_total,Free_total,max);
+
+
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(stderr);
+	exit(1);
+	}
+#endif
+
+int BN_mask_bits(a,n)
+BIGNUM *a;
+int n;
+	{
+	int b,w;
+
+	w=n/BN_BITS2;
+	b=n%BN_BITS2;
+	if (w >= a->top) return(0);
+	if (b == 0)
+		a->top=w;
+	else
+		{
+		a->top=w+1;
+		a->d[w]&= ~(BN_MASK2< max) max=max_total;
+	return(BN_dup(a));
+	}
+
+BIGNUM *LBN_new()
+	{
+	new_total++;
+	max_total++;
+	if (max_total > max) max=max_total;
+	return(BN_new());
+	}
+
+void LBN_free(a)
+BIGNUM *a;
+	{
+	max_total--;
+	if (max_total > max) max=max_total;
+	Free_total++;
+	BN_free(a);
+	}
diff --git a/crypto/bn/stuff/div.c b/crypto/bn/stuff/div.c
new file mode 100644
index 0000000000000000000000000000000000000000..3d6e08622d40c8e1f9cf6ec26feeefc89e959b6a
--- /dev/null
+++ b/crypto/bn/stuff/div.c
@@ -0,0 +1,340 @@
+/* crypto/bn/div.c */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+
+BN_ULONG bn_div_2word();
+
+int BN_div2(dv, rm, num, div,ctx)
+BIGNUM *dv;
+BIGNUM *rm;
+BIGNUM *num;
+BIGNUM *div;
+BN_CTX *ctx;
+	{
+	int norm_shift,i,j,nm,nd,loop;
+	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+	BN_ULONG *resp,*wnump;
+	BN_ULONG d0,d1;
+	int num_n,div_n;
+
+#ifdef DEBUG
+BN_print(stdout,num); printf(" number\n");
+BN_print(stdout,div); printf(" divisor\n");
+#endif
+	if (BN_is_zero(num))
+		{
+		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+		return(0);
+		}
+
+	if (BN_cmp(num,div) < 0)
+		{
+		if (rm != NULL)
+			{ if (BN_copy(rm,num) == NULL) return(0); }
+		if (dv != NULL) BN_zero(dv);
+		return(1);
+		}
+
+	tmp=ctx->bn[ctx->tos]; 
+	snum=ctx->bn[ctx->tos+1];
+	sdiv=ctx->bn[ctx->tos+2];
+	if (dv == NULL)
+		res=ctx->bn[ctx->tos+3];
+	else	res=dv;
+
+	/* First we normalise the numbers */
+	norm_shift=BN_BITS2-((BN_num_bits(div))%BN_BITS2);
+	BN_lshift(sdiv,div,norm_shift);
+	norm_shift+=BN_BITS2;
+	BN_lshift(snum,num,norm_shift);
+	div_n=sdiv->top;
+	num_n=snum->top;
+	loop=num_n-div_n;
+#ifdef DEBUG
+BN_print(stdout,snum); printf(" shifted num, forget last word\n");
+BN_print(stdout,sdiv); printf(" shifted div\n");
+#endif
+
+	/* Lets setup a 'win'dow into snum
+	 * This is the part that corresponds to the current
+	 * 'area' being divided */
+	wnum.d=	 &(snum->d[loop]);
+	wnum.top= div_n;
+	wnum.max= snum->max; /* a bit of a lie */
+	wnum.neg= 0;
+
+	/* Get the top 2 words of sdiv */
+	i=sdiv->top;
+	d0=sdiv->d[div_n-1];
+	d1=sdiv->d[div_n-2];
+
+	/* pointer to the 'top' of snum */
+	wnump= &(snum->d[num_n-1]);
+
+	/* Setup to 'res' */
+	res->neg=0;
+	res->top=loop;
+	resp= &(res->d[loop-1]);
+	bn_expand(res,(loop+1)*BN_BITS2);
+
+	/* space for temp */
+	bn_expand(tmp,(div_n+1)*BN_BITS2);
+
+#ifdef DEBUG
+printf("wnum="); BN_print(stdout,&wnum); printf(" initial sub check\n");
+printf("div ="); BN_print(stdout,sdiv); printf(" loop=%d\n",loop);
+#endif
+	if (BN_cmp(&wnum,sdiv) >= 0)
+		{
+		BN_sub(&wnum,&wnum,sdiv);
+		*resp=1;
+		res->d[res->top-1]=1;
+		}
+	else
+		res->top--;
+	resp--;
+#ifdef DEBUG
+BN_print(stdout,res); printf(" initial result\n");
+BN_print(stdout,&wnum); printf(" wnum\n");
+#endif
+
+	for (i=0; i>BN_BITS2) ||
+				(t2 <= ((t3<d,sdiv->d,div_n,q);
+		if (l0)
+			tmp->d[div_n]=l0;
+		else
+			tmp->d[div_n]=0;
+		for (j=div_n+1; j>0; j--)
+			if (tmp->d[j-1]) break;
+		tmp->top=j;
+
+#ifdef DEBUG
+printf("q=%08X\n",q);
+BN_print(stdout,&wnum); printf(" number\n");
+BN_print(stdout,tmp); printf(" subtract\n");
+
+BN_print(stdout,snum); printf(" shifted number before\n");
+BN_print(stdout,&wnum); printf(" wnum before\n");
+#endif
+		j=wnum.top;
+		BN_sub(&wnum,&wnum,tmp);
+		snum->top=snum->top+wnum.top-j;
+
+#ifdef DEBUG
+BN_print(stdout,&wnum); printf(" wnum after\n");
+BN_print(stdout,snum); printf(" shifted number after\n");
+#endif
+
+		if (wnum.neg)
+			{
+			q--;
+			j=wnum.top;
+			BN_add(&wnum,&wnum,sdiv);
+			snum->top+=wnum.top-j;
+			fprintf(stderr,"addback\n");
+#ifdef DEBUG
+BN_print(stdout,snum); printf("after addback************************:\n");
+#endif
+			}
+		*(resp--)=q;
+#ifdef DEBUG
+BN_print(stdout,res); printf(" result\n");
+#endif
+		wnump--;
+		}
+	if (rm != NULL)
+		BN_rshift(rm,snum,norm_shift);
+	return(1);
+	}
+
+main()
+	{
+	BIGNUM *a,*b,*c,*d;
+	BIGNUM *cc,*dd;
+	BN_CTX *ctx;
+	int i,x;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	cc=BN_new();
+	dd=BN_new();
+	ctx=BN_CTX_new();
+
+for (i=0; i<10240; i++)
+	{
+	BN_rand(a,80,0,0);
+	BN_rand(b,60,0,0);
+	
+	BN_div2(d,c,a,b,ctx);
+	BN_div(dd,cc,a,b,ctx);
+	if ((BN_cmp(d,dd) != 0) || (BN_cmp(c,cc) != 0))
+		{
+		BN_print(stderr,a); fprintf(stderr," / ");
+		BN_print(stderr,b); fprintf(stderr," d=");
+		BN_print(stderr,d); fprintf(stderr," r= ");
+		BN_print(stderr,c); fprintf(stderr,"\nd=");
+		BN_print(stderr,dd); fprintf(stderr," r= ");
+		BN_print(stderr,cc); fprintf(stderr,"\n");
+		}
+
+	}
+
+#ifdef undef
+/*
+	BN_rand(a,600,0,0);
+	BN_rand(b,400,0,0);
+	for (i=0; i<2000000; i++)
+		{
+		BN_div2(d,c,a,b,ctx);
+		}
+*/
+/*	for (i=0;;) */
+/*	for (i=0; i<0xffffffff; i++)
+		{
+		BN_ULONG rr,r,a,b,c;
+		BN_ULLONG l;
+
+		a=rand()&BN_MASK2;
+		b=rand()&BN_MASK2;
+		for (;;)
+			{
+			c=rand()&BN_MASK2;
+			if (c) break;
+			}
+/*		for (x=1; x<256*256; x++) */
+			{
+			c=x;
+			a=i>>8;
+			b=i&0xff;
+			a&= ~(0xFFFFFF<<(BN_num_bits_word(c)));
+
+			r=bn_div_2word(a,b,c);
+
+			rr=(BN_ULONG)((((BN_ULLONG)a< 1<= d) h-=d;
+
+	if (i)
+		{
+		d<<=i;
+		h=(h<>(BN_BITS2-i));
+		l<<=i;
+		}
+	dh=(d&BN_MASK2h)>>BN_BITS4;
+	dl=(d&BN_MASK2l);
+	for (;;)
+		{
+		if ((h>>BN_BITS4) == dh)
+			q=BN_MASK2l;
+		else
+			q=h/dh;
+
+		for (;;)
+			{
+			t=(h-q*dh);
+			if ((t&BN_MASK2h) ||
+				((dl*q) <= (
+					(t<>BN_BITS4))))
+				break;
+			q--;
+			}
+		th=q*dh;
+		tl=q*dl;
+		t=(tl>>BN_BITS4);
+		tl=(tl<>BN_BITS4))&BN_MASK2;
+		l=(l&BN_MASK2l)< aR
+convert b -> bR
+
+	{
+	abRR = aR * bR
+	abR = REDC(abRR); /* mod N */
+	}
+
+ab = REDC(abR);   /* mod N */
+
+
+REDC strips off a multiplicaion by R mod N
diff --git a/crypto/bn/stuff/wei_mulw.c b/crypto/bn/stuff/wei_mulw.c
new file mode 100644
index 0000000000000000000000000000000000000000..7f8a1e58fe072e0b6a9d93b15bee98d6a2cd0c9a
--- /dev/null
+++ b/crypto/bn/stuff/wei_mulw.c
@@ -0,0 +1,410 @@
+/* crypto/bn/wei_mulw.c */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "bn_lcl.h"
+
+BN_ULONG bn_add_word(BN_ULONG *a,BN_ULONG c,int num);
+BN_ULONG bn_add_words(BN_ULONG *ret,BN_ULONG *a,BN_ULONG *b,int num);
+BN_ULONG bn_sub_words(BN_ULONG *ret,BN_ULONG *a,BN_ULONG *b,int num);
+
+void BN_mul_4words(BN_ULONG *ret,BN_ULONG a0,BN_ULONG a1,
+	BN_ULONG b0,BN_ULONG b1);
+
+void pr(a,n,s)
+BN_ULONG *a;
+int n;
+	{
+	while (n--)
+		fprintf(stdout,"%02X",a[n]);
+	fprintf(stdout,"%s",s);
+	}
+
+
+BN_ULONG bn_add_word(a,w,num)
+BN_ULONG *a;
+BN_ULONG w;
+int num;
+	{
+	BN_ULONG t;
+
+#ifdef DEBUG
+{ BN_ULONG *aa=a; int i; for (i=num; i>0; i--) fprintf(stdout,"%02X",aa[i-1]);
+fprintf(stdout," + %X - ",w); i=num;
+#endif
+	
+loop:
+	t= *a;
+	t=(t+w)&BN_MASK2;
+	*(a++)=t;
+	w=(t < w);
+	if (w && --num) goto loop;
+
+#ifdef DEBUG
+for (; i>0; i--) fprintf(stdout,"%02X",aa[i-1]);
+fprintf(stdout,"\n");
+}
+#endif
+
+	return(w);
+	}
+
+BN_ULONG bn_add_words(r,a,b,num)
+BN_ULONG *r;
+BN_ULONG *a;
+BN_ULONG *b;
+int num;
+	{
+#if defined(BN_LLONG)
+	BN_ULLONG t;
+	BN_ULONG c=0;
+	int i;
+
+	if (num&1) abort();
+
+	for (i=0; i= ((~t1)&BN_MASK2));
+			(*r++)=(t1+t2+1)&BN_MASK2;
+			}
+		else
+			{
+			t2=(t1+t2)&BN_MASK2;
+			c=(t2 < t1);
+			(*r++)=t2;
+			}
+		}
+	return(c);
+#endif
+	}
+
+BN_ULONG bn_sub_words(r,a,b,num)
+BN_ULONG *r;
+BN_ULONG *a;
+BN_ULONG *b;
+int num;
+	{
+#if defined(BN_LLONG)
+	BN_ULLONG t;
+	BN_ULONG c=0;
+	int i;
+
+	if (num&1) abort();
+
+	for (i=0; i= a0)
+		{
+		s=(a1-a0);
+		u=(b0-b1);
+		fix=(BN_ULLONG)s*u;
+		if (b0 >= b1) s=0;
+		}
+	else
+		{
+		BN_ULONG u;
+
+		if (b0 > b1)
+			{
+			s=(b0-b1);
+			u=(a1-a0);
+			fix=(BN_ULLONG)s*u;
+			}
+		else
+			{
+			u=(a0-a1);
+			s=(b1-b0);
+			fix=(BN_ULLONG)s*u;
+			s=0;
+			}
+		}
+	
+	a0b0=(BN_ULLONG)a0*b0;
+	ret[0]=L(a0b0);
+
+	a1b1=(BN_ULLONG)a1*b1;
+	tmp=(BN_ULLONG) H(a0b0) + L(a0b0) + L(fix) + L(a1b1);
+	ret[1]=L(tmp);
+
+	tmp=(BN_ULLONG) a1b1 + H(tmp) + H(a0b0) + H(fix) + H(a1b1) - s;
+	ret[2]=L(tmp);
+	ret[3]=H(tmp);
+	}
+
+/* ret[3,2,1,0] += a1,a0 * b1,b0 */
+BN_ULONG BN_mul_add_4words(ret,a0,a1,b0,b1)
+BN_ULONG *ret;
+BN_ULONG a0,a1,b0,b1;
+	{
+	BN_ULONG s,u;
+	BN_ULLONG fix,a0b0,a1b1,tmp;
+
+#ifdef DEBUG
+fprintf(stdout,"%02X%02X%02X%02X",ret[3],ret[2],ret[1],ret[0]);
+fprintf(stdout," + ( %02X%02X * %02X%02X ) - ",a1,a0,b1,b0);
+#endif
+	if (a1 >= a0)
+		{
+		s=(a1-a0);
+		u=(b0-b1);
+		fix=(BN_ULLONG)s*u;
+		if (b0 >= b1) s=0;
+		}
+	else
+		{
+		if (b0 > b1)
+			{
+			s=(b0-b1);
+			u=(a1-a0);
+			fix=(BN_ULLONG)s*u;
+			}
+		else
+			{
+			u=(a0-a1);
+			s=(b1-b0);
+			fix=(BN_ULLONG)s*u;
+			s=0;
+			}
+		}
+	
+	a0b0=(BN_ULLONG)a0*b0;
+	tmp=a0b0+ret[0];
+	ret[0]=L(tmp);
+
+	a1b1=(BN_ULLONG)a1*b1;
+	tmp=(BN_ULLONG) H(tmp) + L(a0b0) + L(fix) + L(a1b1) + ret[1];
+	ret[1]=L(tmp);
+
+	tmp=(BN_ULLONG) H(tmp) + L(a1b1) + H(a0b0) +
+		H(fix) + H(a1b1) -s + ret[2];
+	ret[2]=L(tmp);
+
+	tmp=(BN_ULLONG) H(tmp) + H(a1b1) + ret[3];
+	ret[3]=L(tmp);
+#ifdef DEBUG
+fprintf(stdout,"%02X%02X%02X%02X%02X\n",H(tmp),ret[3],ret[2],ret[1],ret[0]);
+#endif
+	return(H(tmp));
+	}
+
+/* ret[3,2,1,0] += a1,a0 * a1,a0 */
+void BN_sqr_4words(ret,a0,a1)
+BN_ULONG *ret;
+BN_ULONG a0,a1;
+	{
+	BN_ULONG s,u;
+	BN_ULLONG tmp,tmp2;
+
+	tmp=(BN_ULLONG)a0*a0;
+	ret[0]=L(tmp);
+
+	tmp2=(BN_ULLONG)a0*a1;
+	tmp=(BN_ULLONG)H(tmp)+L(tmp2)*2;
+	ret[1]=L(tmp);
+
+	tmp=(BN_ULLONG)a1*a1+H(tmp)+H(tmp2)*2;
+	ret[2]=L(tmp);
+	ret[3]=L(tmp);
+	}
+
+#define N0	(0)
+#define N1	(half)
+#define N2	(num)
+#define N3	(num+half)
+
+#define word_cmp(r,a,b,num) \
+	{ \
+	int n=num; \
+\
+	(r)=0; \
+	while (n--) \
+		{ \
+		if ((a)[(n)] > (b)[(n)]) \
+			{ (r)=1; break; } \
+		else if ((a)[(n)] < (b)[(n)]) \
+			{ (r)= -1; break; } \
+		} \
+	}
+
+
+/* (a->top == b->top) && (a->top >= 2) && !(a->top & 1) */
+void bn_recursize_mul(r,t,a,b,num)
+BN_ULONG *r,*t,*a,*b;
+int num;
+	{
+	if ((num < 2) || (num&1))
+		abort();
+
+/* fprintf(stderr,"num=%d half=%d\n",num,num/2);*/
+	if (num == 2)
+		BN_mul_4words(r,a[0],a[1],b[0],b[1]);
+	else if (num == 4)
+		{
+		BN_ULONG c,tmp;
+
+		BN_mul_4words(&(r[0]),a[0],a[1],b[0],b[1]);
+		BN_mul_4words(&(r[4]),a[2],a[3],b[2],b[3]);
+
+		c =BN_mul_add_4words(&(r[2]),a[0],a[1],b[2],b[3]);
+		c+=BN_mul_add_4words(&(r[2]),a[2],a[3],b[0],b[1]);
+
+		bn_add_word(&(r[6]),c,2);
+		}
+	else
+		{
+		int half=num/2;
+		int carry,cmp_a,cmp_b;
+
+		word_cmp(cmp_a,&(a[0]),&(a[half]),half);
+		word_cmp(cmp_b,&(b[0]),&(b[half]),half);
+
+		switch (cmp_a*2+cmp_a+cmp_b)
+			{
+		case -4:
+			bn_sub_words(&(t[N0]),&(a[N1]),&(a[N0]),half);
+			bn_sub_words(&(t[N1]),&(b[N0]),&(b[N1]),half);
+			bn_recursize_mul(&(r[N1]),&(t[N2]),
+				&(t[N0]),&(t[N1]),half);
+			bn_sub_words(&(r[N2]),&(r[N2]),&(t[N0]),half);
+			carry= -1;
+			break;
+		case -2:
+			bn_sub_words(&(t[N0]),&(a[N1]),&(a[N0]),half);
+			bn_sub_words(&(t[N1]),&(b[N0]),&(b[N1]),half);
+			bn_recursize_mul(&(r[N1]),&(t[N2]),
+				&(t[N0]),&(t[N1]),half);
+			carry=0;
+			break;
+		case 2:
+			bn_sub_words(&(t[N0]),&(a[N0]),&(a[N1]),half);
+			bn_sub_words(&(t[N1]),&(b[N1]),&(b[N0]),half);
+			bn_recursize_mul(&(r[N1]),&(t[N2]),
+				&(t[N0]),&(t[N1]),half);
+			carry=0;
+			break;
+		case 4:
+			bn_sub_words(&(t[N0]),&(a[N1]),&(a[N0]),half);
+			bn_sub_words(&(t[N1]),&(b[N0]),&(b[N1]),half);
+			bn_recursize_mul(&(r[N1]),&(t[N2]),
+				&(t[N0]),&(t[N1]),half);
+			bn_sub_words(&(r[N2]),&(r[N2]),&(t[N1]),half);
+			carry= -1;
+			break;
+		default:
+			memset(&(r[N1]),0,sizeof(BN_ULONG)*num);
+			break;
+			}
+		
+		bn_recursize_mul(&(t[N0]),&(t[N2]),&(a[N0]),&(b[N0]),half);
+#ifdef DEBUG
+	pr(a,half," * ");
+	pr(b,half," - ");
+	pr(t,num," - 0\n");
+#endif
+		memcpy(&(r[N0]),&(t[N0]),half*sizeof(BN_ULONG));
+		if (bn_add_words(&(r[N1]),&(r[N1]),&(t[N1]),half))
+			{ bn_add_word(&(t[N1]),1,half); }
+
+		carry+=bn_add_words(&(r[N1]),&(r[N1]),&(t[N0]),num);
+
+		bn_recursize_mul(&(t[N0]),&(t[N2]),&(a[N1]),&(b[N1]),half);
+
+		carry+=bn_add_words(&(r[N1]),&(r[N1]),&(t[N0]),num);
+		carry+=bn_add_words(&(r[N2]),&(r[N2]),&(t[N0]),half);
+		memcpy(&(r[N3]),&(t[N1]),half*sizeof(BN_ULONG));
+
+		bn_add_word(&(r[N3]),carry,half);
+		}
+	}
+
+main()
+	{
+	BIGNUM *a,*b,*r,*t;
+	int i,j;
+
+	a=BN_new();
+	b=BN_new();
+	r=BN_new();
+	t=BN_new();
+
+#define BITS 1024
+	bn_expand(r,BITS*2);
+	bn_expand(t,BITS*2);
+	fprintf(stdout,"obase=16\n");
+	fprintf(stdout,"ibase=16\n");
+	for (i=0; i<10; i++)
+		{
+		BN_rand(a,BITS,0,0);
+		BN_rand(b,BITS,0,0);
+		r->top=(BITS*2)/BN_BITS2;
+		memset(r->d,0,sizeof(r->top)*sizeof(BN_ULONG));
+		memset(t->d,0,sizeof(r->top)*sizeof(BN_ULONG));
+		for (j=0; j<1000; j++)
+			{
+
+/*			BN_mul(r,a,b); /**/
+			bn_recursize_mul(r->d,t->d,a->d,b->d,a->top); /**/
+			}
+		BN_print(stdout,a); fprintf(stdout," * ");
+		BN_print(stdout,b); fprintf(stdout," - ");
+		BN_print(stdout,r); fprintf(stdout,"\n");
+		}
+	}
diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..35367933b34f0bc70d1fa2d44f752f748e7fc7a4
--- /dev/null
+++ b/crypto/buffer/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+
+DIR=	buffer
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=buffer
+ERRC=buf_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c $(ERRC).c
+LIBOBJ= buffer.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..8cb9f33056381e11d5b229bb0bd842232196527f
--- /dev/null
+++ b/crypto/buffer/buf_err.c
@@ -0,0 +1,81 @@
+/* lib/buf/buf_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "buffer.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA BUF_str_functs[]=
+	{
+{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),	"BUF_MEM_grow"},
+{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0),	"BUF_MEM_new"},
+{ERR_PACK(0,BUF_F_BUF_STRDUP,0),	"BUF_strdup"},
+{ERR_PACK(0,BUF_F_PXYCLNT_READ,0),	"PXYCLNT_READ"},
+{0,NULL},
+	};
+
+void ERR_load_BUF_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+		}
+	}
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
new file mode 100644
index 0000000000000000000000000000000000000000..df7e2fad2b6e1405078c18ac5d789506ede38837
--- /dev/null
+++ b/crypto/buffer/buffer.c
@@ -0,0 +1,139 @@
+/* crypto/buffer/buffer.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "buffer.h"
+
+BUF_MEM *BUF_MEM_new()
+	{
+	BUF_MEM *ret;
+
+	ret=(BUF_MEM *)Malloc(sizeof(BUF_MEM));
+	if (ret == NULL)
+		{
+		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->length=0;
+	ret->max=0;
+	ret->data=NULL;
+	return(ret);
+	}
+
+void BUF_MEM_free(a)
+BUF_MEM *a;
+	{
+	if (a->data != NULL)
+		{
+		memset(a->data,0,(unsigned int)a->max);
+		Free(a->data);
+		}
+	Free(a);
+	}
+
+int BUF_MEM_grow(str, len)
+BUF_MEM *str;
+int len;
+	{
+	char *ret;
+	unsigned int n;
+
+	if (str->length >= len) return(len);
+	if (str->max >= len)
+		{
+		memset(&(str->data[str->length]),0,len-str->length);
+		str->length=len;
+		return(len);
+		}
+	n=(len+3)/3*4;
+	if (str->data == NULL)
+		ret=(char *)Malloc(n);
+	else
+		ret=(char *)Realloc(str->data,n);
+	if (ret == NULL)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		len=0;
+		}
+	else
+		{
+		str->data=ret;
+		str->length=len;
+		str->max=n;
+		}
+	return(len);
+	}
+
+char *BUF_strdup(str)
+char *str;
+	{
+	char *ret;
+	int n;
+
+	n=strlen(str);
+	ret=Malloc(n+1);
+	if (ret == NULL) 
+		{
+		BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	memcpy(ret,str,n+1);
+	return(ret);
+	}
+
diff --git a/crypto/buffer/buffer.err b/crypto/buffer/buffer.err
new file mode 100644
index 0000000000000000000000000000000000000000..62b775e637f422a8c5f431cd95db76f46e91c4f7
--- /dev/null
+++ b/crypto/buffer/buffer.err
@@ -0,0 +1,9 @@
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+#define BUF_F_BUF_MEM_GROW				 100
+#define BUF_F_BUF_MEM_NEW				 101
+#define BUF_F_BUF_STRDUP				 102
+#define BUF_F_PXYCLNT_READ				 103
+
+/* Reason codes. */
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
new file mode 100644
index 0000000000000000000000000000000000000000..87c9071e497b0f1d3d6b7daf95522ef2760aca10
--- /dev/null
+++ b/crypto/buffer/buffer.h
@@ -0,0 +1,107 @@
+/* crypto/buffer/buffer.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BUFFER_H
+#define HEADER_BUFFER_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct buf_mem_st
+	{
+	int length;
+	char *data;
+	int max;
+	} BUF_MEM;
+
+#ifndef NOPROTO
+BUF_MEM *BUF_MEM_new(void);
+void	BUF_MEM_free(BUF_MEM *a);
+int	BUF_MEM_grow(BUF_MEM *str, int len);
+char *	BUF_strdup(char *str);
+
+void ERR_load_BUF_strings(void );
+
+#else
+
+BUF_MEM *BUF_MEM_new();
+void	BUF_MEM_free();
+int	BUF_MEM_grow();
+char *	BUF_strdup();
+
+void ERR_load_BUF_strings();
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+#define BUF_F_BUF_MEM_GROW				 100
+#define BUF_F_BUF_MEM_NEW				 101
+#define BUF_F_BUF_STRDUP				 102
+#define BUF_F_PXYCLNT_READ				 103
+
+/* Reason codes. */
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..878ac70b14e93d74f553c8dba19367f60ee32383
--- /dev/null
+++ b/crypto/conf/Makefile.ssl
@@ -0,0 +1,85 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+
+DIR=	conf
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=conf
+ERRC=conf_err
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf.c $(ERRC).c
+
+LIBOBJ=	conf.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h
+HEADER=	conf_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c
new file mode 100644
index 0000000000000000000000000000000000000000..8524802e18671eb8e9c478d95ef4ede210fad059
--- /dev/null
+++ b/crypto/conf/cnf_save.c
@@ -0,0 +1,106 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "conf.h"
+
+void print_conf(CONF_VALUE *cv);
+
+main()
+	{
+	LHASH *conf;
+	long l;
+
+	conf=CONF_load(NULL,"../../apps/ssleay.cnf",&l);
+	if (conf == NULL)
+		{
+		fprintf(stderr,"error loading config, line %ld\n",l);
+		exit(1);
+		}
+
+	lh_doall(conf,print_conf);
+	}
+
+
+void print_conf(cv)
+CONF_VALUE *cv;
+	{
+	int i;
+	CONF_VALUE *v;
+	char *section;
+	char *name;
+	char *value;
+	STACK *s;
+
+	/* If it is a single entry, return */
+
+	if (cv->name != NULL) return;
+
+	printf("[ %s ]\n",cv->section);
+	s=(STACK *)cv->value;
+
+	for (i=0; isection == NULL)?"None":v->section;
+		name=(v->name == NULL)?"None":v->name;
+		value=(v->value == NULL)?"None":v->value;
+		printf("%s=%s\n",name,value);
+		}
+	printf("\n");
+	}
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
new file mode 100644
index 0000000000000000000000000000000000000000..68243e9f015324b9dc1859aeac5a831d255be574
--- /dev/null
+++ b/crypto/conf/conf.c
@@ -0,0 +1,725 @@
+/* crypto/conf/conf.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "stack.h"
+#include "lhash.h"
+#include "conf.h"
+#include "buffer.h"
+#include "err.h"
+
+#include "conf_lcl.h"
+
+#ifndef NOPROTO
+static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+static unsigned long hash(CONF_VALUE *v);
+static int cmp(CONF_VALUE *a,CONF_VALUE *b);
+static char *eat_ws(char *p);
+static char *eat_alpha_numeric(char *p);
+static void clear_comments(char *p);
+static int str_copy(LHASH *conf,char *section,char **to, char *from);
+static char *scan_quote(char *p);
+static CONF_VALUE *new_section(LHASH *conf,char *section);
+static CONF_VALUE *get_section(LHASH *conf,char *section);
+#else
+static void value_free_hash();
+static void value_free_stack();
+static unsigned long hash();
+static int cmp();
+static char *eat_ws();
+static char *eat_alpha_numeric();
+static void clear_comments();
+static int str_copy();
+static char *scan_quote();
+static CONF_VALUE *new_section();
+static CONF_VALUE *get_section();
+#endif
+
+#define scan_esc(p)	((*(++p) == '\0')?(p):(++p))
+
+char *CONF_version="CONF part of SSLeay 0.8.1b 29-Jun-1998";
+
+LHASH *CONF_load(h,file,line)
+LHASH *h;
+char *file;
+long *line;
+	{
+	LHASH *ret=NULL;
+	FILE *in=NULL;
+#define BUFSIZE	512
+	int bufnum=0,i,ii;
+	BUF_MEM *buff=NULL;
+	char *s,*p,*end;
+	int again,n,eline=0;
+	CONF_VALUE *v=NULL,*vv,*tv;
+	CONF_VALUE *sv=NULL;
+	char *section=NULL,*buf;
+	STACK *section_sk=NULL,*ts;
+	char *start,*psection,*pname;
+
+	if ((buff=BUF_MEM_new()) == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_BUF_LIB);
+		goto err;
+		}
+
+	in=fopen(file,"rb");
+	if (in == NULL)
+		{
+		SYSerr(SYS_F_FOPEN,errno);
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		goto err;
+		}
+
+	section=(char *)Malloc(10);
+	if (section == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	strcpy(section,"default");
+
+	if (h == NULL)
+		{
+		if ((ret=lh_new(hash,cmp)) == NULL)
+			{
+			CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	else
+		ret=h;
+
+	sv=new_section(ret,section);
+	if (sv == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+		goto err;
+		}
+	section_sk=(STACK *)sv->value;
+
+	bufnum=0;
+	for (;;)
+		{
+		again=0;
+		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+			{
+			CONFerr(CONF_F_CONF_LOAD,ERR_R_BUF_LIB);
+			goto err;
+			}
+		p= &(buff->data[bufnum]);
+		*p='\0';
+		fgets(p,BUFSIZE-1,in);
+		p[BUFSIZE-1]='\0';
+		ii=i=strlen(p);
+		if (i == 0) break;
+		while (i > 0)
+			{
+			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+				break;
+			else
+				i--;
+			}
+		/* we removed some trailing stuff so there is a new
+		 * line on the end. */
+		if (i == ii)
+			again=1; /* long line */
+		else
+			{
+			p[i]='\0';
+			eline++; /* another input line */
+			}
+
+		/* we now have a line with trailing \r\n removed */
+
+		/* i is the number of bytes */
+		bufnum+=i;
+
+		v=NULL;
+		/* check for line continuation */
+		if (bufnum >= 1)
+			{
+			/* If we have bytes and the last char '\\' and
+			 * second last char is not '\\' */
+			p= &(buff->data[bufnum-1]);
+			if (	IS_ESC(p[0]) &&
+				((bufnum <= 1) || !IS_ESC(p[-1])))
+				{
+				bufnum--;
+				again=1;
+				}
+			}
+		if (again) continue;
+		bufnum=0;
+		buf=buff->data;
+
+		clear_comments(buf);
+		n=strlen(buf);
+		s=eat_ws(buf);
+		if (IS_EOF(*s)) continue; /* blank line */
+		if (*s == '[')
+			{
+			s++;
+			start=eat_ws(s);
+			end=eat_alpha_numeric(start);
+			p=eat_ws(end);
+			if (*p != ']')
+				{
+				CONFerr(CONF_F_CONF_LOAD,CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+				goto err;
+				}
+			*end='\0';
+			if (!str_copy(ret,NULL,§ion,start)) goto err;
+			if ((sv=get_section(ret,section)) == NULL)
+				sv=new_section(ret,section);
+			if (sv == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+				goto err;
+				}
+			section_sk=(STACK *)sv->value;
+			continue;
+			}
+		else
+			{
+			pname=s;
+			psection=NULL;
+			end=eat_alpha_numeric(s);
+			if ((end[0] == ':') && (end[1] == ':'))
+				{
+				*end='\0';
+				end+=2;
+				psection=pname;
+				pname=end;
+				end=eat_alpha_numeric(end);
+				}
+			p=eat_ws(end);
+			if (*p != '=')
+				{
+				CONFerr(CONF_F_CONF_LOAD,CONF_R_MISSING_EQUAL_SIGN);
+				goto err;
+				}
+			*end='\0';
+			p++;
+			start=eat_ws(p);
+			while (!IS_EOF(*p))
+				p++;
+			p--;
+			while ((p != start) && (IS_WS(*p)))
+				p--;
+			p++;
+			*p='\0';
+
+			if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			if (psection == NULL) psection=section;
+			v->name=(char *)Malloc(strlen(pname)+1);
+			v->value=NULL;
+			if (v->name == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			strcpy(v->name,pname);
+			if (!str_copy(ret,psection,&(v->value),start)) goto err;
+
+			if (strcmp(psection,section) != 0)
+				{
+				if ((tv=get_section(ret,psection))
+					== NULL)
+					tv=new_section(ret,psection);
+				if (tv == NULL)
+					{
+					CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+					goto err;
+					}
+				ts=(STACK *)tv->value;
+				}
+			else
+				{
+				tv=sv;
+				ts=section_sk;
+				}
+			v->section=tv->section;	
+			if (!sk_push(ts,(char *)v))
+				{
+				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			vv=(CONF_VALUE *)lh_insert(ret,(char *)v);
+			if (vv != NULL)
+				{
+				sk_delete_ptr(ts,(char *)vv);
+				Free(vv->name);
+				Free(vv->value);
+				Free(vv);
+				}
+			v=NULL;
+			}
+		}
+	if (buff != NULL) BUF_MEM_free(buff);
+	if (section != NULL) Free(section);
+	if (in != NULL) fclose(in);
+	return(ret);
+err:
+	if (buff != NULL) BUF_MEM_free(buff);
+	if (section != NULL) Free(section);
+	if (line != NULL) *line=eline;
+	if (in != NULL) fclose(in);
+	if ((h != ret) && (ret != NULL)) CONF_free(ret);
+	if (v != NULL)
+		{
+		if (v->name != NULL) Free(v->name);
+		if (v->value != NULL) Free(v->value);
+		if (v != NULL) Free(v);
+		}
+	return(NULL);
+	}
+		
+char *CONF_get_string(conf,section,name)
+LHASH *conf;
+char *section;
+char *name;
+	{
+	CONF_VALUE *v,vv;
+	char *p;
+
+	if (name == NULL) return(NULL);
+	if (conf != NULL)
+		{
+		if (section != NULL)
+			{
+			vv.name=name;
+			vv.section=section;
+			v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
+			if (v != NULL) return(v->value);
+			if (strcmp(section,"ENV") == 0)
+				{
+				p=Getenv(name);
+				if (p != NULL) return(p);
+				}
+			}
+		vv.section="default";
+		vv.name=name;
+		v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
+		if (v != NULL)
+			return(v->value);
+		else
+			return(NULL);
+		}
+	else
+		return(Getenv(name));
+	}
+
+static CONF_VALUE *get_section(conf,section)
+LHASH *conf;
+char *section;
+	{
+	CONF_VALUE *v,vv;
+
+	if ((conf == NULL) || (section == NULL)) return(NULL);
+	vv.name=NULL;
+	vv.section=section;
+	v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
+	return(v);
+	}
+
+STACK *CONF_get_section(conf,section)
+LHASH *conf;
+char *section;
+	{
+	CONF_VALUE *v;
+
+	v=get_section(conf,section);
+	if (v != NULL)
+		return((STACK *)v->value);
+	else
+		return(NULL);
+	}
+
+long CONF_get_number(conf,section,name)
+LHASH *conf;
+char *section;
+char *name;
+	{
+	char *str;
+	long ret=0;
+
+	str=CONF_get_string(conf,section,name);
+	if (str == NULL) return(0);
+	for (;;)
+		{
+		if (IS_NUMER(*str))
+			ret=ret*10+(*str -'0');
+		else
+			return(ret);
+		str++;
+		}
+	}
+
+void CONF_free(conf)
+LHASH *conf;
+	{
+	if (conf == NULL) return;
+
+	conf->down_load=0; 	/* evil thing to make sure the 'Free()'
+				 * works as expected */
+	lh_doall_arg(conf,(void (*)())value_free_hash,(char *)conf);
+
+	/* We now have only 'section' entries in the hash table.
+	 * Due to problems with */
+
+	lh_doall_arg(conf,(void (*)())value_free_stack,(char *)conf);
+	lh_free(conf);
+	}
+
+static void value_free_hash(a,conf)
+CONF_VALUE *a;
+LHASH *conf;
+	{
+	if (a->name != NULL)
+		{
+		a=(CONF_VALUE *)lh_delete(conf,(char *)a);
+		}
+	}
+
+static void value_free_stack(a,conf)
+CONF_VALUE *a;
+LHASH *conf;
+	{
+	CONF_VALUE *vv;
+	STACK *sk;
+	int i;
+
+	if (a->name != NULL) return;
+
+	sk=(STACK *)a->value;
+	for (i=sk_num(sk)-1; i>=0; i--)
+		{
+		vv=(CONF_VALUE *)sk_value(sk,i);
+		Free(vv->value);
+		Free(vv->name);
+		Free(vv);
+		}
+	if (sk != NULL) sk_free(sk);
+	Free(a->section);
+	Free(a);
+	}
+
+static void clear_comments(p)
+char *p;
+	{
+	char *to;
+
+	to=p;
+	for (;;)
+		{
+		if (IS_COMMENT(*p))
+			{
+			*p='\0';
+			return;
+			}
+		if (IS_QUOTE(*p))
+			{
+			p=scan_quote(p);
+			continue;
+			}
+		if (IS_ESC(*p))
+			{
+			p=scan_esc(p);
+			continue;
+			}
+		if (IS_EOF(*p))
+			return;
+		else
+			p++;
+		}
+	}
+
+static int str_copy(conf,section,pto,from)
+LHASH *conf;
+char *section;
+char **pto,*from;
+	{
+	int q,r,rr=0,to=0,len=0;
+	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+	BUF_MEM *buf;
+
+	if ((buf=BUF_MEM_new()) == NULL) return(0);
+
+	len=strlen(from)+1;
+	if (!BUF_MEM_grow(buf,len)) goto err;
+
+	for (;;)
+		{
+		if (IS_QUOTE(*from))
+			{
+			q= *from;
+			from++;
+			while ((*from != '\0') && (*from != q))
+				{
+				if (*from == '\\')
+					{
+					from++;
+					if (*from == '\0') break;
+					}
+				buf->data[to++]= *(from++);
+				}
+			}
+		else if (*from == '\\')
+			{
+			from++;
+			v= *(from++);
+			if (v == '\0') break;
+			else if (v == 'r') v='\r';
+			else if (v == 'n') v='\n';
+			else if (v == 'b') v='\b';
+			else if (v == 't') v='\t';
+			buf->data[to++]= v;
+			}
+		else if (*from == '\0')
+			break;
+		else if (*from == '$')
+			{
+			/* try to expand it */
+			rrp=NULL;
+			s= &(from[1]);
+			if (*s == '{')
+				q='}';
+			else if (*s == '(')
+				q=')';
+			else q=0;
+
+			if (q) s++;
+			cp=section;
+			e=np=s;
+			while (IS_ALPHA_NUMERIC(*e))
+				e++;
+			if ((e[0] == ':') && (e[1] == ':'))
+				{
+				cp=np;
+				rrp=e;
+				rr= *e;
+				*rrp='\0';
+				e+=2;
+				np=e;
+				while (IS_ALPHA_NUMERIC(*e))
+					e++;
+				}
+			r= *e;
+			*e='\0';
+			rp=e;
+			if (q)
+				{
+				if (r != q)
+					{
+					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+					goto err;
+					}
+				e++;
+				}
+			/* So at this point we have
+			 * ns which is the start of the name string which is
+			 *   '\0' terminated. 
+			 * cs which is the start of the section string which is
+			 *   '\0' terminated.
+			 * e is the 'next point after'.
+			 * r and s are the chars replaced by the '\0'
+			 * rp and sp is where 'r' and 's' came from.
+			 */
+			p=CONF_get_string(conf,cp,np);
+			if (rrp != NULL) *rrp=rr;
+			*rp=r;
+			if (p == NULL)
+				{
+				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+				goto err;
+				}
+			BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+			while (*p)
+				buf->data[to++]= *(p++);
+			from=e;
+			}
+		else
+			buf->data[to++]= *(from++);
+		}
+	buf->data[to]='\0';
+	if (*pto != NULL) Free(*pto);
+	*pto=buf->data;
+	Free(buf);
+	return(1);
+err:
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(0);
+	}
+
+static char *eat_ws(p)
+char *p;
+	{
+	while (IS_WS(*p) && (!IS_EOF(*p)))
+		p++;
+	return(p);
+	}
+
+static char *eat_alpha_numeric(p)
+char *p;
+	{
+	for (;;)
+		{
+		if (IS_ESC(*p))
+			{
+			p=scan_esc(p);
+			continue;
+			}
+		if (!IS_ALPHA_NUMERIC_PUNCT(*p))
+			return(p);
+		p++;
+		}
+	}
+
+static unsigned long hash(v)
+CONF_VALUE *v;
+	{
+	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+	}
+
+static int cmp(a,b)
+CONF_VALUE *a,*b;
+	{
+	int i;
+
+	if (a->section != b->section)
+		{
+		i=strcmp(a->section,b->section);
+		if (i) return(i);
+		}
+
+	if ((a->name != NULL) && (b->name != NULL))
+		{
+		i=strcmp(a->name,b->name);
+		return(i);
+		}
+	else if (a->name == b->name)
+		return(0);
+	else
+		return((a->name == NULL)?-1:1);
+	}
+
+static char *scan_quote(p)
+char *p;
+	{
+	int q= *p;
+
+	p++;
+	while (!(IS_EOF(*p)) && (*p != q))
+		{
+		if (IS_ESC(*p))
+			{
+			p++;
+			if (IS_EOF(*p)) return(p);
+			}
+		p++;
+		}
+	if (*p == q) p++;
+	return(p);
+	}
+
+static CONF_VALUE *new_section(conf,section)
+LHASH *conf;
+char *section;
+	{
+	STACK *sk=NULL;
+	int ok=0,i;
+	CONF_VALUE *v=NULL,*vv;
+
+	if ((sk=sk_new_null()) == NULL)
+		goto err;
+	if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+		goto err;
+	i=strlen(section)+1;
+	if ((v->section=(char *)Malloc(i)) == NULL)
+		goto err;
+
+	memcpy(v->section,section,i);
+	v->name=NULL;
+	v->value=(char *)sk;
+	
+	vv=(CONF_VALUE *)lh_insert(conf,(char *)v);
+#ifndef WIN16
+	if (vv != NULL)
+		{
+		fprintf(stderr,"internal fault\n");
+		abort();
+		}
+#endif
+	ok=1;
+err:
+	if (!ok)
+		{
+		if (sk != NULL) sk_free(sk);
+		if (v != NULL) Free(v);
+		v=NULL;
+		}
+	return(v);
+	}
diff --git a/crypto/conf/conf.err b/crypto/conf/conf.err
new file mode 100644
index 0000000000000000000000000000000000000000..933d3d692aa08edd49a37559217ae1bc3eb9b89f
--- /dev/null
+++ b/crypto/conf/conf.err
@@ -0,0 +1,12 @@
+/* Error codes for the CONF functions. */
+
+/* Function codes. */
+#define CONF_F_CONF_LOAD				 100
+#define CONF_F_STR_COPY					 101
+
+/* Reason codes. */
+#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
+#define CONF_R_MISSING_EQUAL_SIGN			 101
+#define CONF_R_NO_CLOSE_BRACE				 102
+#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
+#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
new file mode 100644
index 0000000000000000000000000000000000000000..a23ec95427badf6cf0c5a4871647a52b9e2a11e0
--- /dev/null
+++ b/crypto/conf/conf.h
@@ -0,0 +1,114 @@
+/* crypto/conf/conf.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef  HEADER_CONF_H
+#define HEADER_CONF_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include "stack.h"
+#include "lhash.h"
+
+typedef struct
+	{
+	char *section;
+	char *name;
+	char *value;
+	} CONF_VALUE;
+
+#ifndef NOPROTO
+
+LHASH *CONF_load(LHASH *conf,char *file,long *eline);
+STACK *CONF_get_section(LHASH *conf,char *section);
+char *CONF_get_string(LHASH *conf,char *group,char *name);
+long CONF_get_number(LHASH *conf,char *group,char *name);
+void CONF_free(LHASH *conf);
+void ERR_load_CONF_strings(void );
+
+#else
+
+LHASH *CONF_load();
+STACK *CONF_get_section();
+char *CONF_get_string();
+long CONF_get_number();
+void CONF_free();
+void ERR_load_CONF_strings();
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the CONF functions. */
+
+/* Function codes. */
+#define CONF_F_CONF_LOAD				 100
+#define CONF_F_STR_COPY					 101
+
+/* Reason codes. */
+#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
+#define CONF_R_MISSING_EQUAL_SIGN			 101
+#define CONF_R_NO_CLOSE_BRACE				 102
+#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
+#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..b88c5b760bbf21d87eedc7a0509b1d2667b862de
--- /dev/null
+++ b/crypto/conf/conf_err.c
@@ -0,0 +1,90 @@
+/* lib/conf/conf_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "conf.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA CONF_str_functs[]=
+	{
+{ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
+{ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA CONF_str_reasons[]=
+	{
+{CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
+{CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
+{CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
+{0,NULL},
+	};
+
+void ERR_load_CONF_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
+		ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+		}
+	}
diff --git a/crypto/conf/conf_lcl.h b/crypto/conf/conf_lcl.h
new file mode 100644
index 0000000000000000000000000000000000000000..8ae7ce07355dd806d8396b6ce1d054adcf15175f
--- /dev/null
+++ b/crypto/conf/conf_lcl.h
@@ -0,0 +1,102 @@
+/* crypto/conf/conf_lcl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define CONF_NUMBER		1
+#define CONF_UPPER		2
+#define CONF_LOWER		4
+#define CONF_UNDER		256
+#define CONF_PUNCTUATION	512
+#define CONF_WS			16
+#define CONF_ESC		32
+#define CONF_QUOTE		64
+#define CONF_COMMENT		128
+#define CONF_EOF		8
+#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+					CONF_PUNCTUATION)
+
+#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
+#define IS_EOF(a)		((a) == '\0')
+#define IS_ESC(a)		((a) == '\\')
+#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(a) \
+				(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+
+static unsigned short CONF_type[128]={
+	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+	};
+
diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
new file mode 100644
index 0000000000000000000000000000000000000000..1aed0c80c4b9b6e49c837270fef62d447a6b47ca
--- /dev/null
+++ b/crypto/conf/keysets.pl
@@ -0,0 +1,61 @@
+#!/usr/local/bin/perl
+
+$NUMBER=0x01;
+$UPPER=0x02;
+$LOWER=0x04;
+$EOF=0x08;
+$WS=0x10;
+$ESC=0x20;
+$QUOTE=0x40;
+$COMMENT=0x80;
+$UNDER=0x100;
+
+foreach (0 .. 127)
+	{
+	$v=0;
+	$c=sprintf("%c",$_);
+	$v|=$NUMBER	if ($c =~ /[0-9]/);
+	$v|=$UPPER	if ($c =~ /[A-Z]/);
+	$v|=$LOWER	if ($c =~ /[a-z]/);
+	$v|=$UNDER	if ($c =~ /_/);
+	$v|=$WS		if ($c =~ / \t\r\n/);
+	$v|=$ESC	if ($c =~ /\\/);
+	$v|=$QUOTE	if ($c =~ /['`"]/);
+	$v|=$COMMENT	if ($c =~ /\#/);
+	$v|=$EOF	if ($c =~ /\0/);
+
+	push(@V,$v);
+	}
+
+print <<"EOF";
+#define CONF_NUMBER		$NUMBER
+#define CONF_UPPER		$UPPER
+#define CONF_LOWER		$LOWER
+#define CONF_EOF		$EOF
+#define CONF_WS			$WS
+#define CONF_ESC		$ESC
+#define CONF_QUOTE		$QUOTE
+#define CONF_COMMENT		$COMMENT
+#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_UNDER		$UNDER
+
+#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
+#define IS_EOF(a)		((a) == '\\0')
+#define IS_ESC(a)		((a) == '\\\\')
+#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+
+EOF
+
+print "static unsigned short CONF_type[128]={";
+
+for ($i=0; $i<128; $i++)
+	{
+	print "\n\t" if ($i % 8) == 0;
+	printf "0x%03X,",$V[$i];
+	}
+
+print "\n\t};\n";
diff --git a/crypto/conf/ssleay.cnf b/crypto/conf/ssleay.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..ed33af601e1ef2344d7e50bffa4046bcee5a0bd2
--- /dev/null
+++ b/crypto/conf/ssleay.cnf
@@ -0,0 +1,78 @@
+#
+# This is a test configuration file for use in SSLeay etc...
+#
+
+init = 5
+in\#it1 =10
+init2='10'
+init3='10\''
+init4="10'"
+init5='='10\'' again'
+
+SSLeay::version = 0.5.0
+
+[genrsa]
+default_bits	= 512
+SSLEAY::version = 0.5.0
+
+[gendh]
+default_bits	= 512
+def_generator	= 2
+
+[s_client]
+cipher1		= DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\
+cipher2		= 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'
+cipher3		= "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"
+cipher4		= DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5
+
+[ default ]
+cert_dir	= $ENV::HOME/.ca_certs
+
+HOME		= /tmp/eay
+
+tmp_cert_dir	= $HOME/.ca_certs
+tmp2_cert_dir	= thisis$(HOME)stuff
+
+LOGNAME	= Eric Young (home=$HOME)
+
+[ special ]
+
+H=$HOME
+H=$default::HOME
+H=$ENV::HOME
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $HOME/.rand
+
+[ req ]
+default_bits		= 512
+default_keyfile 	= privkey.pem
+
+Attribute_type_1	= countryName
+Attribute_text_1	= Country Name (2 letter code)
+Attribute_default_1	= AU
+
+Attribute_type_2	= stateOrProvinceName
+Attribute_text_2	= State or Province Name (full name)
+Attribute_default_2	= Queensland
+
+Attribute_type_3	= localityName
+Attribute_text_3	= Locality Name (eg, city)
+
+Attribute_type_4	= organizationName
+Attribute_text_4	= Organization Name (eg, company)
+Attribute_default_4	= Mincom Pty Ltd
+
+Attribute_type_5	= organizationalUnitName
+Attribute_text_5	= Organizational Unit Name (eg, section)
+Attribute_default_5	= TR
+
+Attribute_type_6	= commonName
+Attribute_text_6	= Common Name (eg, YOUR name)
+
+Attribute_type_7	= emailAddress
+Attribute_text_7	= Email Address
+
diff --git a/crypto/conf/test.c b/crypto/conf/test.c
new file mode 100644
index 0000000000000000000000000000000000000000..17185926ac01fb3e841ef6d5ffaa184c4e5a150e
--- /dev/null
+++ b/crypto/conf/test.c
@@ -0,0 +1,91 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "conf.h"
+
+main()
+	{
+	LHASH *conf;
+	long eline;
+	char *s,*s2;
+
+	conf=CONF_load(NULL,"ssleay.conf",&eline);
+	if (conf == NULL)
+		{
+		ERR_load_crypto_strings();
+		printf("unable to load configuration, line %ld\n",eline);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+		}
+	lh_stats(conf,stdout);
+	lh_node_stats(conf,stdout);
+	lh_node_usage_stats(conf,stdout);
+
+	s=CONF_get_string(conf,NULL,"init2");
+	printf("init2=%s\n",(s == NULL)?"NULL":s);
+
+	s=CONF_get_string(conf,NULL,"cipher1");
+	printf("cipher1=%s\n",(s == NULL)?"NULL":s);
+
+	s=CONF_get_string(conf,"s_client","cipher1");
+	printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
+
+	exit(0);
+	}
diff --git a/crypto/cryptall.h b/crypto/cryptall.h
new file mode 100644
index 0000000000000000000000000000000000000000..8eb085540873da35fa32bc68cb3d845f9331531e
--- /dev/null
+++ b/crypto/cryptall.h
@@ -0,0 +1,110 @@
+/* crypto/cryptall.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTOALL_H
+#define HEADER_CRYPTOALL_H
+
+#include "buffer.h"
+#include "stack.h"
+#include "lhash.h"
+
+#include "err.h"
+
+#ifdef NO_MD2
+#include 
+#else
+#include "md2.h"
+#endif
+#ifdef NO_MD5
+#include 
+#else
+#include "md5.h"
+#endif
+#include "sha.h"
+
+#ifdef NO_DES
+#include 
+#else
+#include "des.h"
+#endif
+#include "rc2.h"
+#include "rc4.h"
+#include "idea.h"
+
+#include "bn.h"
+#include "dh.h"
+#include "rsa.h"
+#include "dsa.h"
+
+#include "rand.h"
+#include "conf.h"
+#include "txt_db.h"
+
+#include "err.h"
+#include "evp.h"
+
+#include "meth.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "asn1.h"
+#include "objects.h"
+
+#include "crypto.h"
+
+#endif
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
new file mode 100644
index 0000000000000000000000000000000000000000..12cf0733ec9a15a51e9b2e1505a612a175993bf7
--- /dev/null
+++ b/crypto/cryptlib.c
@@ -0,0 +1,267 @@
+/* crypto/cryptlib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "crypto.h"
+#include "date.h"
+
+/* real #defines in crypto.h, keep these upto date */
+static char* lock_names[CRYPTO_NUM_LOCKS] =
+	{
+	"<>",
+	"err",
+	"err_hash",
+	"x509",
+	"x509_info",
+	"x509_pkey",
+	"x509_crl",
+	"x509_req",
+	"dsa",
+	"rsa",
+	"evp_pkey",
+	"x509_store",
+	"ssl_ctx",
+	"ssl_cert",
+	"ssl_session",
+	"ssl",
+	"rand",
+	"debug_malloc",
+	"bio_gethostbyname",
+	"BIO",
+	};
+
+#ifndef NOPROTO
+static void (MS_FAR *locking_callback)(int mode,int type,
+	char *file,int line)=NULL;
+static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
+	int type,char *file,int line)=NULL;
+static unsigned long (MS_FAR *id_callback)(void)=NULL;
+#else
+static void (MS_FAR *locking_callback)()=NULL;
+static int (MS_FAR *add_lock_callback)()=NULL;
+static unsigned long (MS_FAR *id_callback)()=NULL;
+#endif
+
+void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I)
+	{
+	return(locking_callback);
+	}
+
+int (*CRYPTO_get_add_lock_callback(P_V))(P_IP_I_I_P_I)
+	{
+	return(add_lock_callback);
+	}
+
+void CRYPTO_set_locking_callback(func)
+void (*func)(P_I_I_P_I);
+	{
+	locking_callback=func;
+	}
+
+void CRYPTO_set_add_lock_callback(func)
+int (*func)(P_IP_I_I_P_I);
+	{
+	add_lock_callback=func;
+	}
+
+unsigned long (*CRYPTO_get_id_callback(P_V))(P_V)
+	{
+	return(id_callback);
+	}
+
+void CRYPTO_set_id_callback(func)
+unsigned long (*func)(P_V);
+	{
+	id_callback=func;
+	}
+
+unsigned long CRYPTO_thread_id()
+	{
+	unsigned long ret=0;
+
+	if (id_callback == NULL)
+		{
+#ifdef WIN16
+		ret=(unsigned long)GetCurrentTask();
+#elif defined(WIN32)
+		ret=(unsigned long)GetCurrentThreadId();
+#elif defined(MSDOS)
+		ret=1L;
+#else
+		ret=(unsigned long)getpid();
+#endif
+		}
+	else
+		ret=id_callback();
+	return(ret);
+	}
+
+void CRYPTO_lock(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+	{
+#ifdef LOCK_DEBUG
+		{
+		char *rw_text,*operation_text;
+
+		if (mode & CRYPTO_LOCK)
+			operation_text="lock  ";
+		else if (mode & CRYPTO_UNLOCK)
+			operation_text="unlock";
+		else
+			operation_text="ERROR ";
+
+		if (mode & CRYPTO_READ)
+			rw_text="r";
+		else if (mode & CRYPTO_WRITE)
+			rw_text="w";
+		else
+			rw_text="ERROR";
+
+		fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
+			CRYPTO_thread_id(), rw_text, operation_text,
+			CRYPTO_get_lock_name(type), file, line);
+		}
+#endif
+	if (locking_callback != NULL)
+		locking_callback(mode,type,file,line);
+	}
+
+int CRYPTO_add_lock(pointer,amount,type,file,line)
+int *pointer;
+int amount;
+int type;
+char *file;
+int line;
+	{
+	int ret;
+
+	if (add_lock_callback != NULL)
+		{
+#ifdef LOCK_DEBUG
+		int before= *pointer;
+#endif
+
+		ret=add_lock_callback(pointer,amount,type,file,line);
+#ifdef LOCK_DEBUG
+		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+			CRYPTO_thread_id(),
+			before,amount,ret,
+			CRYPTO_get_lock_name(type),
+			file,line);
+#endif
+		*pointer=ret;
+		}
+	else
+		{
+		CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
+
+		ret= *pointer+amount;
+#ifdef LOCK_DEBUG
+		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+			CRYPTO_thread_id(),
+			*pointer,amount,ret,
+			CRYPTO_get_lock_name(type),
+			file,line);
+#endif
+		*pointer=ret;
+		CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
+		}
+	return(ret);
+	}
+
+char *CRYPTO_get_lock_name(type)
+int type;
+	{
+	if ((type < 0) || (type >= CRYPTO_NUM_LOCKS))
+		return("ERROR");
+	return(lock_names[type]);
+	}
+
+#ifdef _DLL
+#ifdef WIN32
+
+/* All we really need to do is remove the 'error' state when a thread
+ * detaches */
+
+BOOL WINAPI DLLEntryPoint(hinstDLL,fdwReason,lpvReserved)
+HINSTANCE hinstDLL;
+DWORD fdwReason;
+LPVOID lpvReserved;
+	{
+	switch(fdwReason)
+		{
+	case DLL_PROCESS_ATTACH:
+		break;
+	case DLL_THREAD_ATTACH:
+		break;
+	case DLL_THREAD_DETACH:
+		ERR_remove_state(0);
+		break;
+	case DLL_PROCESS_DETACH:
+		break;
+		}
+	return(TRUE);
+	}
+#endif
+
+#endif
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
new file mode 100644
index 0000000000000000000000000000000000000000..cce9a999f31bff5bced4acc8dda8b4f352b22c7f
--- /dev/null
+++ b/crypto/cryptlib.h
@@ -0,0 +1,98 @@
+/* crypto/cryptlib.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+#define HEADER_CRYPTLIB_H
+
+#include 
+#include 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef FLAT_INC
+
+#include "e_os.h"
+#include "crypto.h"
+#include "buffer.h" 
+#include "bio.h" 
+#include "err.h"
+
+#else
+
+#include "../e_os.h"
+#include "crypto.h"
+#include "buffer/buffer.h"
+#include "bio/bio.h"
+#include "err/err.h"
+#endif
+
+#define X509_CERT_AREA		"/usr/local/ssl"
+#define X509_CERT_DIR		"/usr/local/ssl/certs"
+#define X509_CERT_FILE		"/usr/local/ssl/cert.pem"
+#define X509_PRIVATE_DIR        "/usr/local/ssl/private"
+
+#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/crypto.c b/crypto/crypto.c
new file mode 100644
index 0000000000000000000000000000000000000000..16c4af47deb0dea960781ad6b0d9ef0d4c75129e
--- /dev/null
+++ b/crypto/crypto.c
@@ -0,0 +1,512 @@
+/* crypto/crypto.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* If you are happy to use the assmbler version of bn/bn_mulw.c, define
+ * BN_ASM */
+#ifndef BN_ASM
+#undef BN_ASM
+#endif
+
+#ifndef DES_ASM
+#undef DES_ASM
+#endif
+
+#ifndef BF_ASM
+#undef BF_ASM
+#endif
+
+/* The following defines are only to break the compiles into chunks.
+ * If you wish to not compile some sections, use the 'NO_XXX' macros
+ */
+#ifndef CRYPTO_SUBSET
+/* Define all subset symbols. */
+#define CRYPTO_LIB_SUBSET
+#define CRYPTO_ASN1_SUBSET
+#define CRYPTO_BN_SUBSET
+#define CRYPTO_BUFFER_SUBSET
+#define CRYPTO_BIO_SUBSET
+#define CRYPTO_CONF_SUBSET
+#define CRYPTO_DES_SUBSET
+#define CRYPTO_DH_SUBSET
+#define CRYPTO_DSA_SUBSET
+#define CRYPTO_ERROR_SUBSET
+#define CRYPTO_EVP_SUBSET
+#define CRYPTO_IDEA_SUBSET
+#define CRYPTO_LHASH_SUBSET
+#define CRYPTO_MD_SUBSET
+#define CRYPTO_MDC2_SUBSET
+#define CRYPTO_METH_SUBSET
+#define CRYPTO_OBJECTS_SUBSET
+#define CRYPTO_PEM_SUBSET
+#define CRYPTO_RAND_SUBSET
+#define CRYPTO_RC_SUBSET
+#define CRYPTO_BF_SUBSET
+#define CRYPTO_RSA_SUBSET
+#define CRYPTO_SHA_SUBSET
+#define CRYPTO_SHA1_SUBSET
+#define CRYPTO_STACK_SUBSET
+#define CRYPTO_TXT_DB_SUBSET
+#define CRYPTO_X509_SUBSET
+#define CRYPTO_PKCS7_SUBSET
+#endif
+
+#include 
+#include 
+#include 
+
+#define USE_SOCKETS
+#include "../e_os.h"
+
+#include "buffer.h"
+#include "bio.h"
+#include "stack.h"
+#include "lhash.h"
+
+#include "err.h"
+
+#include "bn.h"
+#include "evp.h"
+
+#include "rand.h"
+#include "conf.h"
+#include "txt_db.h"
+
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "asn1.h"
+#include "objects.h"
+
+#ifdef CRYPTO_LIB_SUBSET
+#include "cryptlib.c"
+#include "mem.c"
+#include "cversion.c"
+#endif
+
+#ifdef CRYPTO_ASN1_SUBSET
+#include "asn1/a_meth.c"
+#include "asn1/a_bitstr.c"
+#include "asn1/a_d2i_fp.c"
+#include "asn1/a_dup.c"
+#include "asn1/a_hdr.c"
+#include "asn1/a_i2d_fp.c"
+#include "asn1/a_int.c"
+#include "asn1/a_bool.c"
+#include "asn1/a_bytes.c"
+#include "asn1/a_object.c"
+#include "asn1/a_octet.c"
+#include "asn1/a_print.c"
+#include "asn1/a_set.c"
+#include "asn1/a_sign.c"
+#include "asn1/a_type.c"
+#include "asn1/a_utctm.c"
+#include "asn1/a_verify.c"
+#include "asn1/a_digest.c"
+#include "asn1/asn1_err.c"
+#include "asn1/asn1_lib.c"
+#include "asn1/asn1_par.c"
+#ifndef NO_DH
+#include "asn1/d2i_dhp.c"
+#include "asn1/i2d_dhp.c"
+#endif
+#ifndef NO_DSA
+#include "asn1/d2i_dsap.c"
+#include "asn1/i2d_dsap.c"
+#include "asn1/d2i_s_pr.c"
+#include "asn1/i2d_s_pr.c"
+#include "asn1/d2i_s_pu.c"
+#include "asn1/i2d_s_pu.c"
+#endif
+#ifndef NO_RSA
+#include "asn1/d2i_r_pr.c"
+#include "asn1/i2d_r_pr.c"
+#include "asn1/d2i_r_pu.c"
+#include "asn1/i2d_r_pu.c"
+#include "asn1/n_pkey.c"
+#endif
+#include "asn1/d2i_pr.c"
+#include "asn1/d2i_pu.c"
+#include "asn1/i2d_pr.c"
+#include "asn1/i2d_pu.c"
+#include "asn1/f_int.c"
+#include "asn1/f_string.c"
+#include "asn1/p7_dgst.c"
+#include "asn1/p7_enc.c"
+#include "asn1/p7_enc_c.c"
+#include "asn1/p7_evp.c"
+#include "asn1/p7_i_s.c"
+#include "asn1/p7_lib.c"
+#include "asn1/p7_recip.c"
+#include "asn1/p7_s_e.c"
+#include "asn1/p7_signd.c"
+#include "asn1/p7_signi.c"
+#include "asn1/t_pkey.c"
+#include "asn1/t_req.c"
+#include "asn1/t_x509.c"
+#include "asn1/x_algor.c"
+#include "asn1/x_attrib.c"
+#include "asn1/x_exten.c"
+#include "asn1/x_cinf.c"
+#include "asn1/x_crl.c"
+#include "asn1/x_info.c"
+#include "asn1/x_name.c"
+#include "asn1/x_pkey.c"
+#include "asn1/x_pubkey.c"
+#include "asn1/x_req.c"
+#include "asn1/x_sig.c"
+#include "asn1/x_spki.c"
+#include "asn1/x_val.c"
+#include "asn1/x_x509.c"
+#endif
+#ifdef CRYPTO_BN_SUBSET
+#include "bn/bn_add.c"
+#include "bn/bn_div.c"
+#include "bn/bn_exp.c"
+#include "bn/bn_mont.c"
+#include "bn/bn_recp.c"
+#include "bn/bn_gcd.c"
+#include "bn/bn_lib.c"
+#include "bn/bn_mod.c"
+#include "bn/bn_mul.c"
+#ifndef BN_ASM
+#include "bn/bn_mulw.c"
+#endif
+#include "bn/bn_prime.c"
+#include "bn/bn_rand.c"
+#include "bn/bn_shift.c"
+#include "bn/bn_sqr.c"
+#include "bn/bn_sub.c"
+#include "bn/bn_word.c"
+#include "bn/bn_print.c"
+#include "bn/bn_err.c"
+#endif
+#ifdef CRYPTO_BIO_SUBSET
+#include "bio/bf_buff.c"
+#include "bio/bf_null.c"
+#include "bio/bf_nbio.c"
+#include "bio/bio_cb.c"
+#include "bio/bio_lib.c"
+#include "bio/bss_fd.c"
+#include "bio/bss_file.c"
+#include "bio/bss_mem.c"
+#include "bio/bss_null.c"
+#ifdef VMS
+#include "bio/bss_rtcp.c"
+#endif
+#include "bio/bss_sock.c"
+#include "bio/bss_conn.c"
+#include "bio/bss_acpt.c"
+#include "bio/b_sock.c"
+#include "bio/b_print.c"
+#include "bio/b_dump.c"
+#include "bio/bio_err.c"
+#endif
+#ifdef CRYPTO_BUFFER_SUBSET
+#include "buffer/buf_err.c"
+#include "buffer/buffer.c"
+#endif
+#ifdef CRYPTO_CONF_SUBSET
+#include "conf/conf.c"
+#include "conf/conf_err.c"
+#endif
+#ifdef CRYPTO_DES_SUBSET
+#include "des/read_pwd.c"
+#ifndef NO_DES
+#ifndef DES_ASM
+#include "des/fcrypt_b.c"
+#include "des/des_enc.c"
+#endif
+#include "des/ncbc_enc.c"
+#include "des/cbc3_enc.c"
+#include "des/cbc_cksm.c"
+#include "des/xcbc_enc.c"
+#include "des/cbc_enc.c"
+#include "des/ede_enc.c"
+#include "des/cfb64ede.c"
+#include "des/cfb64enc.c"
+#include "des/cfb_enc.c"
+#include "des/ecb3_enc.c"
+#include "des/ecb_enc.c"
+#include "des/enc_read.c"
+#include "des/enc_writ.c"
+#include "des/fcrypt.c"
+#include "des/ofb64ede.c"
+#include "des/ofb64enc.c"
+#include "des/ofb_enc.c"
+#include "des/pcbc_enc.c"
+#include "des/qud_cksm.c"
+#include "des/rand_key.c"
+#include "des/read2pwd.c"
+#include "des/rpc_enc.c"
+#include "des/set_key.c"
+#include "des/str2key.c"
+#include "des/supp.c"
+#endif
+#endif
+#ifdef CRYPTO_DH_SUBSET
+#ifndef NO_DH
+#include "dh/dh_check.c"
+#include "dh/dh_err.c"
+#include "dh/dh_gen.c"
+#include "dh/dh_key.c"
+#include "dh/dh_lib.c"
+#endif
+#endif
+#ifdef CRYPTO_DSA_SUBSET
+#ifndef NO_DSA
+#include "dsa/dsa_gen.c"
+#include "dsa/dsa_key.c"
+#include "dsa/dsa_lib.c"
+#include "dsa/dsa_sign.c"
+#include "dsa/dsa_vrf.c"
+#include "dsa/dsa_err.c"
+#endif
+#endif
+#ifdef CRYPTO_ERROR_SUBSET
+#include "err/err.c"
+#include "err/err_all.c"
+#include "err/err_prn.c"
+#endif
+#ifdef CRYPTO_EVP_SUBSET
+#include "evp/bio_md.c"
+#include "evp/bio_b64.c"
+#include "evp/bio_enc.c"
+#include "evp/c_all.c"
+#include "evp/digest.c"
+#ifndef NO_DES
+#include "evp/e_cbc_3d.c"
+#include "evp/e_cfb_3d.c"
+#include "evp/e_ecb_3d.c"
+#include "evp/e_ofb_3d.c"
+#include "evp/e_cbc_d.c"
+#include "evp/e_cfb_d.c"
+#include "evp/e_xcbc_d.c"
+#include "evp/e_ecb_d.c"
+#include "evp/e_ofb_d.c"
+#endif
+#ifndef NO_IDEA
+#include "evp/e_cbc_i.c"
+#include "evp/e_cfb_i.c"
+#include "evp/e_ecb_i.c"
+#include "evp/e_ofb_i.c"
+#endif
+#ifndef NO_RC2
+#include "evp/e_cbc_r2.c"
+#include "evp/e_cfb_r2.c"
+#include "evp/e_ecb_r2.c"
+#include "evp/e_ofb_r2.c"
+#endif
+#ifndef NO_BLOWFISH
+#include "evp/e_cbc_bf.c"
+#include "evp/e_cfb_bf.c"
+#include "evp/e_ecb_bf.c"
+#include "evp/e_ofb_bf.c"
+#endif
+#ifndef NO_RC4
+#include "evp/e_rc4.c"
+#endif
+#include "evp/names.c"
+#include "evp/e_null.c"
+#include "evp/encode.c"
+#include "evp/evp_enc.c"
+#include "evp/evp_err.c"
+#include "evp/evp_key.c"
+#include "evp/m_null.c"
+#include "evp/p_lib.c"
+#ifndef NO_RSA
+#include "evp/p_open.c"
+#include "evp/p_seal.c"
+#endif
+#include "evp/p_sign.c"
+#include "evp/p_verify.c"
+#endif
+#ifdef CRYPTO_IDEA_SUBSET
+#ifndef NO_IDEA
+#include "idea/i_cbc.c"
+#include "idea/i_cfb64.c"
+#include "idea/i_ecb.c"
+#include "idea/i_ofb64.c"
+#include "idea/i_skey.c"
+#endif
+#endif
+#ifdef CRYPTO_BF_SUBSET
+#ifndef NO_BLOWFISH
+#include "bf/bf_cfb64.c"
+#include "bf/bf_ecb.c"
+#ifndef BF_ASM
+#include "bf/bf_enc.c"
+#endif
+#include "bf/bf_cbc.c"
+#include "bf/bf_ofb64.c"
+#include "bf/bf_skey.c"
+#endif
+#endif
+#ifdef CRYPTO_LHASH_SUBSET
+#include "lhash/lh_stats.c"
+#include "lhash/lhash.c"
+#endif
+#ifdef CRYPTO_MD_SUBSET
+#ifndef NO_MD2
+#include "md/md2_dgst.c"
+#include "md/md2_one.c"
+#include "evp/m_md2.c"
+#endif
+#ifndef NO_MD5
+#include "md/md5_dgst.c"
+#include "md/md5_one.c"
+#include "evp/m_md5.c"
+#endif
+#endif
+#ifdef CRYPTO_MDC2_SUBSET
+#ifndef NO_MDC2
+#include "mdc2/mdc2dgst.c"
+#include "mdc2/mdc2_one.c"
+#include "evp/m_mdc2.c"
+#endif
+#endif
+#ifdef CRYPTO_OBJECTS_SUBSET
+#include "objects/obj_dat.c"
+#include "objects/obj_err.c"
+#include "objects/obj_lib.c"
+#endif
+#ifdef CRYPTO_PEM_SUBSET
+#include "pem/pem_err.c"
+#include "pem/pem_info.c"
+#include "pem/pem_lib.c"
+#include "pem/pem_all.c"
+#ifndef NO_RSA
+#include "pem/pem_seal.c"
+#include "pem/pem_sign.c"
+#endif
+#endif
+#ifdef CRYPTO_RAND_SUBSET
+#include "rand/md_rand.c"
+#include "rand/randfile.c"
+#endif
+#ifdef CRYPTO_RC_SUBSET
+#ifndef NO_RC4
+#include "rc2/rc2_cbc.c"
+#include "rc2/rc2_ecb.c"
+#include "rc2/rc2_skey.c"
+#include "rc2/rc2cfb64.c"
+#include "rc2/rc2ofb64.c"
+#include "rc4/rc4_enc.c"
+#endif
+#endif
+#ifdef CRYPTO_RSA_SUBSET
+#ifndef NO_RSA
+#include "rsa/rsa_enc.c"
+#include "rsa/rsa_err.c"
+#include "rsa/rsa_gen.c"
+#include "rsa/rsa_lib.c"
+#include "rsa/rsa_sign.c"
+#include "rsa/rsa_saos.c"
+#endif
+#endif
+#ifdef CRYPTO_SHA1_SUBSET
+#ifndef NO_SHA1
+#include "sha/sha1_one.c"
+#include "sha/sha1dgst.c"
+#include "evp/m_dss1.c"
+#include "evp/m_sha1.c"
+#endif
+#endif
+#ifdef CRYPTO_SHA_SUBSET
+#ifndef NO_SHA
+#include "evp/m_dss.c"
+#include "sha/sha_dgst.c"
+#include "sha/sha_one.c"
+#include "evp/m_sha.c"
+#endif
+#endif
+#ifdef CRYPTO_STACK_SUBSET
+#include "stack/stack.c"
+#endif
+#ifdef CRYPTO_TXT_DB_SUBSET
+#include "txt_db/txt_db.c"
+#endif
+#ifdef CRYPTO_X509_SUBSET
+#include "x509/x509_cmp.c"
+#include "x509/x509_d2.c"
+#include "x509/x509_def.c"
+#include "x509/x509_err.c"
+#include "x509/x509_ext.c"
+#include "x509/x509_lu.c"
+#include "x509/x509_obj.c"
+#include "x509/x509_r2x.c"
+#include "x509/x509_req.c"
+#include "x509/x509_set.c"
+#include "x509/x509_v3.c"
+#include "x509/x509_vfy.c"
+#include "x509/x509name.c"
+#include "x509/x509pack.c"
+#include "x509/x509rset.c"
+#include "x509/x509type.c"
+#include "x509/x_all.c"
+#include "x509/x509_txt.c"
+#include "x509/by_dir.c"
+#include "x509/by_file.c"
+#include "x509/v3_net.c"
+#include "x509/v3_x509.c"
+#endif
+#endif
+#ifdef CRYPTO_PKCS7_SUBSET /* I have an excplicit removal of 7 lines */
+#include "pkcs7/pk7_lib.c"
+#include "pkcs7/pkcs7err.c"
+#endif
+
diff --git a/crypto/crypto.h b/crypto/crypto.h
new file mode 100644
index 0000000000000000000000000000000000000000..fd7ff6a77ddcd15e3a6ff93fc6eb9e5a61fc5219
--- /dev/null
+++ b/crypto/crypto.h
@@ -0,0 +1,247 @@
+/* crypto/crypto.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This is more to be used to check the correct DLL is being used
+ * in the MS world. */
+#define SSLEAY_VERSION_NUMBER	0x0800	/* Version 0.5.1c would be 0513 */
+
+#define SSLEAY_VERSION		0
+/* #define SSLEAY_OPTIONS	1 no longer supported */
+#define SSLEAY_CFLAGS		2
+#define SSLEAY_BUILT_ON		3
+
+/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
+ * names in cryptlib.c
+ */
+
+#define	CRYPTO_LOCK_ERR			1
+#define	CRYPTO_LOCK_ERR_HASH		2
+#define	CRYPTO_LOCK_X509		3
+#define	CRYPTO_LOCK_X509_INFO		4
+#define	CRYPTO_LOCK_X509_PKEY		5
+#define CRYPTO_LOCK_X509_CRL		6
+#define CRYPTO_LOCK_X509_REQ		7
+#define CRYPTO_LOCK_DSA			8
+#define CRYPTO_LOCK_RSA			9
+#define CRYPTO_LOCK_EVP_PKEY		10
+#define	CRYPTO_LOCK_X509_STORE		11
+#define	CRYPTO_LOCK_SSL_CTX		12
+#define	CRYPTO_LOCK_SSL_CERT		13
+#define	CRYPTO_LOCK_SSL_SESSION		14
+#define	CRYPTO_LOCK_SSL			15
+#define	CRYPTO_LOCK_RAND		16
+#define	CRYPTO_LOCK_MALLOC		17
+#define	CRYPTO_LOCK_BIO			18
+#define	CRYPTO_LOCK_BIO_GETHOSTBYNAME	19
+#define	CRYPTO_NUM_LOCKS		20
+
+#define CRYPTO_LOCK		1
+#define CRYPTO_UNLOCK		2
+#define CRYPTO_READ		4
+#define CRYPTO_WRITE		8
+
+/* The following stuff is not being used, it was not finished for
+ * SSLeay 0.6.0 */
+#ifndef CRYPTO_w_lock
+#define CRYPTO_w_lock(type)	\
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_w_unlock(type)	\
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_r_lock(type)	\
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_r_unlock(type)	\
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_add(addr,amount,type)	\
+	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+
+#endif
+
+/* The following can be used to detect memory leaks in the SSLeay library.
+ * It used, it turns on malloc checking */
+
+#define CRYPTO_MEM_CHECK_OFF	0x0
+#define CRYPTO_MEM_CHECK_ON	0x1
+
+/*
+typedef struct crypto_mem_st
+	{
+	char *(*malloc_func)();
+	char *(*realloc_func)();
+	void (*free_func)();
+	} CRYPTO_MEM_FUNC;
+*/
+
+
+/* Use this for win32 DLL's */
+#define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\
+	(char *(*)())malloc,\
+	(char *(*)())realloc,\
+	(void (*)())free)
+
+#ifdef CRYPTO_MDEBUG
+#define Malloc(num)	CRYPTO_dbg_malloc((int)num,__FILE__,__LINE__)
+#define Realloc(addr,num) \
+	CRYPTO_dbg_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define Remalloc(addr,num) \
+	CRYPTO_dbg_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+#define FreeFunc	CRYPTO_dbg_free
+#define Free(addr)	CRYPTO_dbg_free((char *)(addr))
+#else
+#define Remalloc	CRYPTO_remalloc
+#if defined(WIN32) || defined(MFUNC)
+#define Malloc		CRYPTO_malloc
+#define Realloc(a,n)	CRYPTO_realloc((char *)(a),(n))
+#define FreeFunc	CRYPTO_free
+#define Free(addr)	CRYPTO_free((char *)(addr))
+#else
+#define Malloc		malloc
+#define Realloc		realloc
+#define FreeFunc	free
+#define Free(addr)	free((char *)(addr))
+#endif /* WIN32 || MFUNC */
+#endif /* MDEBUG */
+
+#ifndef NOPROTO
+
+char *SSLeay_version(int type);
+unsigned long SSLeay(void);
+
+int CRYPTO_mem_ctrl(int mode);
+void CRYPTO_lock(int mode, int type,char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
+		int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,char *file,
+		int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
+		int type,char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,
+		int type,char *file,int line);
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+unsigned long (*CRYPTO_get_id_callback(void))(void);
+unsigned long CRYPTO_thread_id(void);
+char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, char *file,int line);
+
+void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)());
+void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)());
+
+char *CRYPTO_malloc(int num);
+char *CRYPTO_realloc(char *addr,int num);
+void CRYPTO_free(char *);
+char *CRYPTO_remalloc(char *addr,int num);
+
+char *CRYPTO_dbg_malloc(int num,char *file,int line);
+char *CRYPTO_dbg_realloc(char *addr,int num,char *file,int line);
+void CRYPTO_dbg_free(char *);
+char *CRYPTO_dbg_remalloc(char *addr,int num,char *file,int line);
+#ifndef WIN16
+void CRYPTO_mem_leaks_fp(FILE *);
+#endif
+#ifdef HEADER_BIO_H
+void CRYPTO_mem_leaks(BIO *);
+#endif
+/* unsigned long order, char *file, int line, int num_bytes, char *addr */
+void CRYPTO_mem_leaks_cb(void (*cb)());
+
+#else 
+
+int CRYPTO_mem_ctrl();
+char *SSLeay_version();
+unsigned long SSLeay();
+
+void CRYPTO_lock();
+void CRYPTO_set_locking_callback();
+void (*CRYPTO_get_locking_callback())();
+void CRYPTO_set_add_lock_callback();
+int (*CRYPTO_get_add_lock_callback())();
+void CRYPTO_set_id_callback();
+unsigned long (*CRYPTO_get_id_callback())();
+unsigned long CRYPTO_thread_id();
+char *CRYPTO_get_lock_name();
+int CRYPTO_add_lock();
+
+void CRYPTO_set_mem_functions();
+void CRYPTO_get_mem_functions();
+char *CRYPTO_malloc();
+char *CRYPTO_realloc();
+void CRYPTO_free();
+char *CRYPTO_remalloc();
+char *CRYPTO_dbg_remalloc();
+char *CRYPTO_dbg_malloc();
+char *CRYPTO_dbg_realloc();
+void CRYPTO_dbg_free();
+#ifndef WIN16
+void CRYPTO_mem_leaks_fp();
+#endif
+void CRYPTO_mem_leaks();
+void CRYPTO_mem_leaks_cb();
+
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/cversion.c b/crypto/cversion.c
new file mode 100644
index 0000000000000000000000000000000000000000..d36496dcc5d71e826ae64fa0419b56d453669d10
--- /dev/null
+++ b/crypto/cversion.c
@@ -0,0 +1,99 @@
+/* crypto/cversion.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "crypto.h"
+#include "date.h"
+
+char *SSLeay_version(t)
+int t;
+	{
+	if (t == SSLEAY_VERSION)
+		return("SSLeay 0.8.1b 29-Jun-1998");
+	if (t == SSLEAY_BUILT_ON)
+		{
+#ifdef DATE
+		static char buf[sizeof(DATE)+10];
+
+		sprintf(buf,"built on %s",DATE);
+        	return(buf);
+#else
+		return("build date not available");
+#endif
+		}
+	if (t == SSLEAY_CFLAGS)
+		{
+#ifdef CFLAGS
+		static char buf[sizeof(CFLAGS)+10];
+
+		sprintf(buf,"C flags:%s",CFLAGS);
+		return(buf);
+#else
+		return("C flags not available");
+#endif
+		}
+	return("not available");
+	}
+
+unsigned long SSLeay()
+	{
+	return(SSLEAY_VERSION_NUMBER);
+	}
+
diff --git a/crypto/date.h b/crypto/date.h
new file mode 100644
index 0000000000000000000000000000000000000000..ac96ada60fcdce55551cfc1219612aa20a35e266
--- /dev/null
+++ b/crypto/date.h
@@ -0,0 +1 @@
+#define DATE	"Sat Jul 19 04:59:06 EST 1997"
diff --git a/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT
new file mode 100644
index 0000000000000000000000000000000000000000..5469e1e46996b5cf41b503e3063913d9cb27a1fc
--- /dev/null
+++ b/crypto/des/COPYRIGHT
@@ -0,0 +1,50 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with MIT's libdes.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of that the SSL library.  This can be in the form of a textual
+message at program startup or in documentation (online or textual) provided
+with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/crypto/des/DES.pm b/crypto/des/DES.pm
new file mode 100644
index 0000000000000000000000000000000000000000..6a175b6ca4b04aaaf78e6b1e2647a1dd3d02915d
--- /dev/null
+++ b/crypto/des/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/crypto/des/DES.pod b/crypto/des/DES.pod
new file mode 100644
index 0000000000000000000000000000000000000000..8a739e7ca0d0156680c1ff530ac888682ad8e64d
--- /dev/null
+++ b/crypto/des/DES.pod
@@ -0,0 +1,16 @@
+crypt	<= 	crypt(buf,salt)
+key	<=	set_odd_parity(key)
+int	<=	is_weak_key(key)
+keysched<=	set_key(key)
+key	<=	ecb_encrypt(string8,ks,enc)
+key	<=	ecb3_encrypt(input,ks1,ks2,enc)
+string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
+string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
+ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
+string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
+string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
+string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
+key	<=	random_key()
+key	<=	string_to_key(string)
+key1,key2<=	string_to_2keys(string)
+
diff --git a/crypto/des/DES.xs b/crypto/des/DES.xs
new file mode 100644
index 0000000000000000000000000000000000000000..b8050b9edf8d2c5b4d5fd233ac7a88a44bf2a9f3
--- /dev/null
+++ b/crypto/des/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+
+#define deschar	char
+static STRLEN len;
+
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+
+MODULE = DES	PACKAGE = DES	PREFIX = des_
+
+char *
+des_crypt(buf,salt)
+	char *	buf
+	char *	salt
+
+void
+des_set_odd_parity(key)
+	des_cblock *	key
+PPCODE:
+	{
+	SV *s;
+
+	s=sv_newmortal();
+	sv_setpvn(s,(char *)key,8);
+	des_set_odd_parity((des_cblock *)SvPV(s,na));
+	PUSHs(s);
+	}
+
+int
+des_is_weak_key(key)
+	des_cblock *	key
+
+des_key_schedule
+des_set_key(key)
+	des_cblock *	key
+CODE:
+	des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+	des_cblock *	input
+	des_key_schedule *	ks
+	int	encrypt
+CODE:
+	des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	char *c;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec,encrypt);
+	sv_setpvn(ST(2),(char *)c[len-8],8);
+	PUSHs(s);
+	}
+
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+	char *	input
+	des_key_schedule *	ks1
+	des_key_schedule *	ks2
+	des_cblock *	ivec1
+	des_cblock *	ivec2
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+		l,*ks1,*ks2,ivec1,ivec2,encrypt);
+	sv_setpvn(ST(3),(char *)ivec1,8);
+	sv_setpvn(ST(4),(char *)ivec2,8);
+	PUSHs(s);
+	}
+
+void
+des_cbc_cksum(input,ks,ivec)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+PPCODE:
+	{
+	SV *s1,*s2;
+	STRLEN len,l;
+	des_cblock c;
+	unsigned long i1,i2;
+
+	s1=sv_newmortal();
+	s2=sv_newmortal();
+	l=SvCUR(ST(0));
+	des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec);
+	i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+	i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+	sv_setiv(s1,i1);
+	sv_setiv(s2,i2);
+	sv_setpvn(ST(2),(char *)c,8);
+	PUSHs(s1);
+	PUSHs(s2);
+	}
+
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+	char *	input
+	int	numbits
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len;
+	char *c;
+
+	len=SvCUR(ST(0));
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+		(int)numbits,(long)len,*ks,ivec,encrypt);
+	sv_setpvn(ST(3),(char *)ivec,8);
+	PUSHs(s);
+	}
+
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+	des_cblock *	input
+	des_key_schedule *	ks1
+	des_key_schedule *	ks2
+	int	encrypt
+CODE:
+	{
+	des_cblock c;
+
+	des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+		*ks1,*ks2,encrypt);
+	RETVAL= &c;
+	}
+OUTPUT:
+RETVAL
+
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+	unsigned char *	input
+	int	numbits
+	des_key_schedule *	ks
+	des_cblock *	ivec
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	unsigned char *c;
+
+	len=SvCUR(ST(0));
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(unsigned char *)SvPV(s,na);
+	des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+		numbits,len,*ks,ivec);
+	sv_setpvn(ST(3),(char *)ivec,8);
+	PUSHs(s);
+	}
+
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	char *c;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec,encrypt);
+	sv_setpvn(ST(2),(char *)c[len-8],8);
+	PUSHs(s);
+	}
+
+des_cblock *
+des_random_key()
+CODE:
+	{
+	des_cblock c;
+
+	des_random_key(c);
+	RETVAL=&c;
+	}
+OUTPUT:
+RETVAL
+
+des_cblock *
+des_string_to_key(str)
+char *	str
+CODE:
+	{
+	des_cblock c;
+
+	des_string_to_key(str,&c);
+	RETVAL=&c;
+	}
+OUTPUT:
+RETVAL
+
+void
+des_string_to_2keys(str)
+char *	str
+PPCODE:
+	{
+	des_cblock c1,c2;
+	SV *s1,*s2;
+
+	des_string_to_2keys(str,&c1,&c2);
+	EXTEND(sp,2);
+	s1=sv_newmortal();
+	sv_setpvn(s1,(char *)c1,8);
+	s2=sv_newmortal();
+	sv_setpvn(s2,(char *)c2,8);
+	PUSHs(s1);
+	PUSHs(s2);
+	}
diff --git a/crypto/des/FILES b/crypto/des/FILES
new file mode 100644
index 0000000000000000000000000000000000000000..4c7ea2de7a06ee199d6a54bf0cec8f850a933f9e
--- /dev/null
+++ b/crypto/des/FILES
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT	- Copyright info.
+MODES.DES	- A description of the features of the different modes of DES.
+FILES		- This file.
+INSTALL		- How to make things compile.
+Imakefile	- For use with kerberos.
+README		- What this package is.
+VERSION		- Which version this is and what was changed.
+KERBEROS	- Kerberos version 4 notes.
+Makefile.PL	- An old makefile to build with perl5, not current.
+Makefile.ssl	- The SSLeay makefile
+Makefile.uni	- The normal unix makefile.
+GNUmakefile	- The makefile for use with glibc.
+makefile.bc	- A Borland C makefile
+times		- Some outputs from 'speed' on some machines.
+vms.com		- For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c		- des(1) source code.
+des.man		- des(1) manual.
+
+/* Testing and timing programs. */
+destest.c	- Source for libdes.a test program.
+speed.c		- Source for libdes.a timing program.
+rpw.c		- Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man	- libdes.a manual page.
+des.h		- Public libdes.a header file.
+ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c	- des_ecb3_encrypt() source.
+cbc_ckm.c	- des_cbc_cksum() source.
+cbc_enc.c	- des_cbc_encrypt() source.
+ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies
+		  the new iv values back in the passed iv vector.
+ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c	- des_cfb_encrypt() source.
+cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher.
+cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+ofb_enc.c	- des_cfb_encrypt() source.
+ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher.
+ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+enc_read.c	- des_enc_read() source.
+enc_writ.c	- des_enc_write() source.
+pcbc_enc.c	- des_pcbc_encrypt() source.
+qud_cksm.c	- quad_cksum() source.
+rand_key.c	- des_random_key() source.
+read_pwd.c	- Source for des_read_password() plus related functions.
+set_key.c	- Source for des_set_key().
+str2key.c	- Covert a string of any length into a key.
+fcrypt.c	- A small, fast version of crypt(3).
+des_locl.h	- Internal libdes.a header file.
+podd.h		- Odd parity tables - used in des_set_key().
+sk.h		- Lookup tables used in des_set_key().
+spr.h		- What is left of the S tables - used in ecb_encrypt().
+des_ver.h	- header file for the external definition of the
+		  version string.
+des.doc		- SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt
+		  both done in a perl library.
+testdes.pl	- Testing program for des.pl
+doIP		- Perl script used to develop IP xor/shift code.
+doPC1		- Perl script used to develop PC1 xor/shift code.
+doPC2		- Generates sk.h.
+PC1		- Output of doPC1 should be the same as output from PC1.
+PC2		- used in development of doPC2.
+shifts.pl	- Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray .  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/crypto/des/INSTALL b/crypto/des/INSTALL
new file mode 100644
index 0000000000000000000000000000000000000000..3b8dae6b5f8c47e3c80fe244088c9e42305fd918
--- /dev/null
+++ b/crypto/des/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+
+type 'make'
+
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevent option in the Makefile
+
+There are some special Makefile targets that make life easier.
+make cc		- standard cc build
+make gcc	- standard gcc build
+make x86-elf	- x86 assember (elf), linux-elf.
+make x86-out	- x86 assember (a.out), FreeBSD
+make x86-solaris- x86 assember
+make x86-bsdi	- x86 assember (a.out with primative assember).
+
+If at all possible use the assember (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assember is very very fast.
+
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/crypto/des/Imakefile b/crypto/des/Imakefile
new file mode 100644
index 0000000000000000000000000000000000000000..1b9b5629e15da7ea46b682f0e4182e09f8c172b1
--- /dev/null
+++ b/crypto/des/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+	ecb3_enc.c ofb_enc.c ofb64enc.c
+
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+	qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+	ecb3_enc.o ofb_enc.o ofb64enc.o
+
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+	vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+
+SRCDIR=$(SRCTOP)/lib/des
+
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+
+library_obj_rule()
+
+install_library_target(des,$(OBJS),$(SRCS),)
+
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/crypto/des/KERBEROS b/crypto/des/KERBEROS
new file mode 100644
index 0000000000000000000000000000000000000000..f401b10014ffbdab2bcdbac8dced4bc7ee71bc5c
--- /dev/null
+++ b/crypto/des/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+
+Now do a normal kerberos build and things should work.
+
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+
+*** make_commands.c.orig	Fri Jul  3 04:18:35 1987
+--- make_commands.c	Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+  	  if (!vfork()) {
+  	       chdir("/tmp");
+! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+  		     z_file+5, 0);
+  	       perror("/bin/ld");
+  	       _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+  	  if (!vfork()) {
+  	       chdir("/tmp");
+! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+  		     z_file+5, 0);
+  	       perror("/bin/ld");
+  	       _exit(1);
diff --git a/crypto/des/MODES.DES b/crypto/des/MODES.DES
new file mode 100644
index 0000000000000000000000000000000000000000..0cbc44f51d28ebfb887e997b027e142944b22c6e
--- /dev/null
+++ b/crypto/des/MODES.DES
@@ -0,0 +1,84 @@
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and con not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+different from the start variable values used before with the same
+key.  The reason for this is that an identical bit stream would be
+produced each time from the same parameters.  This would be
+susceptible to a 'known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- As for ECB encryption but increases the effective key length to 112 bits.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+
+Triple CBC Mode (des_3cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- As for CBC encryption but increases the effective key length to 112 bits.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
diff --git a/crypto/des/Makefile.PL b/crypto/des/Makefile.PL
new file mode 100644
index 0000000000000000000000000000000000000000..b54a24387cbc5a6978cb7da1ecaff7c906e789c1
--- /dev/null
+++ b/crypto/des/Makefile.PL
@@ -0,0 +1,14 @@
+use ExtUtils::MakeMaker;
+# See lib/ExtUtils/MakeMaker.pm for details of how to influence
+# the contents of the Makefile being created.
+&writeMakefile(
+	'potential_libs' => '',   # e.g., '-lm' 
+	'INC' => '',     # e.g., '-I/usr/include/other' 
+	'DISTNAME' => 'DES',
+	'VERSION' => '0.1',
+	'DEFINE' => '-DPERL5',
+	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+	rand_key.o set_key.o str2key.o \
+	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+	ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o',
+	);
diff --git a/crypto/des/Makefile.lit b/crypto/des/Makefile.lit
new file mode 100644
index 0000000000000000000000000000000000000000..cfd1b40e46078a2dbef4b93df5d0539d38832594
--- /dev/null
+++ b/crypto/des/Makefile.lit
@@ -0,0 +1,249 @@
+# You must select the correct terminal control system to be used to
+# turn character echo off when reading passwords.  There a 5 systems
+# SGTTY   - the old BSD system
+# TERMIO  - most system V boxes
+# TERMIOS - SGI (ala IRIX).
+# VMS     - the DEC operating system
+# MSDOS   - we all know what it is :-)
+# read_pwd.c makes a reasonable guess at what is correct.
+
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+# define to 'unsigned int'.  I have seen this give a %20 speedup.
+
+OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
+
+# Version 1.94 has changed the strings_to_key function so that it is
+# now compatible with MITs when the string is longer than 8 characters.
+# If you wish to keep the old version, uncomment the following line.
+# This will affect the -E/-D options on des(1).
+#OPTS1= -DOLD_STR_TO_KEY
+
+# There are 4 possible performance options
+# -DDES_PTR
+# -DDES_RISC1
+# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+# -DDES_UNROLL
+# after the initial build, run 'des_opts' to see which options are best
+# for your platform.  There are some listed in options.txt
+#OPTS2= -DDES_PTR 
+#OPTS3= -DDES_RISC1 # or DES_RISC2
+#OPTS4= -DDES_UNROLL
+
+OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+
+# Assember version of des_encrypt*().
+DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+#DES_ENC=asm/dx86-elf.o	asm/cx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/cx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/cx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/cx86basi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+OBJ_LIT=ede_enc.o cbc_enc.o ncbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc3_enc.o cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o \
+	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+
+GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+	des.doc options.txt asm
+GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+	GNUmakefile des.man DES.pm DES.pod DES.xs Makefile.PL \
+	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+	des.org des_locl.org
+TESTING_LIT=	destest speed des_opts
+TESTING_FULL=	destest speed des_opts $(TESTING_LIT)
+TESTING_SRC_LIT=destest.c speed.c des_opts.c
+TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+LIBDES_LIT=ede_enc.c cbc_enc.c ncbc_enc.c ecb_enc.c fcrypt.c set_key.c \
+	des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c  cbc3_enc.c  \
+	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+	rand_key.c rpc_enc.c  str2key.c  supp.c \
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c 
+
+PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+OBJ=	$(OBJ_LIT)
+GENERAL=$(GENERAL_LIT)
+TESTING=$(TESTING_LIT)
+TESTING_SRC=$(TESTING_SRC_LIT)
+HEADERS=$(HEADERS_LIT)
+LIBDES=	$(LIBDES_LIT)
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+
+DLIB=	libdes.a
+
+all: $(DLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/cx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/cx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/cx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/cx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+
+asm/cx86-elf.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DELF asm/cx86unix.cpp | $(AS) -o asm/cx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/cx86-sol.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+	as -o asm/cx86-sol.o asm/cx86-sol.s
+	rm -f asm/cx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+
+asm/cx86-out.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DOUT asm/cx86unix.cpp | $(AS) -o asm/cx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+
+asm/cx86bsdi.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DBSDI asm/cx86unix.cpp | $(AS) -o asm/cx86bsdi.o
+
+test:	all
+	./destest
+
+$(DLIB): $(OBJ)
+	/bin/rm -f $(DLIB)
+	ar cr $(DLIB) $(OBJ)
+	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
+	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
+	else exit 0; fi; fi
+
+des_opts: des_opts.o $(DLIB)
+	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+
+destest: destest.o $(DLIB)
+	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+
+rpw: rpw.o $(DLIB)
+	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+
+speed: speed.o $(DLIB)
+	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+
+des: des.o $(DLIB)
+	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBDES)
+
+tar_lit:
+	/bin/mv Makefile Makefile.tmp
+	/bin/cp Makefile.lit Makefile
+	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
+		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+tar:
+	tar chf libdes.tar $(ALL)
+
+shar:
+	shar $(ALL) >libdes.shar
+
+depend:
+	makedepend $(LIBDES) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: $(DLIB) des
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(DLIB) $(INSTALLTOP)/lib; \
+	    if test -s /bin/ranlib; then \
+	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    else \
+		if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    fi; fi; \
+	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+	    cp des.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/des.h; \
+	    cp des $(INSTALLTOP)/bin; \
+	    chmod 755 $(INSTALLTOP)/bin/des; \
+	else \
+	    echo Standalone install; \
+	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+	    if test -s /bin/ranlib; then \
+	      /bin/ranlib $(LIBDIR)/$(DLIB); \
+	    else \
+	      if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
+	      fi; \
+	    fi; \
+	    chmod 644 $(LIBDIR)/$(DLIB); \
+	    cp des $(BINDIR)/des; \
+	    chmod 711 $(BINDIR)/des; \
+	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    cp des.h $(INCDIR)/des.h; \
+	    chmod 644 $(INCDIR)/des.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..51bfe7cf37d8385e14a1fa42003ad763ded1f8e9
--- /dev/null
+++ b/crypto/des/Makefile.ssl
@@ -0,0 +1,135 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=	des
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+DES_ENC=	des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=	dx86-elf.o cx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile des.org des_locl.org
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	cbc3_enc.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+	ecb3_enc.c ecb_enc.c  ede_enc.c  enc_read.c enc_writ.c \
+	fcrypt.c   ncbc_enc.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+	des_enc.c fcrypt_b.c read2pwd.c \
+	fcrypt.c xcbc_enc.c \
+	str2key.c  cfb64ede.c ofb64ede.c supp.c
+
+LIBOBJ= set_key.o  ecb_enc.o  ede_enc.o  cbc_enc.o  cbc3_enc.o \
+	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+	enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o \
+	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+	${DES_ENC} read2pwd.o \
+	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h
+HEADER=	des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+# elf
+asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+
+asm/cx86-elf.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/cx86-sol.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+	as -o asm/cx86-sol.o asm/cx86-sol.s
+	rm -f asm/cx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/cx86-out.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+
+asm/cx86bsdi.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile
+	/bin/rm -f des.doc
+	$(TOP)/util/point.sh ../../doc/des.doc des.doc
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	/bin/rm -f asm/x86ms.pl asm/x86unix.pl
+	$(TOP)/util/point.sh ../../perlasm/x86ms.pl asm/x86ms.pl
+	$(TOP)/util/point.sh ../../perlasm/x86unix.pl asm/x86unix.pl
+
+install: installs
+
+installs:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/des/Makefile.uni b/crypto/des/Makefile.uni
new file mode 100644
index 0000000000000000000000000000000000000000..4e29805cf24f58a1f2cb102e09a83ca407c6bca0
--- /dev/null
+++ b/crypto/des/Makefile.uni
@@ -0,0 +1,249 @@
+# You must select the correct terminal control system to be used to
+# turn character echo off when reading passwords.  There a 5 systems
+# SGTTY   - the old BSD system
+# TERMIO  - most system V boxes
+# TERMIOS - SGI (ala IRIX).
+# VMS     - the DEC operating system
+# MSDOS   - we all know what it is :-)
+# read_pwd.c makes a reasonable guess at what is correct.
+
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+# define to 'unsigned int'.  I have seen this give a %20 speedup.
+
+OPTS0= -DRAND -DTERMIO #-DNOCONST
+
+# Version 1.94 has changed the strings_to_key function so that it is
+# now compatible with MITs when the string is longer than 8 characters.
+# If you wish to keep the old version, uncomment the following line.
+# This will affect the -E/-D options on des(1).
+#OPTS1= -DOLD_STR_TO_KEY
+
+# There are 4 possible performance options
+# -DDES_PTR
+# -DDES_RISC1
+# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+# -DDES_UNROLL
+# after the initial build, run 'des_opts' to see which options are best
+# for your platform.  There are some listed in options.txt
+#OPTS2= -DDES_PTR 
+#OPTS3= -DDES_RISC1 # or DES_RISC2
+#OPTS4= -DDES_UNROLL
+
+OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+
+# Assember version of des_encrypt*().
+DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+#DES_ENC=asm/dx86-elf.o	asm/cx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/cx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/cx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/cx86basi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+OBJ_LIT=ede_enc.o cbc_enc.o ncbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc3_enc.o cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o \
+	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+
+GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+	des.doc options.txt asm
+GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+	GNUmakefile des.man DES.pm DES.pod DES.xs Makefile.PL \
+	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+	des.org des_locl.org
+TESTING_LIT=	destest speed des_opts
+TESTING_FULL=	destest speed des_opts $(TESTING_LIT)
+TESTING_SRC_LIT=destest.c speed.c des_opts.c
+TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+LIBDES_LIT=ede_enc.c cbc_enc.c ncbc_enc.c ecb_enc.c fcrypt.c set_key.c \
+	des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c  cbc3_enc.c  \
+	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+	rand_key.c rpc_enc.c  str2key.c  supp.c \
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+
+PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+OBJ=	$(OBJ_FULL)
+GENERAL=$(GENERAL_FULL)
+TESTING=$(TESTING_FULL)
+TESTING_SRC=$(TESTING_SRC_FULL)
+HEADERS=$(HEADERS_FULL)
+LIBDES=	$(LIBDES_FULL)
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+
+DLIB=	libdes.a
+
+all: $(DLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/cx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/cx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/cx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/cx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+
+asm/cx86-elf.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DELF asm/cx86unix.cpp | $(AS) -o asm/cx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/cx86-sol.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+	as -o asm/cx86-sol.o asm/cx86-sol.s
+	rm -f asm/cx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+
+asm/cx86-out.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DOUT asm/cx86unix.cpp | $(AS) -o asm/cx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+
+asm/cx86bsdi.o: asm/cx86-cpp.s asm/cx86unix.cpp
+	$(CPP) -DBSDI asm/cx86unix.cpp | $(AS) -o asm/cx86bsdi.o
+
+test:	all
+	./destest
+
+$(DLIB): $(OBJ)
+	/bin/rm -f $(DLIB)
+	ar cr $(DLIB) $(OBJ)
+	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
+	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
+	else exit 0; fi; fi
+
+des_opts: des_opts.o $(DLIB)
+	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+
+destest: destest.o $(DLIB)
+	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+
+rpw: rpw.o $(DLIB)
+	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+
+speed: speed.o $(DLIB)
+	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+
+des: des.o $(DLIB)
+	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBDES)
+
+tar_lit:
+	/bin/mv Makefile Makefile.tmp
+	/bin/cp Makefile.lit Makefile
+	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
+		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+tar:
+	tar chf libdes.tar $(ALL)
+
+shar:
+	shar $(ALL) >libdes.shar
+
+depend:
+	makedepend $(LIBDES) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: $(DLIB) des
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(DLIB) $(INSTALLTOP)/lib; \
+	    if test -s /bin/ranlib; then \
+	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    else \
+		if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    fi; fi; \
+	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+	    cp des.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/des.h; \
+	    cp des $(INSTALLTOP)/bin; \
+	    chmod 755 $(INSTALLTOP)/bin/des; \
+	else \
+	    echo Standalone install; \
+	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+	    if test -s /bin/ranlib; then \
+	      /bin/ranlib $(LIBDIR)/$(DLIB); \
+	    else \
+	      if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
+	      fi; \
+	    fi; \
+	    chmod 644 $(LIBDIR)/$(DLIB); \
+	    cp des $(BINDIR)/des; \
+	    chmod 711 $(BINDIR)/des; \
+	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    cp des.h $(INCDIR)/des.h; \
+	    chmod 644 $(INCDIR)/des.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/des/PC1 b/crypto/des/PC1
new file mode 100644
index 0000000000000000000000000000000000000000..efb8348b72d73cf8b6c111db087824e5f840aaeb
--- /dev/null
+++ b/crypto/des/PC1
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+@PC1=(  57,49,41,33,25,17, 9,
+	 1,58,50,42,34,26,18,
+	10, 2,59,51,43,35,27,
+	19,11, 3,60,52,44,36,
+	"-","-","-","-",
+	63,55,47,39,31,23,15,
+	 7,62,54,46,38,30,22,
+	14, 6,61,53,45,37,29,
+	21,13, 5,28,20,12, 4,
+	"-","-","-","-",
+	);
+
+foreach (@PC1)
+	{
+	if ($_ ne "-")
+		{
+		$_--;
+		$_=int($_/8)*8+7-($_%8);
+		printf "%2d  ",$_;
+		}
+	else
+		{ print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	print "\n" if ((($i) % 32) == 0);
+	}
+
diff --git a/crypto/des/PC2 b/crypto/des/PC2
new file mode 100644
index 0000000000000000000000000000000000000000..2d560270ecd80b1cc48f406bc6b7353251c7f6a2
--- /dev/null
+++ b/crypto/des/PC2
@@ -0,0 +1,57 @@
+#!/usr/local/bin/perl
+
+@PC2_C=(14,17,11,24, 1, 5,
+	 3,28,15, 6,21,10,
+	23,19,12, 4,26, 8,
+	16, 7,27,20,13, 2,
+	);
+
+@PC2_D=(41,52,31,37,47,55,
+	30,40,51,45,33,48,
+	44,49,39,56,34,53,
+	46,42,50,36,29,32,
+	);
+
+foreach (@PC2_C) {
+	if ($_ ne "-")
+		{
+		$_--;
+		printf "%2d  ",$_; }
+	else { print "--  "; }
+	$C{$_}=1;
+	print "\n" if (((++$i) % 8) == 0);
+	}
+$i=0;
+print "\n";
+foreach (@PC2_D) {
+	if ($_ ne "-")
+		{
+		$_-=29;
+		printf "%2d  ",$_; }
+	else { print "--  "; }
+	$D{$_}=1;
+	print "\n" if (((++$i) % 8) == 0); }
+
+print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$C{$i};
+	if ($_ ne "-") {printf "%2d ",$_;}
+	else { print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	}
+print "\n";
+
+print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$D{$i};
+	if ($_ ne "-") {printf "%2d  ",$_;}
+	else { print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	}
+print "\n";
+sub numsort
+	{
+	$a-$b;
+	}
diff --git a/crypto/des/README b/crypto/des/README
new file mode 100644
index 0000000000000000000000000000000000000000..621a5ab4676b4f52788ef8e754ca0d69802225da
--- /dev/null
+++ b/crypto/des/README
@@ -0,0 +1,54 @@
+
+		libdes, Version 4.01 10-Jan-97
+
+		Copyright (c) 1997, Eric Young
+			  All rights reserved.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+
+The best way to build this library is to build it as part of SSLeay.
+
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+
+The Imakefile is setup for use in the kerberos distribution.
+
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+
+Eric Young (eay@cryptsoft.com)
+
diff --git a/crypto/des/VERSION b/crypto/des/VERSION
new file mode 100644
index 0000000000000000000000000000000000000000..b5a2fb7ed901efdb4867eeb7fbd280102621ccd2
--- /dev/null
+++ b/crypto/des/VERSION
@@ -0,0 +1,387 @@
+Version 4.02
+	I was doing if (memcmp(weak_keys[i],key,sizeof(key)) == 0)
+	when checking for weak keys which is wrong :-(, pointed out by
+	rkus F.X.J. Oberhumer .
+
+Version 4.01
+	Even faster inner loop in the DES assember for x86 and a modification
+	for IP/FP which is faster on x86.  Both of these changes are
+	from Svend Olaf Mikkelsen .  His
+	changes make the assember run %40 faster on a pentium.  This is just
+	a case of getting the instruction sequence 'just right'.
+	All credit to 'Svend' :-)
+	Quite a few special x86 'make' targets.
+	A libdes-l (lite) distribution.
+
+Version 4.00
+	After a bit of a pause, I'll up the major version number since this
+	is mostly a performace release.  I've added x86 assember and
+	added more options for performance.  A %28 speedup for gcc 
+	on a pentium and the assember is a %50 speedup.
+	MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+	Run des_opts to work out which options should be used.
+	DES_RISC1/DES_RISC2 use alternative inner loops which use
+	more registers but should give speedups on any CPU that does
+	dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+	which costs in code size.
+
+Version 3.26
+	I've finally removed one of the shifts in D_ENCRYPT.  This
+	meant I've changed the des_SPtrans table (spr.h), the set_key()
+	function and some things in des_enc.c.  This has definitly
+	made things faster :-).  I've known about this one for some
+	time but I've been too lazy to follow it up :-).
+	Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+	instead of L^=((..)|(..)|(..)..  This should save a register at
+	least.
+	Assember for x86.  The file to replace is des_enc.c, which is replaced
+	by one of the assember files found in asm.  Look at des/asm/readme
+	for more info.
+
+	/* Modification to fcrypt so it can be compiled to support
+	HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+	Thanks to Jens Kupferschmidt . */
+
+	SIGWINCH case put in des_read_passwd() so the function does not
+	'exit' if this function is recieved.
+
+Version 3.25 17/07/96
+	Modified read_pwd.c so that stdin can be read if not a tty.
+	Thanks to Jeff Barber  for the patches.
+	des_init_random_number_generator() shortened due to VMS linker
+	limits.
+	Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+	8 byte quantites xored before and after encryption.
+	des_xcbc_encryption() - the name is funny to preserve the des_
+	prefix on all functions.
+
+Version 3.24 20/04/96
+	The DES_PTR macro option checked and used by SSLeay configuration
+
+Version 3.23 11/04/96
+	Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+	it gives a %20 speedup :-)
+	Fixed the problem with des.pl under perl5.  The patches were
+	sent by Ed Kubaitis (ejk@uiuc.edu).
+	if fcrypt.c, changed values to handle illegal salt values the way
+	normal crypt() implementations do.  Some programs apparently use
+	them :-(. The patch was sent by Bjorn Gronvall 
+
+Version 3.22 29/11/95
+	Bug in des(1), an error with the uuencoding stuff when the
+	'data' is small, thanks to Geoff Keating 
+	for the patch.
+
+Version 3.21 22/11/95
+	After some emailing back and forth with 
+	Colin Plumb , I've tweaked a few things
+	and in a future version I will probably put in some of the
+	optimisation he suggested for use with the DES_USE_PTR option.
+	Extra routines from Mark Murray  for use in
+	freeBSD.  They mostly involve random number generation for use
+	with kerberos.  They involve evil machine specific system calls
+	etc so I would normally suggest pushing this stuff into the
+	application and/or using RAND_seed()/RAND_bytes() if you are
+	using this DES library as part of SSLeay.
+	Redone the read_pw() function so that it is cleaner and
+	supports termios, thanks to Sameer Parekh 
+	for the initial patches for this.
+	Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+	 done just to make things more consistent.
+	I have also now added triple DES versions of cfb and ofb.
+
+Version 3.20
+	Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+	my des_random_seed() function was only copying 4 bytes of the
+	passed seed into the init structure.  It is now fixed to copy 8.
+	My own suggestion is to used something like MD5 :-)
+
+Version 3.19 
+	While looking at my code one day, I though, why do I keep on
+	calling des_encrypt(in,out,ks,enc) when every function that
+	calls it has in and out the same.  So I dropped the 'out'
+	parameter, people should not be using this function.
+
+Version 3.18 30/08/95
+	Fixed a few bit with the distribution and the filenames.
+	3.17 had been munged via a move to DOS and back again.
+	NO CODE CHANGES
+
+Version 3.17 14/07/95
+	Fixed ede3 cbc which I had broken in 3.16.  I have also
+	removed some unneeded variables in 7-8 of the routines.
+
+Version 3.16 26/06/95
+	Added des_encrypt2() which does not use IP/FP, used by triple
+	des routines.  Tweaked things a bit elsewhere. %13 speedup on
+	sparc and %6 on a R4400 for ede3 cbc mode.
+
+Version 3.15 06/06/95
+	Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+	'normal' and copies the new iv value back over the top of the
+	passed parameter.
+	CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+	the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+	only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+	I need to update the documentation.
+
+Version 3.14 31/05/95
+	New release upon the world, as part of my SSL implementation.
+	New copyright and usage stuff.  Basically free for all to use
+	as long as you say it came from me :-)
+
+Version 3.13 31/05/95
+	A fix in speed.c, if HZ is not defined, I set it to 100.0
+	which is reasonable for most unixes except SunOS 4.x.
+	I now have a #ifdef sun but timing for SunOS 4.x looked very
+	good :-(.  At my last job where I used SunOS 4.x, it was
+	defined to be 60.0 (look at the old INSTALL documentation), at
+	the last release had it changed to 100.0 since I now work with
+	Solaris2 and SVR4 boxes.
+	Thanks to  Rory Chisholm  for pointing this
+	one out.
+
+Version 3.12 08/05/95
+	As pointed out by The Crypt Keeper ,
+	my D_ENCRYPT macro in crypt() had an un-necessary variable.
+	It has been removed.
+
+Version 3.11 03/05/95
+	Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+	and one iv.  It is a standard and I needed it for my SSL code.
+	It makes more sense to use this for triple DES than
+	3cbc_encrypt().  I have also added (or should I say tested :-)
+	cfb64_encrypt() which is cfb64 but it will encrypt a partial
+	number of bytes - 3 bytes in 3 bytes out.  Again this is for
+	my SSL library, as a form of encryption to use with SSL
+	telnet.
+
+Version 3.10 22/03/95
+	Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+	to cbc3_encrypt, the 2 iv values that were being returned to
+	be used in the next call were reversed :-(.
+	Many thanks to Bill Wade  for pointing out
+	this error.
+
+Version 3.09 01/02/95
+	Fixed des_random_key to far more random, it was rather feeble
+	with regards to picking the initial seed.  The problem was
+	pointed out by Olaf Kirch .
+
+Version 3.08 14/12/94
+	Added Makefile.PL so libdes can be built into perl5.
+	Changed des_locl.h so RAND is always defined.
+
+Version 3.07 05/12/94
+	Added GNUmake and stuff so the library can be build with
+	glibc.
+
+Version 3.06 30/08/94
+	Added rpc_enc.c which contains _des_crypt.  This is for use in
+	secure_rpc v 4.0
+	Finally fixed the cfb_enc problems.
+	Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+	to Rob McMillan 
+
+Version 3.05 21/04/94
+	for unsigned long l; gcc does not produce ((l>>34) == 0)
+	This causes bugs in cfb_enc.
+	Thanks to Hadmut Danisch 
+
+Version 3.04 20/04/94
+	Added a version number to des.c and libdes.a
+
+Version 3.03 12/01/94
+	Fixed a bug in non zero iv in 3cbc_enc.
+
+Version 3.02 29/10/93
+	I now work in a place where there are 6+ architectures and 14+
+	OS versions :-).
+	Fixed TERMIO definition so the most sys V boxes will work :-)
+
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+	Added des_3cbc_encrypt()
+
+Version 3.00 07/10/93
+	Fixed up documentation.
+	quad_cksum definitely compatible with MIT's now.
+
+Version 2.30 24/08/93
+	Triple DES now defaults to triple cbc but can do triple ecb
+	 with the -b flag.
+	Fixed some MSDOS uuen/uudecoding problems, thanks to
+	Added prototypes.
+	
+Version 2.22 29/06/93
+	Fixed a bug in des_is_weak_key() which stopped it working :-(
+	thanks to engineering@MorningStar.Com.
+
+Version 2.21 03/06/93
+	des(1) with no arguments gives quite a bit of help.
+	Added -c (generate ckecksum) flag to des(1).
+	Added -3 (triple DES) flag to des(1).
+	Added cfb and ofb routines to the library.
+
+Version 2.20 11/03/93
+	Added -u (uuencode) flag to des(1).
+	I have been playing with byte order in quad_cksum to make it
+	 compatible with MIT's version.  All I can say is avid this
+	 function if possible since MIT's output is endian dependent.
+
+Version 2.12 14/10/92
+	Added MSDOS specific macro in ecb_encrypt which gives a %70
+	 speed up when the code is compiled with turbo C.
+
+Version 2.11 12/10/92
+	Speedup in set_key (recoding of PC-1)
+	 I now do it in 47 simple operations, down from 60.
+	 Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 for motivating me to look for a faster system :-)
+	 The speedup is probably less that 1% but it is still 13
+	 instructions less :-).
+
+Version 2.10 06/10/92
+	The code now works on the 64bit ETA10 and CRAY without modifications or
+	 #defines.  I believe the code should work on any machine that
+	 defines long, int or short to be 8 bytes long.
+	Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+	 for helping me fix the code to run on 64bit machines (he had
+	 access to an ETA10).
+	Thanks also to John Fletcher 
+	 for testing the routines on a CRAY.
+	read_password.c has been renamed to read_passwd.c
+	string_to_key.c has been renamed to string2key.c
+
+Version 2.00 14/09/92
+	Made mods so that the library should work on 64bit CPU's.
+	Removed all my uchar and ulong defs.  To many different
+	 versions of unix define them in their header files in too many
+	 different combinations :-)
+	IRIX - Sillicon Graphics mods (mostly in read_password.c).
+	 Thanks to Andrew Daviel (advax@erich.triumf.ca)
+
+Version 1.99 26/08/92
+	Fixed a bug or 2 in enc_read.c
+	Fixed a bug in enc_write.c
+	Fixed a pseudo bug in fcrypt.c (very obscure).
+
+Version 1.98 31/07/92
+	Support for the ETA10.  This is a strange machine that defines
+	longs and ints as 8 bytes and shorts as 4 bytes.
+	Since I do evil things with long * that assume that they are 4
+	bytes.  Look in the Makefile for the option to compile for
+	this machine.  quad_cksum appears to have problems but I
+	will don't have the time to fix it right now, and this is not
+	a function that uses DES and so will not effect the main uses
+	of the library.
+
+Version 1.97 20/05/92 eay
+	Fixed the Imakefile and made some changes to des.h to fix some
+	problems when building this package with Kerberos v 4.
+
+Version 1.96 18/05/92 eay
+	Fixed a small bug in string_to_key() where problems could
+	occur if des_check_key was set to true and the string
+	generated a weak key.
+
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+	Added an alternative version of the D_ENCRYPT macro in
+	ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+	other will be faster.  This was inspired by 
+	Dana How , and her pointers about doing the
+	*(ulong *)((uchar *)ptr+(value&0xfc))
+	vs
+	ptr[value&0x3f]
+	to stop the C compiler doing a <<2 to convert the long array index.
+
+Version 1.94 05/05/92 eay
+	Fixed an incompatibility between my string_to_key and the MIT
+	 version.  When the key is longer than 8 chars, I was wrapping
+	 with a different method.  To use the old version, define
+	 OLD_STR_TO_KEY in the makefile.  Thanks to
+	 viktor@newsu.shearson.com (Viktor Dukhovni).
+
+Version 1.93 28/04/92 eay
+	Fixed the VMS mods so that echo is now turned off in
+	 read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+	MSDOS support added.  The routines can be compiled with
+	 Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+	Changed D_ENCRYPT so that the rotation of R occurs outside of
+	 the loop.  This required rotating all the longs in sp.h (now
+	 called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	speed.c has been changed so it will work without SIGALRM.  If
+	 times(3) is not present it will try to use ftime() instead.
+
+Version 1.91 08/04/92 eay
+	Added -E/-D options to des(1) so it can use string_to_key.
+	Added SVR4 mods suggested by witr@rwwa.COM
+	Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+	anyone knows how to turn of tty echo in VMS please tell me or
+	implement it yourself :-).
+	Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+	does not like IN/OUT being used.
+
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+	Now contains a fast small crypt replacement.
+	Added des(1) command.
+	Added des_rw_mode so people can use cbc encryption with
+	enc_read and enc_write.
+
+Version 1.8 15/10/91 eay
+	Bug in cbc_cksum.
+	Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+	one out.
+
+Version 1.7 24/09/91 eay
+	Fixed set_key :-)
+	set_key is 4 times faster and takes less space.
+	There are a few minor changes that could be made.
+
+Version 1.6 19/09/1991 eay
+	Finally go IP and FP finished.
+	Now I need to fix set_key.
+	This version is quite a bit faster that 1.51
+
+Version 1.52 15/06/1991 eay
+	20% speedup in ecb_encrypt by changing the E bit selection
+	to use 2 32bit words.  This also required modification of the
+	sp table.  There is still a way to speedup the IP and IP-1
+	(hints from outer@sq.com) still working on this one :-(.
+
+Version 1.51 07/06/1991 eay
+	Faster des_encrypt by loop unrolling
+	Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+
+Version 1.50 28/05/1991 eay
+	Optimised the code a bit more for the sparc.  I have improved the
+	speed of the inner des_encrypt by speeding up the initial and
+	final permutations.
+
+Version 1.40 23/10/1990 eay
+	Fixed des_random_key, it did not produce a random key :-(
+
+Version 1.30  2/10/1990 eay
+	Have made des_quad_cksum the same as MIT's, the full package
+	should be compatible with MIT's
+	Have tested on a DECstation 3100
+	Still need to fix des_set_key (make it faster).
+	Does des_cbc_encrypts at 70.5k/sec on a 3100.
+
+Version 1.20 18/09/1990 eay
+	Fixed byte order dependencies.
+	Fixed (I hope) all the word alignment problems.
+	Speedup in des_ecb_encrypt.
+
+Version 1.10 11/09/1990 eay
+	Added des_enc_read and des_enc_write.
+	Still need to fix des_quad_cksum.
+	Still need to document des_enc_read and des_enc_write.
+
+Version 1.00 27/08/1990 eay
+
diff --git a/crypto/des/asm/c-win32.asm b/crypto/des/asm/c-win32.asm
new file mode 100644
index 0000000000000000000000000000000000000000..b7460b8ef7f1adb2ff5ee65c561052604deb24f3
--- /dev/null
+++ b/crypto/des/asm/c-win32.asm
@@ -0,0 +1,929 @@
+	; Don't even think of reading this code
+	; It was automatically generated by crypt.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, Win32, or Solaris
+	; It can be found in SSLeay 0.6.5+ or in libdes 3.26+
+	; eric 
+	; The inner loop instruction sequence and the IP/FP modifications
+	; are from Svend Olaf Mikkelsen 
+	; 
+	TITLE	dx86xxxx.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_fcrypt_body
+EXTRN	_des_SPtrans:DWORD
+_fcrypt_body PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	xor	edi,		edi
+	xor	esi,		esi
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	DWORD PTR 36[esp],25
+L000start:
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR [ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 8[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 16[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 24[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 32[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 40[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 48[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 56[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 64[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 72[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 80[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 88[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 96[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 104[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 112[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 28[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 32[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 120[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	mov	eax,		edi
+	dec	DWORD PTR 36[esp]
+	mov	edi,		esi
+	mov	esi,		eax
+	jnz	L000start
+	; 
+	; FP
+	mov	edx,		DWORD PTR 20[esp]
+	ror	edi,		1
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		0aaaaaaaah
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	eax,		23
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		003fc03fch
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	esi,		10
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		033333333h
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	edi,		18
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0fff0000fh
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	rol	esi,		12
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0f0f0f0f0h
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [edx],eax
+	mov	DWORD PTR 4[edx],edi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_fcrypt_body ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/des/asm/c-win32.uu b/crypto/des/asm/c-win32.uu
new file mode 100644
index 0000000000000000000000000000000000000000..09d5d7dd3373a3b52d65ad9b2a8f09eaf60b1fa1
--- /dev/null
+++ b/crypto/des/asm/c-win32.uu
@@ -0,0 +1,99 @@
+begin 640 c-win32.obj
+M3`$"`/4&DC,,$```"0`````````N=&5X=```````````````J`H``&0````,
+M"P```````(`````@`#!@+F1A=&$```"H"@`````````````,$```````````
+M````````0``PP%535EH0BTPD(#/6
+M(\(CT8O8P>,0B\K!X1`SPS/1BUT`,\.+300SQC/6,]$E_/S\_#/;@>+/S\_/
+M,\F*V(K,PH0
+MBZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$
+M```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1
+MBUT(,\.+30PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_6+;"08BLXE_P``
+M`('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6
+MP>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUT0,\.+310SQC/6,]$E_/S\
+M_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
+M!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0
+MB\K!X1`SPS/1BUT8,\.+31PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_6+
+M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
+M`#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUT@,\.+320S
+MQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;
+M``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7
+M(\(CT8O8P>,0B\K!X1`SPS/1BUTH,\.+32PSQS/7,]$E_/S\_#/;@>+/S\_/
+M,\F*V(K,PH0
+MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
+M```S\XN:``4``#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1
+MBUTP,\.+330SQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_V+;"08BLXE_P``
+M`('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7
+MP>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1BUTX,\.+33PSQS/7,]$E_/S\
+M_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`
+M!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0
+MB\K!X1`SPS/1BUU`,\.+340SQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_V+
+M;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4`
+M`#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1BUU(,\.+34PS
+MQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_6+;"08BLXE_P```('B_P```(N;
+M``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6P>H0BTPD(#/6
+M(\(CT8O8P>,0B\K!X1`SPS/1BUU0,\.+350SQC/6,]$E_/S\_#/;@>+/S\_/
+M,\F*V(K,PH0
+MBZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$
+M```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1
+MBUU8,\.+35PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_6+;"08BLXE_P``
+M`('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6
+MP>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUU@,\.+360SQC/6,]$E_/S\
+M_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
+M!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0
+MB\K!X1`SPS/1BUUH,\.+36PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_6+
+M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
+M`#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUUP,\.+370S
+MQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;
+M``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7
+M(\(CT8O8P>,0B\K!X1`SPS/1BUUX,\.+37PSQS/7,]$E_/S\_#/;@>+/S\_/
+M,\F*V(K,PH0
+MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
+M```S\XN:``4``#/SB\?_3"0DB_Z+\`^%T/7__XM4)!31SXO&,_>!YJJJJJHS
+MQC/^P<`7B_`SQR7\`_P#,_`S^,'&"HO&,_>!YC,S,S,SQC/^P<<2B_;P\/#P,_XSQL'(!(D"B7H$7UY;7<-;````!P``
+M``8`90````<````&`'(````'````!@!_````!P````8`F`````<````&`*``
+M```'````!@"H````!P````8`L`````<````&`/T````'````!@`'`0``!P``
+M``8`%`$```<````&`"$!```'````!@`Z`0``!P````8`0@$```<````&`$H!
+M```'````!@!2`0``!P````8`GP$```<````&`*D!```'````!@"V`0``!P``
+M``8`PP$```<````&`-P!```'````!@#D`0``!P````8`[`$```<````&`/0!
+M```'````!@!!`@``!P````8`2P(```<````&`%@"```'````!@!E`@``!P``
+M``8`?@(```<````&`(8"```'````!@".`@``!P````8`E@(```<````&`.,"
+M```'````!@#M`@``!P````8`^@(```<````&``<#```'````!@`@`P``!P``
+M``8`*`,```<````&`#`#```'````!@`X`P``!P````8`A0,```<````&`(\#
+M```'````!@"<`P``!P````8`J0,```<````&`,(#```'````!@#*`P``!P``
+M``8`T@,```<````&`-H#```'````!@`G!```!P````8`,00```<````&`#X$
+M```'````!@!+!```!P````8`9`0```<````&`&P$```'````!@!T!```!P``
+M``8`?`0```<````&`,D$```'````!@#3!```!P````8`X`0```<````&`.T$
+M```'````!@`&!0``!P````8`#@4```<````&`!8%```'````!@`>!0``!P``
+M``8`:P4```<````&`'4%```'````!@""!0``!P````8`CP4```<````&`*@%
+M```'````!@"P!0``!P````8`N`4```<````&`,`%```'````!@`-!@``!P``
+M``8`%P8```<````&`"0&```'````!@`Q!@``!P````8`2@8```<````&`%(&
+M```'````!@!:!@``!P````8`8@8```<````&`*\&```'````!@"Y!@``!P``
+M``8`Q@8```<````&`-,&```'````!@#L!@``!P````8`]`8```<````&`/P&
+M```'````!@`$!P``!P````8`40<```<````&`%L'```'````!@!H!P``!P``
+M``8`=0<```<````&`(X'```'````!@"6!P``!P````8`G@<```<````&`*8'
+M```'````!@#S!P``!P````8`_0<```<````&``H(```'````!@`7"```!P``
+M``8`,`@```<````&`#@(```'````!@!`"```!P````8`2`@```<````&`)4(
+M```'````!@"?"```!P````8`K`@```<````&`+D(```'````!@#2"```!P``
+M``8`V@@```<````&`.((```'````!@#J"```!P````8`-PD```<````&`$$)
+M```'````!@!."0``!P````8`6PD```<````&`'0)```'````!@!\"0``!P``
+M``8`A`D```<````&`(P)```'````!@#9"0``!P````8`XPD```<````&`/`)
+M```'````!@#]"0``!P````8`%@H```<````&`!X*```'````!@`F"@``!P``
+M``8`+@H```<````&`"YF:6QE`````````/[_``!G`BY<8W)Y<'1O7&1E");
+&comment("The inner loop instruction sequence and the IP/FP modifications");
+&comment("are from Svend Olaf Mikkelsen ");
+
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&fcrypt_body("fcrypt_body");
+
+&file_end();
+
+sub fcrypt_body
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	&xor(	$L,	$L);
+	&xor(	$R,	$R);
+	&mov($ks,&wparam(1));
+
+	&mov(&wtmp(1),	25);
+
+	&set_label("start");
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&mov("eax",	$L);
+	&dec(&wtmp(1));
+	&mov($L,	$R);
+	&mov($R,	"eax");
+	&jnz(&label("start"));
+
+	&comment("");
+	&comment("FP");
+	&mov("edx",&wparam(0));
+
+	&FP_new($R,$L,"eax",3);
+	&mov(&DWP(0,"edx","",0),"eax");
+	&mov(&DWP(4,"edx","",0),$L);
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&wparam(2));			# 2
+	&mov(	$t,		$R);
+	&shr(	$t,		16);				# 1
+	&mov(	$tmp2,		&wparam(3));			# 2
+	&xor(	$t,		$R);				# 1
+
+	&and(	$u,		$t);				# 2
+	&and(	$t,		$tmp2);				# 2
+
+	&mov(	$tmp1,		$u);
+	&shl(	$tmp1,		16); 				# 1
+	&mov(	$tmp2,		$t);
+	&shl(	$tmp2,		16); 				# 1
+	&xor(	$u,		$tmp1);				# 2
+	&xor(	$t,		$tmp2);				# 2
+	&mov(	$tmp1,		&DWP(&n2a($S*4),$ks,"",0));	# 2
+	&xor(	$u,		$tmp1);
+	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$ks,"",0));	# 2
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&xor(	$t,		$tmp2);
+
+	&and(	$u,		"0xfcfcfcfc"	);		# 2
+	&xor(	$tmp1,		$tmp1);				# 1
+	&and(	$t,		"0xcfcfcfcf"	);		# 2
+	&xor(	$tmp2,		$tmp2);	
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); 
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP(24,"esp","",0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/des/asm/cx86-cpp.s b/crypto/des/asm/cx86-cpp.s
new file mode 100644
index 0000000000000000000000000000000000000000..e5165fadf93b8532b70b8cd2835294897bd3eff8
--- /dev/null
+++ b/crypto/des/asm/cx86-cpp.s
@@ -0,0 +1,932 @@
+	/* Don't even think of reading this code */
+	/* It was automatically generated by crypt.pl */
+	/* Which is a perl program used to generate the x86 assember for */
+	/* any of elf, a.out, Win32, or Solaris */
+	/* It can be found in SSLeay 0.6.5+ or in libdes 3.26+ */
+	/* eric  */
+	/* The inner loop instruction sequence and the IP/FP modifications */
+	/* are from Svend Olaf Mikkelsen  */
+
+	.file	"dx86xxxx.s"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align ALIGN
+.globl fcrypt_body
+	TYPE(fcrypt_body,@function)
+fcrypt_body:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the 2 words */
+	xorl	%edi,		%edi
+	xorl	%esi,		%esi
+	movl	24(%esp),	%ebp
+	movl	$25,		-8(%esp)
+.align ALIGN
+.L000start:
+
+	/* Round 0 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	(%ebp),		%ebx
+	xorl	%ebx,		%eax
+	movl	4(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	8(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	12(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	16(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	20(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	24(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	28(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	32(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	36(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	40(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	44(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	48(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	52(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	56(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	60(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	64(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	68(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	72(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	76(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	80(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	84(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	88(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	92(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	96(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	100(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	104(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	108(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	28(%esp),	%eax
+	movl	%esi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%esi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	112(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	116(%ebp),	%ecx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	28(%esp),	%eax
+	movl	%edi,		%edx
+	shrl	$16,		%edx
+	movl	32(%esp),	%ecx
+	xorl	%edi,		%edx
+	andl	%edx,		%eax
+	andl	%ecx,		%edx
+	movl	%eax,		%ebx
+	sall	$16,		%ebx
+	movl	%edx,		%ecx
+	sall	$16,		%ecx
+	xorl	%ebx,		%eax
+	xorl	%ecx,		%edx
+	movl	120(%ebp),	%ebx
+	xorl	%ebx,		%eax
+	movl	124(%ebp),	%ecx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	xorl	%ecx,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	xorl	%ebx,		%ebx
+	andl	$0xcfcfcfcf,	%edx
+	xorl	%ecx,		%ecx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	movl	%edi,		%eax
+	decl	-8(%esp)
+	movl	%esi,		%edi
+	movl	%eax,		%esi
+	jnz	.L000start
+
+	/* FP */
+	movl	20(%esp),	%edx
+	rorl	$1,		%edi
+	movl	%esi,		%eax
+	xorl	%edi,		%esi
+	andl	$0xaaaaaaaa,	%esi
+	xorl	%esi,		%eax
+	xorl	%esi,		%edi
+
+	roll	$23,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+	roll	$10,		%esi
+	movl	%esi,		%eax
+	xorl	%edi,		%esi
+	andl	$0x33333333,	%esi
+	xorl	%esi,		%eax
+	xorl	%esi,		%edi
+
+	roll	$18,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xfff0000f,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	roll	$12,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xf0f0f0f0,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%edx)
+	movl	%edi,		4(%edx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.fcrypt_body_end:
+	SIZE(fcrypt_body,.fcrypt_body_end-fcrypt_body)
+.ident	"desasm.pl"
diff --git a/crypto/des/asm/cx86unix.cpp b/crypto/des/asm/cx86unix.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..90f87c95ef6e51e7ec037b57a3f60b86a9db9f76
--- /dev/null
+++ b/crypto/des/asm/cx86unix.cpp
@@ -0,0 +1,35 @@
+
+#define TYPE(a,b)	.type	a,b
+#define SIZE(a,b)	.size	a,b
+
+#ifdef OUT
+#define OK		1
+#define des_SPtrans	_des_SPtrans
+#define fcrypt_body	_fcrypt_body
+#define ALIGN		4
+#endif
+
+#ifdef BSDI
+#define OK		1
+#define des_SPtrans	_des_SPtrans
+#define fcrypt_body	_fcrypt_body
+#define ALIGN		4
+#undef SIZE
+#undef TYPE
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK		1
+#define ALIGN		16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+#include "cx86-cpp.s" 
+
diff --git a/crypto/des/asm/d-win32.asm b/crypto/des/asm/d-win32.asm
new file mode 100644
index 0000000000000000000000000000000000000000..fc62e3b785ffdf76b167594f08816311a4cfeb90
--- /dev/null
+++ b/crypto/des/asm/d-win32.asm
@@ -0,0 +1,2765 @@
+	; Don't even think of reading this code
+	; It was automatically generated by des-som3.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, Win32, or Solaris
+	; It can be found in SSLeay 0.6.5+ or in libdes 3.26+
+	; eric 
+	; The inner loop instruction sequence and the IP/FP modifications
+	; are from Svend Olaf Mikkelsen 
+	; 
+	TITLE	dx86xxxx.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt
+EXTRN	_des_SPtrans:DWORD
+_des_encrypt PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	esi,		DWORD PTR 20[esp]
+	xor	ecx,		ecx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 28[esp]
+	mov	edi,		DWORD PTR 4[esi]
+	; 
+	; IP
+	rol	eax,		4
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		0f0f0f0f0h
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	edi,		20
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0fff0000fh
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		14
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		033333333h
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	esi,		22
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		003fc03fch
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	eax,		9
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		0aaaaaaaah
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	edi,		1
+	cmp	ebx,		0
+	mov	ebp,		DWORD PTR 24[esp]
+	je	$L000start_decrypt
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	jmp	$L001end
+$L000start_decrypt:
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+$L001end:
+	; 
+	; FP
+	mov	edx,		DWORD PTR 20[esp]
+	ror	esi,		1
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [edx],eax
+	mov	DWORD PTR 4[edx],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt2
+EXTRN	_des_SPtrans:DWORD
+_des_encrypt2 PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	eax,		DWORD PTR 20[esp]
+	xor	ecx,		ecx
+	mov	esi,		DWORD PTR [eax]
+	mov	ebx,		DWORD PTR 28[esp]
+	rol	esi,		3
+	mov	edi,		DWORD PTR 4[eax]
+	rol	edi,		3
+	cmp	ebx,		0
+	mov	ebp,		DWORD PTR 24[esp]
+	je	$L002start_decrypt
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	jmp	$L003end
+$L002start_decrypt:
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+$L003end:
+	; 
+	; Fixup
+	ror	edi,		3
+	mov	eax,		DWORD PTR 20[esp]
+	ror	esi,		3
+	mov	DWORD PTR [eax],edi
+	mov	DWORD PTR 4[eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_encrypt2 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt3
+EXTRN	_des_SPtrans:DWORD
+_des_encrypt3 PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the data words
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; IP
+	rol	edi,		4
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0f0f0f0f0h
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		20
+	mov	edi,		esi
+	xor	esi,		edx
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	edx,		esi
+	; 
+	rol	edi,		14
+	mov	esi,		edi
+	xor	edi,		edx
+	and	edi,		033333333h
+	xor	esi,		edi
+	xor	edx,		edi
+	; 
+	rol	edx,		22
+	mov	edi,		edx
+	xor	edx,		esi
+	and	edx,		003fc03fch
+	xor	edi,		edx
+	xor	esi,		edx
+	; 
+	rol	edi,		9
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	ror	edx,		3
+	ror	esi,		2
+	mov	DWORD PTR 4[ebx],esi
+	mov	eax,		DWORD PTR 24[esp]
+	mov	DWORD PTR [ebx],edx
+	mov	edi,		DWORD PTR 28[esp]
+	mov	esi,		DWORD PTR 32[esp]
+	push	1
+	push	eax
+	push	ebx
+	call	_des_encrypt2
+	push	0
+	push	edi
+	push	ebx
+	call	_des_encrypt2
+	push	1
+	push	esi
+	push	ebx
+	call	_des_encrypt2
+	mov	edi,		DWORD PTR [ebx]
+	add	esp,		36
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; FP
+	rol	esi,		2
+	rol	edi,		3
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [ebx],eax
+	mov	DWORD PTR 4[ebx],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_encrypt3 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_decrypt3
+EXTRN	_des_SPtrans:DWORD
+_des_decrypt3 PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the data words
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; IP
+	rol	edi,		4
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0f0f0f0f0h
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		20
+	mov	edi,		esi
+	xor	esi,		edx
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	edx,		esi
+	; 
+	rol	edi,		14
+	mov	esi,		edi
+	xor	edi,		edx
+	and	edi,		033333333h
+	xor	esi,		edi
+	xor	edx,		edi
+	; 
+	rol	edx,		22
+	mov	edi,		edx
+	xor	edx,		esi
+	and	edx,		003fc03fch
+	xor	edi,		edx
+	xor	esi,		edx
+	; 
+	rol	edi,		9
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	ror	edx,		3
+	ror	esi,		2
+	mov	DWORD PTR 4[ebx],esi
+	mov	esi,		DWORD PTR 24[esp]
+	mov	DWORD PTR [ebx],edx
+	mov	edi,		DWORD PTR 28[esp]
+	mov	eax,		DWORD PTR 32[esp]
+	push	0
+	push	eax
+	push	ebx
+	call	_des_encrypt2
+	push	1
+	push	edi
+	push	ebx
+	call	_des_encrypt2
+	push	0
+	push	esi
+	push	ebx
+	call	_des_encrypt2
+	mov	edi,		DWORD PTR [ebx]
+	add	esp,		36
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; FP
+	rol	esi,		2
+	rol	edi,		3
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [ebx],eax
+	mov	DWORD PTR 4[ebx],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_decrypt3 ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/des/asm/d-win32.uu b/crypto/des/asm/d-win32.uu
new file mode 100644
index 0000000000000000000000000000000000000000..70d63838f1d11a4de740f287b6765bdbe3717afd
--- /dev/null
+++ b/crypto/des/asm/d-win32.uu
@@ -0,0 +1,319 @@
+begin 640 d-win32.obj
+M3`$"`/4&DC-`-@``#``````````N=&5X=```````````````W"$``&0```!`
+M(@`````````"```@`#!@+F1A=&$```#<(0````````````!`-@``````````
+M````````0``PP%535E>+="04,\F+!HM<)!R+?@3!P`2+\#/')?#P\/`S\#/X
+MP<<4B\#^P"+;"08#X2U!P``BT4`,]N+500S
+MQC/6)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[
+MBYD`!P``,_N+F``$```S^XN:``4``#/[BT4(,]N+50PSQS/7)?S\_/R!XL_/
+MS\^*V(K,PH0
+MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
+M```S\XN:``4``#/SBT40,]N+510SQC/6)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08
+MBLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[
+MBT48,]N+51PSQS/7)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_6+;"08BLXE_P```('B_P``
+M`(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT4@,]N+520SQC/6
+M)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
+M!P``,_N+F``$```S^XN:``4``#/[BT4H,]N+52PSQS/7)?S\_/R!XL_/S\^*
+MV(K,PH0BZD`
+M`P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S
+M\XN:``4``#/SBT4P,]N+530SQC/6)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE
+M_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT4X
+M,]N+53PSQS/7)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_6+;"08BLXE_P```('B_P```(N;
+M``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT5`,]N+540SQC/6)?S\
+M_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``
+M,_N+F``$```S^XN:``4``#/[BT5(,]N+54PSQS/7)?S\_/R!XL_/S\^*V(K,
+MPH0BZD``P``
+M,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:
+M``4``#/SBT50,]N+550SQC/6)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE_P``
+M`('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT58,]N+
+M55PSQS/7)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8`
+M`#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT5@,]N+560SQC/6)?S\_/R!
+MXL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+
+MF``$```S^XN:``4``#/[BT5H,]N+56PSQS/7)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_6+
+M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
+M`#/SBT5P,]N+570SQC/6)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_V+;"08BLXE_P```('B
+M_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT5X,]N+57PS
+MQS/7)?S\_/R!XL_/S\^*V(K,PH0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/S
+MBYD`!P``,_.+F``$```S\XN:``4``#/SZ;`'``"+17@SVXM5?#/&,]8E_/S\
+M_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]
+MBMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S
+M^XN8``0``#/[BYH`!0``,_N+17`SVXM5=#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`
+M!0``,_.+16@SVXM5;#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]
+MBZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````
+M@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+16`SVXM5
+M9#/',]+_````BYL`!@``
+M,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+15@SVXM57#/&,]8E_/S\_('B
+MS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!
+MZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8
+M``0``#/[BYH`!0``,_N+15`SVXM55#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``
+M,_.+14@SVXM53#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD`
+M`@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_
+M````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+14`SVXM51#/'
+M,]+_````BYL`!@``,_.+
+MF0`'```S\XN8``0``#/SBYH`!0``,_.+13@SVXM5/#/&,]8E_/S\_('BS\_/
+MSXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+
+MJ0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0`
+M`#/[BYH`!0``,_N+13`SVXM5-#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+
+M12@SVXM5+#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``
+M,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````
+MBYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+12`SVXM5)#/',]+_````BYL`!@``,_.+F0`'
+M```S\XN8``0``#/SBYH`!0``,_.+11@SVXM5'#/&,]8E_/S\_('BS\_/SXK8
+MBLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#
+M```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[
+MBYH`!0``,_N+11`SVXM5%#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+10@S
+MVXM5##/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*
+MSL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`
+M!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+10`SVXM5!#/',]+_````BYL`!@``,_.+F0`'```S
+M\XN8``0``#/SBYH`!0``,_.+5"04T>JJJJJ,\6UW#55-65XM$)!0SR8LPBUPD','&
+M`XMX!,''`X/[`(ML)!@/A+4'``"+10`SVXM5!#/&,]8E_/S\_('BS\_/SXK8
+MBLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#
+M```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[
+MBYH`!0``,_N+10@SVXM5##/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+11`S
+MVXM5%#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*
+MSL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`
+M!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+11@SVXM5'#/',]+_````BYL`!@``,_.+F0`'```S
+M\XN8``0``#/SBYH`!0``,_.+12`SVXM5)#/&,]8E_/S\_('BS\_/SXK8BLS!
+MR@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S
+M_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`
+M!0``,_N+12@SVXM5+#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+13`SVXM5
+M-#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H
+M$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``
+M,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+13@SVXM5/#/',]+_````BYL`!@``,_.+F0`'```S\XN8
+M``0``#/SBYH`!0``,_.+14`SVXM51#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+
+MJP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML
+M)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``
+M,_N+14@SVXM53#/',]+_
+M````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+15`SVXM55#/&
+M,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK
+M``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+
+MF0`'```S^XN8``0``#/[BYH`!0``,_N+15@SVXM57#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0`
+M`#/SBYH`!0``,_.+16`SVXM59#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP``
+M``"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*
+MSB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+
+M16@SVXM5;#/',]+_````
+MBYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+17`SVXM5=#/&,]8E
+M_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$`
+M`#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'
+M```S^XN8``0``#/[BYH`!0``,_N+17@SVXM5?#/',]+_````BYL`!@``,_.+F0`'```S\XN8``0``#/S
+MBYH`!0``,_/IL`<``(M%>#/;BU5\,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK
+M`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD
+M&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S
+M^XM%<#/;BU5T,\+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"
+M```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\`
+M``"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%:#/;BU5L,\8S
+MUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL`
+M`0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9
+M``<``#/[BY@`!```,_N+F@`%```S^XM%8#/;BU5D,\+/S\_/
+MBMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI
+M``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```
+M,_.+F@`%```S\XM%6#/;BU5<,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK````
+M`(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.
+M)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%
+M4#/;BU54,\+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S
+M]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+
+MFP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%2#/;BU5,,\8SUB7\
+M_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``
+M,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<`
+M`#/[BY@`!```,_N+F@`%```S^XM%0#/;BU5$,\+/S\_/BMB*
+MS,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,`
+M`#/UBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+
+MF@`%```S\XM%.#/;BU4\,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:
+M,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\`
+M``"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%,#/;
+MBU4T,\+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.
+MP>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&
+M```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%*#/;BU4L,\8SUB7\_/S\
+M@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*
+MW,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[
+MBY@`!```,_N+F@`%```S^XM%(#/;BU4D,\+/S\_/BMB*S,'*
+M!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/U
+MBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%
+M```S\XM%&#/;BU4<,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+
+MJ0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!
+MXO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%$#/;BU44
+M,\+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0
+MBZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&```S
+M\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%"#/;BU4,,\8SUB7\_/S\@>+/
+MS\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J
+M$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`
+M!```,_N+F@`%```S^XM%`#/;BU4$,\+/S\_/BMB*S,'*!(NK
+M`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD
+M&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S
+M\\'/`XM$)!3!S@.).(EP!%]>6UW#55-65XM<)!2+.XMS!,''!(O7,_Z!Y_#P
+M\/`SUS/WP<84B_XS\H'F#P#P_S/^,];!QPZ+]S/Z@>___XL[@\0DBW,$P<8"
+MP<<#B\+^#/&)?P#_`,S^#/PP<<*B\8/`/#_,_XSQL''#(OW,_B!Y_#P\/`S]S/'P<@$B0.)
+M+7"04BSN+?P\/#P,]+\`_P#,_HS\L''
+M"8O7,_Z!YZJJJJHSUS/WP?P\/#P,_04```<````&`(8%```'````!@"?!0``!P````8`IP4```<````&`*\%
+M```'````!@"W!0``!P````8`W04```<````&`.<%```'````!@#T!0``!P``
+M``8``08```<````&`!H&```'````!@`B!@``!P````8`*@8```<````&`#(&
+M```'````!@!8!@``!P````8`8@8```<````&`&\&```'````!@!\!@``!P``
+M``8`E08```<````&`)T&```'````!@"E!@``!P````8`K08```<````&`-,&
+M```'````!@#=!@``!P````8`Z@8```<````&`/<&```'````!@`0!P``!P``
+M``8`&`<```<````&`"`'```'````!@`H!P``!P````8`3@<```<````&`%@'
+M```'````!@!E!P``!P````8`<@<```<````&`(L'```'````!@"3!P``!P``
+M``8`FP<```<````&`*,'```'````!@#)!P``!P````8`TP<```<````&`.`'
+M```'````!@#M!P``!P````8`!@@```<````&``X(```'````!@`6"```!P``
+M``8`'@@```<````&`$D(```'````!@!3"```!P````8`8`@```<````&`&T(
+M```'````!@"&"```!P````8`C@@```<````&`)8(```'````!@">"```!P``
+M``8`Q`@```<````&`,X(```'````!@#;"```!P````8`Z`@```<````&``$)
+M```'````!@`)"0``!P````8`$0D```<````&`!D)```'````!@`_"0``!P``
+M``8`20D```<````&`%8)```'````!@!C"0``!P````8`?`D```<````&`(0)
+M```'````!@","0``!P````8`E`D```<````&`+H)```'````!@#$"0``!P``
+M``8`T0D```<````&`-X)```'````!@#W"0``!P````8`_PD```<````&``<*
+M```'````!@`/"@``!P````8`-0H```<````&`#\*```'````!@!,"@``!P``
+M``8`60H```<````&`'(*```'````!@!Z"@``!P````8`@@H```<````&`(H*
+M```'````!@"P"@``!P````8`N@H```<````&`,<*```'````!@#4"@``!P``
+M``8`[0H```<````&`/4*```'````!@#]"@``!P````8`!0L```<````&`"L+
+M```'````!@`U"P``!P````8`0@L```<````&`$\+```'````!@!H"P``!P``
+M``8`<`L```<````&`'@+```'````!@"`"P``!P````8`I@L```<````&`+`+
+M```'````!@"]"P``!P````8`R@L```<````&`.,+```'````!@#K"P``!P``
+M``8`\PL```<````&`/L+```'````!@`A#```!P````8`*PP```<````&`#@,
+M```'````!@!%#```!P````8`7@P```<````&`&8,```'````!@!N#```!P``
+M``8`=@P```<````&`)P,```'````!@"F#```!P````8`LPP```<````&`,`,
+M```'````!@#9#```!P````8`X0P```<````&`.D,```'````!@#Q#```!P``
+M``8`%PT```<````&`"$-```'````!@`N#0``!P````8`.PT```<````&`%0-
+M```'````!@!<#0``!P````8`9`T```<````&`&P-```'````!@"2#0``!P``
+M``8`G`T```<````&`*D-```'````!@"V#0``!P````8`SPT```<````&`-<-
+M```'````!@#?#0``!P````8`YPT```<````&``T.```'````!@`7#@``!P``
+M``8`)`X```<````&`#$.```'````!@!*#@``!P````8`4@X```<````&`%H.
+M```'````!@!B#@``!P````8`B`X```<````&`)(.```'````!@"?#@``!P``
+M``8`K`X```<````&`,4.```'````!@#-#@``!P````8`U0X```<````&`-T.
+M```'````!@`##P``!P````8`#0\```<````&`!H/```'````!@`G#P``!P``
+M``8`0`\```<````&`$@/```'````!@!0#P``!P````8`6`\```<````&`'X/
+M```'````!@"(#P``!P````8`E0\```<````&`*(/```'````!@"[#P``!P``
+M``8`PP\```<````&`,L/```'````!@#3#P``!P````8`@Q````<````&`(T0
+M```'````!@":$```!P````8`IQ````<````&`,`0```'````!@#($```!P``
+M``8`T!````<````&`-@0```'````!@#^$```!P````8`"!$```<````&`!41
+M```'````!@`B$0``!P````8`.Q$```<````&`$,1```'````!@!+$0``!P``
+M``8`4Q$```<````&`'D1```'````!@"#$0``!P````8`D!$```<````&`)T1
+M```'````!@"V$0``!P````8`OA$```<````&`,81```'````!@#.$0``!P``
+M``8`]!$```<````&`/X1```'````!@`+$@``!P````8`&!(```<````&`#$2
+M```'````!@`Y$@``!P````8`01(```<````&`$D2```'````!@!O$@``!P``
+M``8`>1(```<````&`(82```'````!@"3$@``!P````8`K!(```<````&`+02
+M```'````!@"\$@``!P````8`Q!(```<````&`.H2```'````!@#T$@``!P``
+M``8``1,```<````&``X3```'````!@`G$P``!P````8`+Q,```<````&`#<3
+M```'````!@`_$P``!P````8`91,```<````&`&\3```'````!@!\$P``!P``
+M``8`B1,```<````&`*(3```'````!@"J$P``!P````8`LA,```<````&`+H3
+M```'````!@#@$P``!P````8`ZA,```<````&`/<3```'````!@`$%```!P``
+M``8`'10```<````&`"44```'````!@`M%```!P````8`-10```<````&`%L4
+M```'````!@!E%```!P````8`%0``!P``
+M``8`IA4```<````&`,P5```'````!@#6%0``!P````8`XQ4```<````&`/`5
+M```'````!@`)%@``!P````8`$18```<````&`!D6```'````!@`A%@``!P``
+M``8`1Q8```<````&`%$6```'````!@!>%@``!P````8`:Q8```<````&`(06
+M```'````!@",%@``!P````8`E!8```<````&`)P6```'````!@#"%@``!P``
+M``8`S!8```<````&`-D6```'````!@#F%@``!P````8`_Q8```<````&``<7
+M```'````!@`/%P``!P````8`%Q<```<````&`#T7```'````!@!'%P``!P``
+M``8`5!<```<````&`&$7```'````!@!Z%P``!P````8`@A<```<````&`(H7
+M```'````!@"2%P``!P````8`N!<```<````&`,(7```'````!@#/%P``!P``
+M``8`W!<```<````&`/47```'````!@#]%P``!P````8`!1@```<````&``T8
+M```'````!@`X&```!P````8`0A@```<````&`$\8```'````!@!<&```!P``
+M``8`=1@```<````&`'T8```'````!@"%&```!P````8`C1@```<````&`+,8
+M```'````!@"]&```!P````8`RA@```<````&`-<8```'````!@#P&```!P``
+M``8`^!@```<````&```9```'````!@`(&0``!P````8`+AD```<````&`#@9
+M```'````!@!%&0``!P````8`4AD```<````&`&L9```'````!@!S&0``!P``
+M``8`>QD```<````&`(,9```'````!@"I&0``!P````8`LQD```<````&`,`9
+M```'````!@#-&0``!P````8`YAD```<````&`.X9```'````!@#V&0``!P``
+M``8`_AD```<````&`"0:```'````!@`N&@``!P````8`.QH```<````&`$@:
+M```'````!@!A&@``!P````8`:1H```<````&`'$:```'````!@!Y&@``!P``
+M``8`GQH```<````&`*D:```'````!@"V&@``!P````8`PQH```<````&`-P:
+M```'````!@#D&@``!P````8`[!H```<````&`/0:```'````!@`:&P``!P``
+M``8`)!L```<````&`#$;```'````!@`^&P``!P````8`5QL```<````&`%\;
+M```'````!@!G&P``!P````8`;QL```<````&`)4;```'````!@"?&P``!P``
+M``8`K!L```<````&`+D;```'````!@#2&P``!P````8`VAL```<````&`.(;
+M```'````!@#J&P``!P````8`$!P```<````&`!H<```'````!@`G'```!P``
+M``8`-!P```<````&`$T<```'````!@!5'```!P````8`71P```<````&`&4<
+M```'````!@"+'```!P````8`E1P```<````&`*(<```'````!@"O'```!P``
+M``8`R!P```<````&`-`<```'````!@#8'```!P````8`X!P```<````&``8=
+M```'````!@`0'0``!P````8`'1T```<````&`"H=```'````!@!#'0``!P``
+M``8`2QT```<````&`%,=```'````!@!;'0``!P````8`@1T```<````&`(L=
+M```'````!@"8'0``!P````8`I1T```<````&`+X=```'````!@#&'0``!P``
+M``8`SAT```<````&`-8=```'````!@#\'0``!P````8`!AX```<````&`!,>
+M```'````!@`@'@``!P````8`.1X```<````&`$$>```'````!@!)'@``!P``
+M``8`41X```<````&`'<>```'````!@"!'@``!P````8`CAX```<````&`)L>
+M```'````!@"T'@``!P````8`O!X```<````&`,0>```'````!@#,'@``!P``
+M``8`\AX```<````&`/P>```'````!@`)'P``!P````8`%A\```<````&`"\?
+M```'````!@`W'P``!P````8`/Q\```<````&`$````/1````$`(``"```````L````W!\```$`(``"
+M```````Z````W"````$`(``"`$@```!?9&5S7U-0=')A;G,`7V1E7!T`%]D97-?96YC7!T,P!?9&5S7V1E8W)Y<'0S
+!````
+`
+end
diff --git a/crypto/des/asm/des-som2.pl b/crypto/des/asm/des-som2.pl
new file mode 100644
index 0000000000000000000000000000000000000000..b5dbc9737bd7b461579336247ad6a623ffcb8a05
--- /dev/null
+++ b/crypto/des/asm/des-som2.pl
@@ -0,0 +1,308 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen 
+#
+
+$prog="des-som2.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric ");
+&comment("The inner loop instruction sequence and the IP/FP modifications");
+&comment("are from Svend Olaf Mikkelsen ");
+
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($R,&DWP(0,"eax","",0));
+	&mov($L,&DWP(4,"eax","",0));
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP_new($R,$L,"eax",3);
+#		&comment("");
+#		&comment("fixup rotate");
+#		&rotl($R,3);
+#		&rotl($L,3);
+		}
+	else
+		{
+		&comment("");
+		&comment("fixup rotate");
+		&rotl($R,3);
+		&rotl($L,3);
+		}
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+
+	# encrypting part
+
+	$ks="ebp";
+#	&xor(	"ebx",		"ebx"		);
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&xor(	"ecx",		"ecx"		);
+	&cmp("eax","0");
+	&mov(	$ks,		&wparam(1)	);
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	if ($do_ip)
+		{
+#		&comment("");
+#		&comment("Fixup");
+#		&rotr($L,3);		# r
+#		&rotr($R,3);		# l
+		&comment("");
+		&comment("FP");
+		&FP_new($R,$L,"eax",3);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		&rotr($R,3);		# l
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&xor(	$tmp1,		$tmp1);
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	&and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP(24,"esp","",0)); ####
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$b		);
+	&xor(	$tt,		$a		);
+	&and(	$tt,		$mask		);
+	if ($last eq $b)
+		{
+		&xor(	$a,		$tt		);
+		&xor(	$b,		$tt		);
+		}
+	else
+		{
+		&xor(	$b,		$tt		);
+		&xor(	$a,		$tt		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$l,$tt,20,"0xfff0000f",$l);
+	&R_PERM_OP($r,$l,$tt,14,"0x33333333",$r);
+	&R_PERM_OP($l,$r,$tt,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($l,	3-$lr); }
+		else	{ &rotl($l,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($r,$l,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($l,$r,$tt,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$l,$tt,18,"0xfff0000f",$l);
+	&R_PERM_OP($r,$l,$tt,12,"0xf0f0f0f0",$r);
+	&rotr($l	, 4);
+	}
+
diff --git a/crypto/des/asm/des-som3.pl b/crypto/des/asm/des-som3.pl
new file mode 100644
index 0000000000000000000000000000000000000000..3f353955da293c5ccebaf9960f70a38d73c15dcf
--- /dev/null
+++ b/crypto/des/asm/des-som3.pl
@@ -0,0 +1,266 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen 
+#
+
+$prog="des-som3.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric ");
+&comment("The inner loop instruction sequence and the IP/FP modifications");
+&comment("are from Svend Olaf Mikkelsen ");
+
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3,EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	if ($do_ip)
+		{
+		&mov($R,&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+		&mov("eax",&DWP(0,$R,"",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&mov($L,&DWP(4,$R,"",0));
+		&comment("");
+		&comment("IP");
+		&IP_new("eax",$L,$R,3);
+		}
+	else
+		{
+		&mov("eax",&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+		&mov($R,&DWP(0,"eax","",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&rotl($R,3);
+		&mov($L,&DWP(4,"eax","",0));
+		&rotl($L,3);
+		}
+
+	&cmp("ebx","0");
+	&mov(	$ks,		&wparam(1)	);
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&mov("edx",&wparam(0));
+		&FP_new($L,$R,"eax",3);
+
+		&mov(&DWP(0,"edx","",0),"eax");
+		&mov(&DWP(4,"edx","",0),$R);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		 &mov("eax",&wparam(0));
+		&rotr($R,3);		# l
+		 &mov(&DWP(0,"eax","",0),$L);
+		 &mov(&DWP(4,"eax","",0),$R);
+		}
+
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&xor(	$tmp1,		$tmp1);
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	&and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP(24,"esp","",0)); ####
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/des/asm/des586.pl b/crypto/des/asm/des586.pl
new file mode 100644
index 0000000000000000000000000000000000000000..59c42d139499536606a5f41cbdaadaa5b2f4cd57
--- /dev/null
+++ b/crypto/des/asm/des586.pl
@@ -0,0 +1,210 @@
+#!/usr/local/bin/perl
+
+$prog="des586.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric ");
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($R,&DWP(0,"eax","",0));
+	&mov($L,&DWP(4,"eax","",0));
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP($R,$L,"eax");
+		}
+
+	&comment("");
+	&comment("fixup rotate");
+	&rotl($R,3);
+	&rotl($L,3);
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+
+	# encrypting part
+
+	$ks="ebp";
+	&xor(	"ebx",		"ebx"		);
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&xor(	"ecx",		"ecx"		);
+	&cmp("eax","0");
+	&mov(	$ks,		&wparam(1)	);
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	&comment("");
+	&comment("Fixup");
+	&rotr($L,3);		# r
+	&rotr($R,3);		# l
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&FP($R,$L,"eax");
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	 &xor(	$t,		$R);
+	&xor(	$u,		$R);
+	 &rotr(	$t,		4		);
+	&and(	$u,		"0xfcfcfcfc"	);
+	 &and(	$t,		"0xfcfcfcfc"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&xor(	$L,		&DWP("      $desSP",$tmp1,"",0));
+	&shr(	$u,		16);
+	&xor(	$L,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&xor(	$L,		&DWP("0x400+$desSP",$tmp1,"",0));
+	&mov(	$u,		&DWP("0x600+$desSP",$tmp2,"",0));
+
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	 &xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));
+	 &shr(	$t,		16);
+	 &xor(	$u,		&DWP("0x300+$desSP",$tmp2,"",0));
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	 &xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));
+	 &xor(	$u,		&DWP("0x700+$desSP",$tmp2,"",0));
+	 &xor(  $L,	$u);
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
diff --git a/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl
new file mode 100644
index 0000000000000000000000000000000000000000..efd9f592e978abaf3f1d49d68fddbb6e1a0faa48
--- /dev/null
+++ b/crypto/des/asm/des686.pl
@@ -0,0 +1,230 @@
+#!/usr/local/bin/perl
+
+$prog="des686.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric ");
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($L,&DWP(0,"eax","",0));
+	&mov($R,&DWP(4,"eax","",0));
+
+	$ksp=&wparam(1);
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP($L,$R,"eax");
+		}
+
+	&comment("");
+	&comment("fixup rotate");
+	&rotl($R,3);
+	&rotl($L,3);
+	&exch($L,$R);
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&mov("ebp",&wparam(1));	# get ks
+	&cmp("eax","0");
+	&je(&label("start_decrypt"));
+
+	# encrypting part
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+
+	&set_label("end");
+
+	&comment("");
+	&comment("Fixup");
+	&rotr($L,3);		# r
+	&rotr($R,3);		# l
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&FP($R,$L,"eax");
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+	{
+	local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R		);
+	&xor(	$t,		$R		);
+	&rotr(	$t,		4		);
+
+	# the numbers at the end of the line are origional instruction order
+	&mov(	$tmp2,		$u		);			# 1 2
+	&mov(	$tmp1,		$t		);			# 1 1
+	&and(	$tmp2,		"0xfc"		);			# 1 4
+	&and(	$tmp1,		"0xfc"		);			# 1 3
+	&shr(	$t,		8		);			# 1 5
+	&xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));	# 1 7
+	&shr(	$u,		8		);			# 1 6
+	&mov(	$tmp1,		&DWP("      $desSP",$tmp2,"",0));	# 1 8
+
+	&mov(	$tmp2,		$u		);			# 2 2
+	&xor(	$L,		$tmp1		);			# 1 9
+	&and(	$tmp2,		"0xfc"		);			# 2 4
+	&mov(	$tmp1,		$t		);			# 2 1
+	&and(	$tmp1,		"0xfc"		);			# 2 3
+	&shr(	$t,		8		);			# 2 5
+	&xor(	$L,		&DWP("0x300+$desSP",$tmp1,"",0));	# 2 7
+	&shr(	$u,		8		);			# 2 6
+	&mov(	$tmp1,		&DWP("0x200+$desSP",$tmp2,"",0));	# 2 8
+	&mov(	$tmp2,		$u		);			# 3 2
+
+	&xor(	$L,		$tmp1		);			# 2 9
+	&and(	$tmp2,		"0xfc"		);			# 3 4
+
+	&mov(	$tmp1,		$t		);			# 3 1 
+	&shr(	$u,		8		);			# 3 6
+	&and(	$tmp1,		"0xfc"		);			# 3 3
+	&shr(	$t,		8		);			# 3 5
+	&xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));	# 3 7
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$tmp2,"",0));	# 3 8
+
+	&and(	$t,		"0xfc"		);			# 4 1
+	&xor(	$L,		$tmp1		);			# 3 9
+
+	&and(	$u,		"0xfc"		);			# 4 2
+	&xor(	$L,		&DWP("0x700+$desSP",$t,"",0));		# 4 3
+	&xor(	$L,		&DWP("0x600+$desSP",$u,"",0));		# 4 4
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
new file mode 100644
index 0000000000000000000000000000000000000000..b94138ce633661d994f03c33c5851e8f59606bb1
--- /dev/null
+++ b/crypto/des/asm/desboth.pl
@@ -0,0 +1,67 @@
+#!/usr/local/bin/perl
+
+$L="edi";
+$R="esi";
+
+sub des_encrypt3
+	{
+	local($name,$enc)=@_;
+
+	&function_begin($name,4,"");
+
+	&comment("");
+	&comment("Load the data words");
+	&mov("ebx",&wparam(0));
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("IP");
+	&IP_new($L,$R,"edx",0);
+
+	# put them back
+	
+	if ($enc)
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("eax",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("esi",&wparam(3));
+		}
+	else
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("esi",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("eax",&wparam(3));
+		}
+	&push(($enc)?"1":"0");
+	&push("eax");
+	&push("ebx");
+	&call("des_encrypt2");
+	&push(($enc)?"0":"1");
+	&push("edi");
+	&push("ebx");
+	&call("des_encrypt2");
+	&push(($enc)?"1":"0");
+	&push("esi");
+	&push("ebx");
+	&call("des_encrypt2");
+
+	&mov($L,&DWP(0,"ebx","",0));
+	&add("esp",36);
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("FP");
+	&FP_new($L,$R,"eax",0);
+
+	&mov(&DWP(0,"ebx","",0),"eax");
+	&mov(&DWP(4,"ebx","",0),$R);
+
+	&function_end($name);
+	}
+
+
diff --git a/crypto/des/asm/dx86-cpp.s b/crypto/des/asm/dx86-cpp.s
new file mode 100644
index 0000000000000000000000000000000000000000..675bdeba68c19bd8bb03b55042c5ad63bb49bb4e
--- /dev/null
+++ b/crypto/des/asm/dx86-cpp.s
@@ -0,0 +1,2780 @@
+	/* Don't even think of reading this code */
+	/* It was automatically generated by des-som2.pl */
+	/* Which is a perl program used to generate the x86 assember for */
+	/* any of elf, a.out, Win32, or Solaris */
+	/* It can be found in SSLeay 0.6.5+ or in libdes 3.26+ */
+	/* eric  */
+	/* The inner loop instruction sequence and the IP/FP modifications */
+	/* are from Svend Olaf Mikkelsen  */
+
+	.file	"dx86xxxx.s"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align ALIGN
+.globl des_encrypt
+	TYPE(des_encrypt,@function)
+des_encrypt:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the 2 words */
+	movl	20(%esp),	%esi
+	xorl	%ecx,		%ecx
+	movl	(%esi),		%eax
+	movl	28(%esp),	%ebx
+	movl	4(%esi),	%edi
+
+	/* IP */
+	roll	$4,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0xf0f0f0f0,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+	roll	$20,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xfff0000f,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$14,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x33333333,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$22,		%esi
+	movl	%esi,		%eax
+	xorl	%edi,		%esi
+	andl	$0x03fc03fc,	%esi
+	xorl	%esi,		%eax
+	xorl	%esi,		%edi
+
+	roll	$9,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0xaaaaaaaa,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+	roll	$1,		%edi
+	cmpl	$0,		%ebx
+	movl	24(%esp),	%ebp
+	je	.L000start_decrypt
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	jmp	.L001end
+.align ALIGN
+.L000start_decrypt:
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+.align ALIGN
+.L001end:
+
+	/* FP */
+	movl	20(%esp),	%edx
+	rorl	$1,		%esi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%edx)
+	movl	%esi,		4(%edx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_encrypt_end:
+	SIZE(des_encrypt,.des_encrypt_end-des_encrypt)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_encrypt2
+	TYPE(des_encrypt2,@function)
+des_encrypt2:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the 2 words */
+	movl	20(%esp),	%eax
+	xorl	%ecx,		%ecx
+	movl	(%eax),		%esi
+	movl	28(%esp),	%ebx
+	roll	$3,		%esi
+	movl	4(%eax),	%edi
+	roll	$3,		%edi
+	cmpl	$0,		%ebx
+	movl	24(%esp),	%ebp
+	je	.L002start_decrypt
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	jmp	.L003end
+.align ALIGN
+.L002start_decrypt:
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+.align ALIGN
+.L003end:
+
+	/* Fixup */
+	rorl	$3,		%edi
+	movl	20(%esp),	%eax
+	rorl	$3,		%esi
+	movl	%edi,		(%eax)
+	movl	%esi,		4(%eax)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_encrypt2_end:
+	SIZE(des_encrypt2,.des_encrypt2_end-des_encrypt2)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_encrypt3
+	TYPE(des_encrypt3,@function)
+des_encrypt3:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the data words */
+	movl	20(%esp),	%ebx
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+
+	/* IP */
+	roll	$4,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	roll	$20,		%esi
+	movl	%esi,		%edi
+	xorl	%edx,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%edx
+
+	roll	$14,		%edi
+	movl	%edi,		%esi
+	xorl	%edx,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%edx
+
+	roll	$22,		%edx
+	movl	%edx,		%edi
+	xorl	%esi,		%edx
+	andl	$0x03fc03fc,	%edx
+	xorl	%edx,		%edi
+	xorl	%edx,		%esi
+
+	roll	$9,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	rorl	$3,		%edx
+	rorl	$2,		%esi
+	movl	%esi,		4(%ebx)
+	movl	24(%esp),	%eax
+	movl	%edx,		(%ebx)
+	movl	28(%esp),	%edi
+	movl	32(%esp),	%esi
+	pushl	$1
+	pushl	%eax
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$0
+	pushl	%edi
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$1
+	pushl	%esi
+	pushl	%ebx
+	call	des_encrypt2
+	movl	(%ebx),		%edi
+	addl	$36,		%esp
+	movl	4(%ebx),	%esi
+
+	/* FP */
+	roll	$2,		%esi
+	roll	$3,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%ebx)
+	movl	%esi,		4(%ebx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_encrypt3_end:
+	SIZE(des_encrypt3,.des_encrypt3_end-des_encrypt3)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_decrypt3
+	TYPE(des_decrypt3,@function)
+des_decrypt3:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the data words */
+	movl	20(%esp),	%ebx
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+
+	/* IP */
+	roll	$4,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	roll	$20,		%esi
+	movl	%esi,		%edi
+	xorl	%edx,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%edx
+
+	roll	$14,		%edi
+	movl	%edi,		%esi
+	xorl	%edx,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%edx
+
+	roll	$22,		%edx
+	movl	%edx,		%edi
+	xorl	%esi,		%edx
+	andl	$0x03fc03fc,	%edx
+	xorl	%edx,		%edi
+	xorl	%edx,		%esi
+
+	roll	$9,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	rorl	$3,		%edx
+	rorl	$2,		%esi
+	movl	%esi,		4(%ebx)
+	movl	24(%esp),	%esi
+	movl	%edx,		(%ebx)
+	movl	28(%esp),	%edi
+	movl	32(%esp),	%eax
+	pushl	$0
+	pushl	%eax
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$1
+	pushl	%edi
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$0
+	pushl	%esi
+	pushl	%ebx
+	call	des_encrypt2
+	movl	(%ebx),		%edi
+	addl	$36,		%esp
+	movl	4(%ebx),	%esi
+
+	/* FP */
+	roll	$2,		%esi
+	roll	$3,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%ebx)
+	movl	%esi,		4(%ebx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_decrypt3_end:
+	SIZE(des_decrypt3,.des_decrypt3_end-des_decrypt3)
+.ident	"desasm.pl"
diff --git a/crypto/des/asm/dx86unix.cpp b/crypto/des/asm/dx86unix.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..941cf1f6046454c2d8eb8eaf1268be4abd6544cc
--- /dev/null
+++ b/crypto/des/asm/dx86unix.cpp
@@ -0,0 +1,41 @@
+
+#define TYPE(a,b)	.type	a,b
+#define SIZE(a,b)	.size	a,b
+
+#ifdef OUT
+#define OK		1
+#define des_SPtrans	_des_SPtrans
+#define des_encrypt	_des_encrypt
+#define des_encrypt2	_des_encrypt2
+#define des_encrypt3	_des_encrypt3
+#define des_decrypt3	_des_decrypt3
+#define ALIGN		4
+#endif
+
+#ifdef BSDI
+#define OK		1
+#define des_SPtrans	_des_SPtrans
+#define des_encrypt	_des_encrypt
+#define des_encrypt2	_des_encrypt2
+#define des_encrypt3	_des_encrypt3
+#define des_decrypt3	_des_decrypt3
+#define ALIGN		4
+#undef SIZE
+#undef TYPE
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK		1
+#define ALIGN		16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+#include "dx86-cpp.s" 
+
diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
new file mode 100644
index 0000000000000000000000000000000000000000..da2561a6b322776b23d6e3a7b5580642a33900ba
--- /dev/null
+++ b/crypto/des/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft	Windows 95/Windows NT
+Elf		Includes Linux and FreeBSD(?).
+a.out		The older Linux.
+Solaris		Same as Elf but different comments :-(.
+
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor	eax,	eax				# clear word
+movb	al,	cl				# get low byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word
+movb	al,	ch				# get next byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word
+shr	ecx	16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+
+Now the crunch.  When a full register is used after a partial write, eg.
+mov	al,	cl
+xor	edi,	DWORD PTR 0x100+des_SP[eax]
+386	- 1 cycle stall
+486	- 1 cycle stall
+586	- 0 cycle stall
+686	- at least 7 cycle stall (page 22 of the above mentioned document).
+
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov	eax,	ecx				# copy word 
+shr	ecx,	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup
+mov	eax,	ecx				# get word
+shr	ecx	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup
+
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+
+There is a third option.  instead of using
+mov	al,	ch
+which is bad on the pentium pro, one may be able to use
+movzx	eax,	ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+
+eric (20 Oct 1996)
+
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen  which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
+
diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..e9bf500f448f6d794411c1d594d5dec3791bb110
--- /dev/null
+++ b/crypto/des/cbc3_enc.c
@@ -0,0 +1,99 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* HAS BUGS? DON'T USE */
+void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_cblock (*iv1);
+des_cblock (*iv2);
+int enc;
+	{
+	int off=((int)length-1)/8;
+	long l8=((length+7)/8)*8;
+	des_cblock niv1,niv2;
+
+	if (enc == DES_ENCRYPT)
+		{
+		des_cbc_encrypt(input,output,length,ks1,iv1,enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv1,output[off],sizeof(des_cblock));
+		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+		des_cbc_encrypt(output,output,l8,ks1,iv2, enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv2,output[off],sizeof(des_cblock));
+		}
+	else
+		{
+		if (length >= sizeof(des_cblock))
+			memcpy(niv2,input[off],sizeof(des_cblock));
+		des_cbc_encrypt(input,output,l8,ks1,iv2,enc);
+		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv1,output[off],sizeof(des_cblock));
+		des_cbc_encrypt(output,output,length,ks1,iv1, enc);
+		}
+	memcpy(*iv1,niv1,sizeof(des_cblock));
+	memcpy(*iv2,niv2,sizeof(des_cblock));
+	}
+
diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
new file mode 100644
index 0000000000000000000000000000000000000000..f6b32744ebf67590808686b1d82c6140d5775a32
--- /dev/null
+++ b/crypto/des/cbc_cksm.c
@@ -0,0 +1,103 @@
+/* crypto/des/cbc_cksm.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+DES_LONG des_cbc_cksum(input, output, length, schedule, ivec)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+	{
+	register DES_LONG tout0,tout1,tin0,tin1;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *in,*out,*iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	c2l(iv,tout0);
+	c2l(iv,tout1);
+	for (; l>0; l-=8)
+		{
+		if (l >= 8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			}
+		else
+			c2ln(in,tin0,tin1,l);
+			
+		tin0^=tout0; tin[0]=tin0;
+		tin1^=tout1; tin[1]=tin1;
+		des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
+		tout0=tin[0];
+		tout1=tin[1];
+		}
+	if (out != NULL)
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	tout0=tin0=tin1=tin[0]=tin[1]=0;
+	return(tout1);
+	}
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..a06f9f99e321d390f30e0da268c47bc4ba8791e0
--- /dev/null
+++ b/crypto/des/cbc_enc.c
@@ -0,0 +1,135 @@
+/* crypto/des/cbc_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_cbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+		/*	xor0=tin0;
+			xor1=tin1; */
+			}
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
new file mode 100644
index 0000000000000000000000000000000000000000..f62373792b1728b49e156143fa05b598cb9f7e5a
--- /dev/null
+++ b/crypto/des/cfb64ede.c
@@ -0,0 +1,151 @@
+/* crypto/des/cfb64ede.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, enc)
+unsigned char *in;
+unsigned char *out;
+long length;
+des_key_schedule ks1,ks2,ks3;
+des_cblock (*ivec);
+int *num;
+int enc;
+	{
+	register DES_LONG v0,v1;
+	register long l=length;
+	register int n= *num;
+	DES_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0);
+				c2l(iv,v1);
+
+				ti[0]=v0;
+				ti[1]=v1;
+				des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+				v0=ti[0];
+				v1=ti[1];
+
+				iv=(unsigned char *)ivec;
+				l2c(v0,iv);
+				l2c(v1,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0);
+				c2l(iv,v1);
+
+				ti[0]=v0;
+				ti[1]=v1;
+				des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+				v0=ti[0];
+				v1=ti[1];
+
+				iv=(unsigned char *)ivec;
+				l2c(v0,iv);
+				l2c(v1,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=c=cc=0;
+	*num=n;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, enc)
+unsigned char *in;
+unsigned char *out;
+long length;
+des_key_schedule ks1,ks2;
+des_cblock (*ivec);
+int *num;
+int enc;
+	{
+	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+	}
+#endif
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..327e48963513b265ba9fff7d15a85dc8eea1a81d
--- /dev/null
+++ b/crypto/des/cfb64enc.c
@@ -0,0 +1,128 @@
+/* crypto/des/cfb64enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void des_cfb64_encrypt(in, out, length, schedule, ivec, num, enc)
+unsigned char *in;
+unsigned char *out;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int *num;
+int enc;
+	{
+	register DES_LONG v0,v1;
+	register long l=length;
+	register int n= *num;
+	DES_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				des_encrypt((DES_LONG *)ti,
+					schedule,DES_ENCRYPT);
+				iv=(unsigned char *)ivec;
+				v0=ti[0]; l2c(v0,iv);
+				v0=ti[1]; l2c(v0,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				des_encrypt((DES_LONG *)ti,
+					schedule,DES_ENCRYPT);
+				iv=(unsigned char *)ivec;
+				v0=ti[0]; l2c(v0,iv);
+				v0=ti[1]; l2c(v0,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..fb328328e6634e26bac257525416f61419668f36
--- /dev/null
+++ b/crypto/des/cfb_enc.c
@@ -0,0 +1,171 @@
+/* crypto/des/cfb_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, enc)
+unsigned char *in;
+unsigned char *out;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG mask0,mask1;
+	register unsigned long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+
+	if (num > 64) return;
+	if (num > 32)
+		{
+		mask0=0xffffffffL;
+		if (num == 64)
+			mask1=mask0;
+		else	mask1=(1L<<(num-32))-1;
+		}
+	else
+		{
+		if (num == 32)
+			mask0=0xffffffffL;
+		else	mask0=(1L<= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			d0=(d0^ti[0])&mask0;
+			d1=(d1^ti[1])&mask1;
+			l2cn(d0,d1,out,n);
+			out+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else if (num > 32) /* && num != 64 */
+				{
+				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+				}
+			else /* num < 32 */
+				{
+				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+				}
+			}
+		}
+	else
+		{
+		while (l >= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else if (num > 32) /* && num != 64 */
+				{
+				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+				}
+			else /* num < 32 */
+				{
+				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+				}
+			d0=(d0^ti[0])&mask0;
+			d1=(d1^ti[1])&mask1;
+			l2cn(d0,d1,out,n);
+			out+=n;
+			}
+		}
+	iv=(unsigned char *)ivec;
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=0;
+	}
+
diff --git a/crypto/des/des b/crypto/des/des
new file mode 100644
index 0000000000000000000000000000000000000000..7ec53b806053b0ed5d6ed1088c6fc03a2a0d51ed
--- /dev/null
+++ b/crypto/des/des
@@ -0,0 +1,305 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@mincom.oz.au).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@mincom.oz.au)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
+ *
+ * Always modify des.org since des.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock _;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG pad[2];
+		} ks;
+#undef _
+#define _	ks._
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define C_Block des_cblock
+#define Key_schedule des_key_schedule
+#ifdef KERBEROS
+#define ENCRYPT DES_ENCRYPT
+#define DECRYPT DES_DECRYPT
+#endif
+#define KEY_SZ DES_KEY_SZ
+#define string_to_key des_string_to_key
+#define read_pw_string des_read_pw_string
+#define random_key des_random_key
+#define pcbc_encrypt des_pcbc_encrypt
+#define set_key des_set_key
+#define key_sched des_key_sched
+#define ecb_encrypt des_ecb_encrypt
+#define cbc_encrypt des_cbc_encrypt
+#define ncbc_encrypt des_ncbc_encrypt
+#define xcbc_encrypt des_xcbc_encrypt
+#define cbc_cksum des_cbc_cksum
+#define quad_cksum des_quad_cksum
+
+/* For compatibility with the MIT lib - eay 20/05/92 */
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+extern int des_check_key;	/* defaults to false */
+extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+
+/* The next line is used to disable full ANSI prototypes, if your
+ * compiler has problems with the prototypes, make sure this line always
+ * evaluates to true :-) */
+#if defined(MSDOS) || defined(__STDC__)
+#undef NOPROTO
+#endif
+#ifndef NOPROTO
+char *des_options(void);
+void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks1,des_key_schedule ks2,
+	des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
+	long length,des_key_schedule schedule,des_cblock *ivec);
+void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,
+	des_cblock *inw,des_cblock *outw,int enc);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
+void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ecb_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
+	long length, des_key_schedule ks1, des_key_schedule ks2, 
+	des_key_schedule ks3, des_cblock *ivec, int enc);
+void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
+void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num);
+
+void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
+	des_cblock (*out_white));
+
+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+#ifdef PERL5
+char *des_crypt(const char *buf,const char *salt);
+#else
+/* some stupid compilers complain because I have declared char instead
+ * of const char */
+#ifdef HEADER_DES_LOCL_H
+char *crypt(const char *buf,const char *salt);
+#else
+char *crypt();
+#endif
+#endif
+void des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
+	long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock key);
+void des_random_key(des_cblock ret);
+int des_read_password(des_cblock *key,char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+	char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(des_cblock *key);
+int des_set_key(des_cblock *key,des_key_schedule schedule);
+int des_key_sched(des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(char *str,des_cblock *key);
+void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
+void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num);
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file(des_cblock *cb, FILE *fp);
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+int des_new_random_key(des_cblock *key);
+void des_init_random_number_generator(des_cblock *key);
+void des_set_random_generator_seed(des_cblock *key);
+void des_set_sequence_number(des_cblock new_sequence_number);
+void des_generate_random_block(des_cblock *block);
+
+#else
+
+char *des_options();
+void des_ecb3_encrypt();
+DES_LONG des_cbc_cksum();
+void des_cbc_encrypt();
+void des_ncbc_encrypt();
+void des_xcbc_encrypt();
+void des_3cbc_encrypt();
+void des_cfb_encrypt();
+void des_ede3_cfb64_encrypt();
+void des_ede3_ofb64_encrypt();
+void des_ecb_encrypt();
+void des_encrypt();
+void des_encrypt2();
+void des_encrypt3();
+void des_decrypt3();
+void des_ede3_cbc_encrypt();
+int des_enc_read();
+int des_enc_write();
+char *des_fcrypt();
+#ifdef PERL5
+char *des_crypt();
+#else
+char *crypt();
+#endif
+void des_ofb_encrypt();
+void des_pcbc_encrypt();
+DES_LONG des_quad_cksum();
+void des_random_seed();
+void des_random_key();
+int des_read_password();
+int des_read_2passwords();
+int des_read_pw_string();
+void des_set_odd_parity();
+int des_is_weak_key();
+int des_set_key();
+int des_key_sched();
+void des_string_to_key();
+void des_string_to_2keys();
+void des_cfb64_encrypt();
+void des_ofb64_encrypt();
+int des_read_pw();
+void des_xwhite_in2out();
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file();
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+#ifdef FreeBSD
+int des_new_random_key();
+void des_init_random_number_generator();
+void des_set_random_generator_seed();
+void des_set_sequence_number();
+void des_generate_random_block();
+#endif
+
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/des/des.c b/crypto/des/des.c
new file mode 100644
index 0000000000000000000000000000000000000000..0376163ffd7a330ebeb01d9f209f948fa27e7707
--- /dev/null
+++ b/crypto/des/des.c
@@ -0,0 +1,960 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#ifndef MSDOS
+#include 
+#else
+#include 
+#define RAND
+#endif
+
+#include 
+#include "des_ver.h"
+
+#ifdef VMS
+#include 
+#include 
+#else
+#ifndef _IRIX
+#include 
+#endif
+#include 
+#endif
+#if defined(NOCONST)
+#define const
+#endif
+#include "des.h"
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include 
+#endif
+
+#ifdef RAND
+#define random rand
+#define srandom(s) srand(s)
+#endif
+
+#ifndef NOPROTO
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+#else
+void usage();
+void doencryption();
+int uufwrite();
+void uufwriteEnd();
+int uufread();
+int uuencode();
+int uudecode();
+#endif
+
+#ifdef VMS
+#define EXIT(a) exit(a&0x10000000)
+#else
+#define EXIT(a) exit(a)
+#endif
+
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ	8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN	(45*100)
+#define OUTUUBUF	(65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+
+int main(argc, argv)
+int argc;
+char **argv;
+	{
+	int i;
+	struct stat ins,outs;
+	char *p;
+	char *in=NULL,*out=NULL;
+
+	vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+	error=0;
+	memset(key,0,sizeof(key));
+
+	for (i=1; i=0; j--)
+							argv[i][j]='\0';
+						}
+					break;
+				default:
+					fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+					error=1;
+					break;
+					}
+				}
+			}
+		else
+			{
+			if (in == NULL)
+				in=argv[i];
+			else if (out == NULL)
+				out=argv[i];
+			else
+				error=1;
+			}
+		}
+	if (error) usage();
+	/* We either
+	 * do checksum or
+	 * do encrypt or
+	 * do decrypt or
+	 * do decrypt then ckecksum or
+	 * do checksum then encrypt
+	 */
+	if (((eflag+dflag) == 1) || cflag)
+		{
+		if (eflag) do_encrypt=DES_ENCRYPT;
+		if (dflag) do_encrypt=DES_DECRYPT;
+		}
+	else
+		{
+		if (vflag) 
+			{
+#ifndef _Windows			
+			fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif			
+			EXIT(1);
+			}
+		else usage();
+		}
+
+#ifndef _Windows			
+	if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif			
+	if (	(in != NULL) &&
+		(out != NULL) &&
+#ifndef MSDOS
+		(stat(in,&ins) != -1) &&
+		(stat(out,&outs) != -1) &&
+		(ins.st_dev == outs.st_dev) &&
+		(ins.st_ino == outs.st_ino))
+#else /* MSDOS */
+		(strcmp(in,out) == 0))
+#endif
+			{
+			fputs("input and output file are the same\n",stderr);
+			EXIT(3);
+			}
+
+	if (!kflag)
+		if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+			{
+			fputs("password error\n",stderr);
+			EXIT(2);
+			}
+
+	if (in == NULL)
+		DES_IN=stdin;
+	else if ((DES_IN=fopen(in,"r")) == NULL)
+		{
+		perror("opening input file");
+		EXIT(4);
+		}
+
+	CKSUM_OUT=stdout;
+	if (out == NULL)
+		{
+		DES_OUT=stdout;
+		CKSUM_OUT=stderr;
+		}
+	else if ((DES_OUT=fopen(out,"w")) == NULL)
+		{
+		perror("opening output file");
+		EXIT(5);
+		}
+
+#ifdef MSDOS
+	/* This should set the file to binary mode. */
+	{
+#include 
+	if (!(uflag && dflag))
+		setmode(fileno(DES_IN),O_BINARY);
+	if (!(uflag && eflag))
+		setmode(fileno(DES_OUT),O_BINARY);
+	}
+#endif
+
+	doencryption();
+	fclose(DES_IN);
+	fclose(DES_OUT);
+	EXIT(0);
+	}
+
+void usage()
+	{
+	char **u;
+	static const char *Usage[]={
+"des  [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexidecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
+"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivelent to normal",
+"             encryption.  Default is tripple cbc, -b makes it tripple ecb.",
+NULL
+};
+	for (u=(char **)Usage; *u; u++)
+		{
+		fputs(*u,stderr);
+		fputc('\n',stderr);
+		}
+
+	EXIT(1);
+	}
+
+void doencryption()
+	{
+#ifdef _LIBC
+	extern int srandom();
+	extern int random();
+	extern unsigned long time();
+#endif
+
+	register int i;
+	des_key_schedule ks,ks2;
+	unsigned char iv[8],iv2[8];
+	char *p;
+	int num=0,j,k,l,rem,ll,len,last,ex=0;
+	des_cblock kk,k2;
+	FILE *O;
+	int Exit=0;
+#ifndef MSDOS
+	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+	static unsigned char *buf=NULL,*obuf=NULL;
+
+	if (buf == NULL)
+		{
+		if (    (( buf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL) ||
+			((obuf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL))
+			{
+			fputs("Not enough memory\n",stderr);
+			Exit=10;
+			goto problems;
+			}
+		}
+#endif
+
+	if (hflag)
+		{
+		j=(flag3?16:8);
+		p=key;
+		for (i=0; i= '0'))
+				k=(*p-'0')<<4;
+			else if ((*p <= 'f') && (*p >= 'a'))
+				k=(*p-'a'+10)<<4;
+			else if ((*p <= 'F') && (*p >= 'A'))
+				k=(*p-'A'+10)<<4;
+			else
+				{
+				fputs("Bad hex key\n",stderr);
+				Exit=9;
+				goto problems;
+				}
+			p++;
+			if ((*p <= '9') && (*p >= '0'))
+				k|=(*p-'0');
+			else if ((*p <= 'f') && (*p >= 'a'))
+				k|=(*p-'a'+10);
+			else if ((*p <= 'F') && (*p >= 'A'))
+				k|=(*p-'A'+10);
+			else
+				{
+				fputs("Bad hex key\n",stderr);
+				Exit=9;
+				goto problems;
+				}
+			p++;
+			if (i < 8)
+				kk[i]=k;
+			else
+				k2[i-8]=k;
+			}
+		des_set_key((C_Block *)k2,ks2);
+		memset(k2,0,sizeof(k2));
+		}
+	else if (longk || flag3)
+		{
+		if (flag3)
+			{
+			des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2);
+			des_set_key((C_Block *)k2,ks2);
+			memset(k2,0,sizeof(k2));
+			}
+		else
+			des_string_to_key(key,(C_Block *)kk);
+		}
+	else
+		for (i=0; i>=1;
+				}
+			if (l & 1)
+				kk[i]=key[i]&0x7f;
+			else
+				kk[i]=key[i]|0x80;
+			}
+
+	des_set_key((C_Block *)kk,ks);
+	memset(key,0,sizeof(key));
+	memset(kk,0,sizeof(kk));
+	/* woops - A bug that does not showup under unix :-( */
+	memset(iv,0,sizeof(iv));
+	memset(iv2,0,sizeof(iv2));
+
+	l=1;
+	rem=0;
+	/* first read */
+	if (eflag || (!dflag && cflag))
+		{
+		for (;;)
+			{
+			num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			l+=rem;
+			num+=rem;
+			if (l < 0)
+				{
+				perror("read error");
+				Exit=6;
+				goto problems;
+				}
+
+			rem=l%8;
+			len=l-rem;
+			if (feof(DES_IN))
+				{
+				srandom((unsigned int)time(NULL));
+				for (i=7-rem; i>0; i--)
+					buf[l++]=random()&0xff;
+				buf[l++]=rem;
+				ex=1;
+				len+=rem;
+				}
+			else
+				l-=rem;
+
+			if (cflag)
+				{
+				des_cbc_cksum((C_Block *)buf,(C_Block *)cksum,
+					(long)len,ks,(C_Block *)cksum);
+				if (!eflag)
+					{
+					if (feof(DES_IN)) break;
+					else continue;
+					}
+				}
+
+			if (bflag && !flag3)
+				for (i=0; i= 8) memcpy(iv,&(obuf[l-8]),8);
+				}
+			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+
+			i=0;
+			while (i < l)
+				{
+				if (uflag)
+					j=uufwrite(obuf,1,(unsigned int)l-i,
+						DES_OUT);
+				else
+					j=fwrite(obuf,1,(unsigned int)l-i,
+						DES_OUT);
+				if (j == -1)
+					{
+					perror("Write error");
+					Exit=7;
+					goto problems;
+					}
+				i+=j;
+				}
+			if (feof(DES_IN))
+				{
+				if (uflag) uufwriteEnd(DES_OUT);
+				break;
+				}
+			}
+		}
+	else /* decrypt */
+		{
+		ex=1;
+		for (;;)
+			{
+			if (ex) {
+				if (uflag)
+					l=uufread(buf,1,BUFSIZE,DES_IN);
+				else
+					l=fread(buf,1,BUFSIZE,DES_IN);
+				ex=0;
+				rem=l%8;
+				l-=rem;
+				}
+			if (l < 0)
+				{
+				perror("read error");
+				Exit=6;
+				goto problems;
+				}
+
+			if (bflag && !flag3)
+				for (i=0; i= 8) memcpy(iv,&(buf[l-8]),8);
+				}
+
+			if (uflag)
+				ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			else
+				ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			ll+=rem;
+			rem=ll%8;
+			ll-=rem;
+			if (feof(DES_IN) && (ll == 0))
+				{
+				last=obuf[l-1];
+
+				if ((last > 7) || (last < 0))
+					{
+					fputs("The file was not decrypted correctly.\n",
+						stderr);
+					Exit=8;
+					last=0;
+					}
+				l=l-8+last;
+				}
+			i=0;
+			if (cflag) des_cbc_cksum((C_Block *)obuf,
+				(C_Block *)cksum,(long)l/8*8,ks,
+				(C_Block *)cksum);
+			while (i != l)
+				{
+				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+				if (j == -1)
+					{
+					perror("Write error");
+					Exit=7;
+					goto problems;
+					}
+				i+=j;
+				}
+			l=ll;
+			if ((l == 0) && feof(DES_IN)) break;
+			}
+		}
+	if (cflag)
+		{
+		l=0;
+		if (cksumname[0] != '\0')
+			{
+			if ((O=fopen(cksumname,"w")) != NULL)
+				{
+				CKSUM_OUT=O;
+				l=1;
+				}
+			}
+		for (i=0; i<8; i++)
+			fprintf(CKSUM_OUT,"%02X",cksum[i]);
+		fprintf(CKSUM_OUT,"\n");
+		if (l) fclose(CKSUM_OUT);
+		}
+problems:
+	memset(buf,0,sizeof(buf));
+	memset(obuf,0,sizeof(obuf));
+	memset(ks,0,sizeof(ks));
+	memset(ks2,0,sizeof(ks2));
+	memset(iv,0,sizeof(iv));
+	memset(iv2,0,sizeof(iv2));
+	memset(kk,0,sizeof(kk));
+	memset(k2,0,sizeof(k2));
+	memset(uubuf,0,sizeof(uubuf));
+	memset(b,0,sizeof(b));
+	memset(bb,0,sizeof(bb));
+	memset(cksum,0,sizeof(cksum));
+	if (Exit) EXIT(Exit);
+	}
+
+int uufwrite(data, size, num, fp)
+unsigned char *data;
+int size;
+unsigned int num;
+FILE *fp;
+      
+     /* We ignore this parameter but it should be > ~50 I believe */
+   
+    
+	{
+	int i,j,left,rem,ret=num;
+	static int start=1;
+
+	if (start)
+		{
+		fprintf(fp,"begin 600 %s\n",
+			(uuname[0] == '\0')?"text.d":uuname);
+		start=0;
+		}
+
+	if (uubufnum)
+		{
+		if (uubufnum+num < 45)
+			{
+			memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+			uubufnum+=num;
+			return(num);
+			}
+		else
+			{
+			i=45-uubufnum;
+			memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+			j=uuencode((unsigned char *)uubuf,45,b);
+			fwrite(b,1,(unsigned int)j,fp);
+			uubufnum=0;
+			data+=i;
+			num-=i;
+			}
+		}
+
+	for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+		{
+		j=uuencode(&(data[i]),INUUBUFN,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		}
+	rem=(num-i)%45;
+	left=(num-i-rem);
+	if (left)
+		{
+		j=uuencode(&(data[i]),left,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		i+=left;
+		}
+	if (i != num)
+		{
+		memcpy(uubuf,&(data[i]),(unsigned int)rem);
+		uubufnum=rem;
+		}
+	return(ret);
+	}
+
+void uufwriteEnd(fp)
+FILE *fp;
+	{
+	int j;
+	static const char *end=" \nend\n";
+
+	if (uubufnum != 0)
+		{
+		uubuf[uubufnum]='\0';
+		uubuf[uubufnum+1]='\0';
+		uubuf[uubufnum+2]='\0';
+		j=uuencode(uubuf,uubufnum,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		}
+	fwrite(end,1,strlen(end),fp);
+	}
+
+int uufread(out, size, num, fp)
+unsigned char *out;
+int size; /* should always be > ~ 60; I actually ignore this parameter :-) */
+unsigned int num;
+FILE *fp;
+	{
+	int i,j,tot;
+	static int done=0;
+	static int valid=0;
+	static int start=1;
+
+	if (start)
+		{
+		for (;;)
+			{
+			b[0]='\0';
+			fgets((char *)b,300,fp);
+			if (b[0] == '\0')
+				{
+				fprintf(stderr,"no 'begin' found in uuencoded input\n");
+				return(-1);
+				}
+			if (strncmp((char *)b,"begin ",6) == 0) break;
+			}
+		start=0;
+		}
+	if (done) return(0);
+	tot=0;
+	if (valid)
+		{
+		memcpy(out,bb,(unsigned int)valid);
+		tot=valid;
+		valid=0;
+		}
+	for (;;)
+		{
+		b[0]='\0';
+		fgets((char *)b,300,fp);
+		if (b[0] == '\0') break;
+		i=strlen((char *)b);
+		if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+			{
+			done=1;
+			while (!feof(fp))
+				{
+				fgets((char *)b,300,fp);
+				}
+			break;
+			}
+		i=uudecode(b,i,bb);
+		if (i < 0) break;
+		if ((i+tot+8) > num)
+			{
+			/* num to copy to make it a multiple of 8 */
+			j=(num/8*8)-tot-8;
+			memcpy(&(out[tot]),bb,(unsigned int)j);
+			tot+=j;
+			memcpy(bb,&(bb[j]),(unsigned int)i-j);
+			valid=i-j;
+			break;
+			}
+		memcpy(&(out[tot]),bb,(unsigned int)i);
+		tot+=i;
+		}
+	return(tot);
+	}
+
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+			 l|=((DES_LONG)(*((c)++)))<< 8, \
+		 	 l|=((DES_LONG)(*((c)++))))
+
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+
+
+int uuencode(in, num, out)
+unsigned char *in;
+int num;
+unsigned char *out;
+	{
+	int j,i,n,tot=0;
+	DES_LONG l;
+	register unsigned char *p;
+	p=out;
+
+	for (j=0; j num)
+			i=(num-j);
+		else	i=45;
+		*(p++)=i+' ';
+		for (n=0; n>18)&0x3f)+' ';
+			*(p++)=((l>>12)&0x3f)+' ';
+			*(p++)=((l>> 6)&0x3f)+' ';
+			*(p++)=((l    )&0x3f)+' ';
+			tot+=4;
+			}
+		*(p++)='\n';
+		tot+=2;
+		}
+	*p='\0';
+	l=0;
+	return(tot);
+	}
+
+int uudecode(in, num, out)
+unsigned char *in;
+int num;
+unsigned char *out;
+	{
+	int j,i,k;
+	unsigned int n=0,space=0;
+	DES_LONG l;
+	DES_LONG w,x,y,z;
+	unsigned int blank=(unsigned int)'\n'-' ';
+
+	for (j=0; j 60)
+			{
+			fprintf(stderr,"uuencoded line length too long\n");
+			return(-1);
+			}
+		j++;
+
+		for (i=0; i 63) || (x > 63) || (y > 63) || (z > 63))
+				{
+				k=0;
+				if (w == blank) k=1;
+				if (x == blank) k=2;
+				if (y == blank) k=3;
+				if (z == blank) k=4;
+				space=1;
+				switch (k) {
+				case 1:	w=0; in--;
+				case 2: x=0; in--;
+				case 3: y=0; in--;
+				case 4: z=0; in--;
+					break;
+				case 0:
+					space=0;
+					fprintf(stderr,"bad uuencoded data values\n");
+					w=x=y=z=0;
+					return(-1);
+					break;
+					}
+				}
+			l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+			l2ccc(l,out);
+			}
+		if (*(in++) != '\n')
+			{
+			fprintf(stderr,"missing nl in uuencoded line\n");
+			w=x=y=z=0;
+			return(-1);
+			}
+		j++;
+		}
+	*out='\0';
+	w=x=y=z=0;
+	return(n);
+	}
diff --git a/crypto/des/des.h b/crypto/des/des.h
new file mode 100644
index 0000000000000000000000000000000000000000..1728fe88899271749220a88bfee9715a40c88be2
--- /dev/null
+++ b/crypto/des/des.h
@@ -0,0 +1,305 @@
+/* crypto/des/des.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
+ *
+ * Always modify des.org since des.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock _;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG pad[2];
+		} ks;
+#undef _
+#define _	ks._
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define C_Block des_cblock
+#define Key_schedule des_key_schedule
+#ifdef KERBEROS
+#define ENCRYPT DES_ENCRYPT
+#define DECRYPT DES_DECRYPT
+#endif
+#define KEY_SZ DES_KEY_SZ
+#define string_to_key des_string_to_key
+#define read_pw_string des_read_pw_string
+#define random_key des_random_key
+#define pcbc_encrypt des_pcbc_encrypt
+#define set_key des_set_key
+#define key_sched des_key_sched
+#define ecb_encrypt des_ecb_encrypt
+#define cbc_encrypt des_cbc_encrypt
+#define ncbc_encrypt des_ncbc_encrypt
+#define xcbc_encrypt des_xcbc_encrypt
+#define cbc_cksum des_cbc_cksum
+#define quad_cksum des_quad_cksum
+
+/* For compatibility with the MIT lib - eay 20/05/92 */
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+extern int des_check_key;	/* defaults to false */
+extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+
+/* The next line is used to disable full ANSI prototypes, if your
+ * compiler has problems with the prototypes, make sure this line always
+ * evaluates to true :-) */
+#if defined(MSDOS) || defined(__STDC__)
+#undef NOPROTO
+#endif
+#ifndef NOPROTO
+char *des_options(void);
+void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks1,des_key_schedule ks2,
+	des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
+	long length,des_key_schedule schedule,des_cblock *ivec);
+void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,
+	des_cblock *inw,des_cblock *outw,int enc);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
+void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ecb_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
+	long length, des_key_schedule ks1, des_key_schedule ks2, 
+	des_key_schedule ks3, des_cblock *ivec, int enc);
+void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
+void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num);
+
+void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
+	des_cblock (*out_white));
+
+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+#ifdef PERL5
+char *des_crypt(const char *buf,const char *salt);
+#else
+/* some stupid compilers complain because I have declared char instead
+ * of const char */
+#ifdef HEADER_DES_LOCL_H
+char *crypt(const char *buf,const char *salt);
+#else
+char *crypt();
+#endif
+#endif
+void des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
+	long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock key);
+void des_random_key(des_cblock ret);
+int des_read_password(des_cblock *key,char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+	char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(des_cblock *key);
+int des_set_key(des_cblock *key,des_key_schedule schedule);
+int des_key_sched(des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(char *str,des_cblock *key);
+void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
+void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num);
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file(des_cblock *cb, FILE *fp);
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+int des_new_random_key(des_cblock *key);
+void des_init_random_number_generator(des_cblock *key);
+void des_set_random_generator_seed(des_cblock *key);
+void des_set_sequence_number(des_cblock new_sequence_number);
+void des_generate_random_block(des_cblock *block);
+
+#else
+
+char *des_options();
+void des_ecb3_encrypt();
+DES_LONG des_cbc_cksum();
+void des_cbc_encrypt();
+void des_ncbc_encrypt();
+void des_xcbc_encrypt();
+void des_3cbc_encrypt();
+void des_cfb_encrypt();
+void des_ede3_cfb64_encrypt();
+void des_ede3_ofb64_encrypt();
+void des_ecb_encrypt();
+void des_encrypt();
+void des_encrypt2();
+void des_encrypt3();
+void des_decrypt3();
+void des_ede3_cbc_encrypt();
+int des_enc_read();
+int des_enc_write();
+char *des_fcrypt();
+#ifdef PERL5
+char *des_crypt();
+#else
+char *crypt();
+#endif
+void des_ofb_encrypt();
+void des_pcbc_encrypt();
+DES_LONG des_quad_cksum();
+void des_random_seed();
+void des_random_key();
+int des_read_password();
+int des_read_2passwords();
+int des_read_pw_string();
+void des_set_odd_parity();
+int des_is_weak_key();
+int des_set_key();
+int des_key_sched();
+void des_string_to_key();
+void des_string_to_2keys();
+void des_cfb64_encrypt();
+void des_ofb64_encrypt();
+int des_read_pw();
+void des_xwhite_in2out();
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file();
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+#ifdef FreeBSD
+int des_new_random_key();
+void des_init_random_number_generator();
+void des_set_random_generator_seed();
+void des_set_sequence_number();
+void des_generate_random_block();
+#endif
+
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/des/des.man b/crypto/des/des.man
new file mode 100644
index 0000000000000000000000000000000000000000..7e06a1851a0d0d1acf795c195f64d1e7f53c2042
--- /dev/null
+++ b/crypto/des/des.man
@@ -0,0 +1,186 @@
+.TH DES 1 
+.SH NAME
+des - encrypt or decrypt data using Data Encryption Standard
+.SH SYNOPSIS
+.B des
+(
+.B \-e
+|
+.B \-E
+) | (
+.B \-d
+|
+.B \-D
+) | (
+.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+) |
+[
+.B \-b3hfs
+] [
+.B \-k
+.I key
+]
+] [
+.B \-u\fR[\fIuuname\fR]
+[
+.I input-file
+[
+.I output-file
+] ]
+.SH DESCRIPTION
+.B des
+encrypts and decrypts data using the
+Data Encryption Standard algorithm.
+One of
+.B \-e, \-E
+(for encrypt) or
+.B \-d, \-D
+(for decrypt) must be specified.
+It is also possible to use
+.B \-c
+or
+.B \-C
+in conjunction or instead of the a encrypt/decrypt option to generate
+a 16 character hexadecimal checksum, generated via the
+.I des_cbc_cksum.
+.LP
+Two standard encryption modes are supported by the
+.B des
+program, Cipher Block Chaining (the default) and Electronic Code Book
+(specified with
+.B \-b
+).
+.LP
+The key used for the DES
+algorithm is obtained by prompting the user unless the
+.B `\-k
+.I key'
+option is given.
+If the key is an argument to the
+.B des
+command, it is potentially visible to users executing
+.BR ps (1)
+or a derivative.  To minimise this possibility,
+.B des
+takes care to destroy the key argument immediately upon entry.
+If your shell keeps a history file be careful to make sure it is not
+world readable.
+.LP
+Since this program attempts to maintain compatability with sunOS's
+des(1) command, there are 2 different methods used to convert the user
+supplied key to a des key.
+Whenever and one or more of
+.B \-E, \-D, \-C
+or
+.B \-3
+options are used, the key conversion procedure will not be compatible
+with the sunOS des(1) version but will use all the user supplied
+character to generate the des key.
+.B des
+command reads from standard input unless
+.I input-file
+is specified and writes to standard output unless
+.I output-file
+is given.
+.SH OPTIONS
+.TP
+.B \-b
+Select ECB
+(eight bytes at a time) encryption mode.
+.TP
+.B \-3
+Encrypt using triple encryption.
+By default triple cbc encryption is used but if the
+.B \-b
+option is used then triple ecb encryption is performed.
+If the key is less than 8 characters long, the flag has no effect.
+.TP
+.B \-e
+Encrypt data using an 8 byte key in a manner compatible with sunOS
+des(1).
+.TP
+.B \-E
+Encrypt data using a key of nearly unlimited length (1024 bytes).
+This will product a more secure encryption.
+.TP
+.B \-d
+Decrypt data that was encrypted with the \-e option.
+.TP
+.B \-D
+Decrypt data that was encrypted with the \-E option.
+.TP
+.B \-c
+Generate a 16 character hexadecimal cbc checksum and output this to
+stderr.
+If a filename was specified after the
+.B \-c
+option, the checksum is output to that file.
+The checksum is generated using a key generated in a sunOS compatible
+manner.
+.TP
+.B \-C
+A cbc checksum is generated in the same manner as described for the
+.B \-c
+option but the DES key is generated in the same manner as used for the
+.B \-E
+and
+.B \-D
+options
+.TP
+.B \-f
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B \-s
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B "\-k \fIkey\fP"
+Use the encryption 
+.I key
+specified.
+.TP
+.B "\-h"
+The
+.I key
+is assumed to be a 16 character hexadecimal number.
+If the
+.B "\-3"
+option is used the key is assumed to be a 32 character hexadecimal
+number.
+.TP
+.B \-u
+This flag is used to read and write uuencoded files.  If decrypting,
+the input file is assumed to contain uuencoded, DES encrypted data.
+If encrypting, the characters following the -u are used as the name of
+the uuencoded file to embed in the begin line of the uuencoded
+output.  If there is no name specified after the -u, the name text.des
+will be embedded in the header.
+.SH SEE ALSO
+.B ps (1)
+.B des_crypt(3)
+.SH BUGS
+.LP
+The problem with using the
+.B -e
+option is the short key length.
+It would be better to use a real 56-bit key rather than an
+ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+radically reduces the time necessary for a brute-force cryptographic attack.
+My attempt to remove this problem is to add an alternative text-key to
+DES-key function.  This alternative function (accessed via
+.B -E, -D, -S
+and
+.B -3
+)
+uses DES to help generate the key.
+.LP
+Be carefully when using the -u option.  Doing des -ud  will
+not decrypt filename (the -u option will gobble the d option).
+.LP
+The VMS operating system operates in a world where files are always a
+multiple of 512 bytes.  This causes problems when encrypted data is
+send from unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the -u option
+to uuencode the data before it is send to the VMS system.
+.SH AUTHOR
+.LP
+Eric Young (eay@cryptsoft.com)
diff --git a/crypto/des/des.org b/crypto/des/des.org
new file mode 100644
index 0000000000000000000000000000000000000000..1728fe88899271749220a88bfee9715a40c88be2
--- /dev/null
+++ b/crypto/des/des.org
@@ -0,0 +1,305 @@
+/* crypto/des/des.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
+ *
+ * Always modify des.org since des.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock _;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG pad[2];
+		} ks;
+#undef _
+#define _	ks._
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define C_Block des_cblock
+#define Key_schedule des_key_schedule
+#ifdef KERBEROS
+#define ENCRYPT DES_ENCRYPT
+#define DECRYPT DES_DECRYPT
+#endif
+#define KEY_SZ DES_KEY_SZ
+#define string_to_key des_string_to_key
+#define read_pw_string des_read_pw_string
+#define random_key des_random_key
+#define pcbc_encrypt des_pcbc_encrypt
+#define set_key des_set_key
+#define key_sched des_key_sched
+#define ecb_encrypt des_ecb_encrypt
+#define cbc_encrypt des_cbc_encrypt
+#define ncbc_encrypt des_ncbc_encrypt
+#define xcbc_encrypt des_xcbc_encrypt
+#define cbc_cksum des_cbc_cksum
+#define quad_cksum des_quad_cksum
+
+/* For compatibility with the MIT lib - eay 20/05/92 */
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+extern int des_check_key;	/* defaults to false */
+extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+
+/* The next line is used to disable full ANSI prototypes, if your
+ * compiler has problems with the prototypes, make sure this line always
+ * evaluates to true :-) */
+#if defined(MSDOS) || defined(__STDC__)
+#undef NOPROTO
+#endif
+#ifndef NOPROTO
+char *des_options(void);
+void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks1,des_key_schedule ks2,
+	des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
+	long length,des_key_schedule schedule,des_cblock *ivec);
+void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,
+	des_cblock *inw,des_cblock *outw,int enc);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
+void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ecb_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
+	long length, des_key_schedule ks1, des_key_schedule ks2, 
+	des_key_schedule ks3, des_cblock *ivec, int enc);
+void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
+void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num);
+
+void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
+	des_cblock (*out_white));
+
+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+#ifdef PERL5
+char *des_crypt(const char *buf,const char *salt);
+#else
+/* some stupid compilers complain because I have declared char instead
+ * of const char */
+#ifdef HEADER_DES_LOCL_H
+char *crypt(const char *buf,const char *salt);
+#else
+char *crypt();
+#endif
+#endif
+void des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
+	long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock key);
+void des_random_key(des_cblock ret);
+int des_read_password(des_cblock *key,char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+	char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(des_cblock *key);
+int des_set_key(des_cblock *key,des_key_schedule schedule);
+int des_key_sched(des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(char *str,des_cblock *key);
+void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
+void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num);
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file(des_cblock *cb, FILE *fp);
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+int des_new_random_key(des_cblock *key);
+void des_init_random_number_generator(des_cblock *key);
+void des_set_random_generator_seed(des_cblock *key);
+void des_set_sequence_number(des_cblock new_sequence_number);
+void des_generate_random_block(des_cblock *block);
+
+#else
+
+char *des_options();
+void des_ecb3_encrypt();
+DES_LONG des_cbc_cksum();
+void des_cbc_encrypt();
+void des_ncbc_encrypt();
+void des_xcbc_encrypt();
+void des_3cbc_encrypt();
+void des_cfb_encrypt();
+void des_ede3_cfb64_encrypt();
+void des_ede3_ofb64_encrypt();
+void des_ecb_encrypt();
+void des_encrypt();
+void des_encrypt2();
+void des_encrypt3();
+void des_decrypt3();
+void des_ede3_cbc_encrypt();
+int des_enc_read();
+int des_enc_write();
+char *des_fcrypt();
+#ifdef PERL5
+char *des_crypt();
+#else
+char *crypt();
+#endif
+void des_ofb_encrypt();
+void des_pcbc_encrypt();
+DES_LONG des_quad_cksum();
+void des_random_seed();
+void des_random_key();
+int des_read_password();
+int des_read_2passwords();
+int des_read_pw_string();
+void des_set_odd_parity();
+int des_is_weak_key();
+int des_set_key();
+int des_key_sched();
+void des_string_to_key();
+void des_string_to_2keys();
+void des_cfb64_encrypt();
+void des_ofb64_encrypt();
+int des_read_pw();
+void des_xwhite_in2out();
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file();
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+#ifdef FreeBSD
+int des_new_random_key();
+void des_init_random_number_generator();
+void des_set_random_generator_seed();
+void des_set_sequence_number();
+void des_generate_random_block();
+#endif
+
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/des/des.pl b/crypto/des/des.pl
new file mode 100644
index 0000000000000000000000000000000000000000..8a3f7e3ed63aa41339a9b8acc13901f552f63e56
--- /dev/null
+++ b/crypto/des/des.pl
@@ -0,0 +1,552 @@
+#!/usr/local/bin/perl
+# des.pl - eric young 22/11/1991 eay@cryptsoft.com
+#
+# Copyright (C) 1993 Eric Young
+#
+# 11 April 1996 - patched to circumvent Perl 5 (through 5.002) problem
+#                 with sign-extension on right shift operations.
+#                 Ed Kubaitis - ejk@uiuc.edu
+#
+# eay - 92/08/31 - I think I have fixed all problems for 64bit
+# versions of perl but I could be wrong since I have not tested it yet :-).
+#
+# This is an implementation of DES in perl.
+# The two routines (des_set_key and des_ecb_encrypt)
+# take 8 byte objects as arguments.
+#
+# des_set_key takes an 8 byte string as a key and returns a key schedule
+# for use in calls to des_ecb_encrypt.
+# des_ecb_encrypt takes three arguments, the first is a key schedule
+# (make sure to pass it by reference with the *), the second is 1
+# to encrypt, 0 to decrypt.  The third argument is an 8 byte object
+# to encrypt.  The function returns an 8 byte object that has been
+# DES encrypted.
+#
+# example:
+# require 'des.pl'
+#
+# $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+# @ks=  &des_set_key($key);
+#
+# $outbytes= &des_ecb_encrypt(*ks,1,$data);
+# @enc =unpack("C8",$outbytes);
+#
+                 
+package des;
+
+eval("use integer;") if (int($]) > 4);
+
+# The following 8 arrays are used in des_set_key
+@skb0=(
+# for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+0x00000000,0x00000010,0x20000000,0x20000010,
+0x00010000,0x00010010,0x20010000,0x20010010,
+0x00000800,0x00000810,0x20000800,0x20000810,
+0x00010800,0x00010810,0x20010800,0x20010810,
+0x00000020,0x00000030,0x20000020,0x20000030,
+0x00010020,0x00010030,0x20010020,0x20010030,
+0x00000820,0x00000830,0x20000820,0x20000830,
+0x00010820,0x00010830,0x20010820,0x20010830,
+0x00080000,0x00080010,0x20080000,0x20080010,
+0x00090000,0x00090010,0x20090000,0x20090010,
+0x00080800,0x00080810,0x20080800,0x20080810,
+0x00090800,0x00090810,0x20090800,0x20090810,
+0x00080020,0x00080030,0x20080020,0x20080030,
+0x00090020,0x00090030,0x20090020,0x20090030,
+0x00080820,0x00080830,0x20080820,0x20080830,
+0x00090820,0x00090830,0x20090820,0x20090830,
+);
+@skb1=(
+# for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
+0x00000000,0x02000000,0x00002000,0x02002000,
+0x00200000,0x02200000,0x00202000,0x02202000,
+0x00000004,0x02000004,0x00002004,0x02002004,
+0x00200004,0x02200004,0x00202004,0x02202004,
+0x00000400,0x02000400,0x00002400,0x02002400,
+0x00200400,0x02200400,0x00202400,0x02202400,
+0x00000404,0x02000404,0x00002404,0x02002404,
+0x00200404,0x02200404,0x00202404,0x02202404,
+0x10000000,0x12000000,0x10002000,0x12002000,
+0x10200000,0x12200000,0x10202000,0x12202000,
+0x10000004,0x12000004,0x10002004,0x12002004,
+0x10200004,0x12200004,0x10202004,0x12202004,
+0x10000400,0x12000400,0x10002400,0x12002400,
+0x10200400,0x12200400,0x10202400,0x12202400,
+0x10000404,0x12000404,0x10002404,0x12002404,
+0x10200404,0x12200404,0x10202404,0x12202404,
+);
+@skb2=(
+# for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
+0x00000000,0x00000001,0x00040000,0x00040001,
+0x01000000,0x01000001,0x01040000,0x01040001,
+0x00000002,0x00000003,0x00040002,0x00040003,
+0x01000002,0x01000003,0x01040002,0x01040003,
+0x00000200,0x00000201,0x00040200,0x00040201,
+0x01000200,0x01000201,0x01040200,0x01040201,
+0x00000202,0x00000203,0x00040202,0x00040203,
+0x01000202,0x01000203,0x01040202,0x01040203,
+0x08000000,0x08000001,0x08040000,0x08040001,
+0x09000000,0x09000001,0x09040000,0x09040001,
+0x08000002,0x08000003,0x08040002,0x08040003,
+0x09000002,0x09000003,0x09040002,0x09040003,
+0x08000200,0x08000201,0x08040200,0x08040201,
+0x09000200,0x09000201,0x09040200,0x09040201,
+0x08000202,0x08000203,0x08040202,0x08040203,
+0x09000202,0x09000203,0x09040202,0x09040203,
+);
+@skb3=(
+# for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
+0x00000000,0x00100000,0x00000100,0x00100100,
+0x00000008,0x00100008,0x00000108,0x00100108,
+0x00001000,0x00101000,0x00001100,0x00101100,
+0x00001008,0x00101008,0x00001108,0x00101108,
+0x04000000,0x04100000,0x04000100,0x04100100,
+0x04000008,0x04100008,0x04000108,0x04100108,
+0x04001000,0x04101000,0x04001100,0x04101100,
+0x04001008,0x04101008,0x04001108,0x04101108,
+0x00020000,0x00120000,0x00020100,0x00120100,
+0x00020008,0x00120008,0x00020108,0x00120108,
+0x00021000,0x00121000,0x00021100,0x00121100,
+0x00021008,0x00121008,0x00021108,0x00121108,
+0x04020000,0x04120000,0x04020100,0x04120100,
+0x04020008,0x04120008,0x04020108,0x04120108,
+0x04021000,0x04121000,0x04021100,0x04121100,
+0x04021008,0x04121008,0x04021108,0x04121108,
+);
+@skb4=(
+# for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+0x00000000,0x10000000,0x00010000,0x10010000,
+0x00000004,0x10000004,0x00010004,0x10010004,
+0x20000000,0x30000000,0x20010000,0x30010000,
+0x20000004,0x30000004,0x20010004,0x30010004,
+0x00100000,0x10100000,0x00110000,0x10110000,
+0x00100004,0x10100004,0x00110004,0x10110004,
+0x20100000,0x30100000,0x20110000,0x30110000,
+0x20100004,0x30100004,0x20110004,0x30110004,
+0x00001000,0x10001000,0x00011000,0x10011000,
+0x00001004,0x10001004,0x00011004,0x10011004,
+0x20001000,0x30001000,0x20011000,0x30011000,
+0x20001004,0x30001004,0x20011004,0x30011004,
+0x00101000,0x10101000,0x00111000,0x10111000,
+0x00101004,0x10101004,0x00111004,0x10111004,
+0x20101000,0x30101000,0x20111000,0x30111000,
+0x20101004,0x30101004,0x20111004,0x30111004,
+);
+@skb5=(
+# for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
+0x00000000,0x08000000,0x00000008,0x08000008,
+0x00000400,0x08000400,0x00000408,0x08000408,
+0x00020000,0x08020000,0x00020008,0x08020008,
+0x00020400,0x08020400,0x00020408,0x08020408,
+0x00000001,0x08000001,0x00000009,0x08000009,
+0x00000401,0x08000401,0x00000409,0x08000409,
+0x00020001,0x08020001,0x00020009,0x08020009,
+0x00020401,0x08020401,0x00020409,0x08020409,
+0x02000000,0x0A000000,0x02000008,0x0A000008,
+0x02000400,0x0A000400,0x02000408,0x0A000408,
+0x02020000,0x0A020000,0x02020008,0x0A020008,
+0x02020400,0x0A020400,0x02020408,0x0A020408,
+0x02000001,0x0A000001,0x02000009,0x0A000009,
+0x02000401,0x0A000401,0x02000409,0x0A000409,
+0x02020001,0x0A020001,0x02020009,0x0A020009,
+0x02020401,0x0A020401,0x02020409,0x0A020409,
+);
+@skb6=(
+# for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
+0x00000000,0x00000100,0x00080000,0x00080100,
+0x01000000,0x01000100,0x01080000,0x01080100,
+0x00000010,0x00000110,0x00080010,0x00080110,
+0x01000010,0x01000110,0x01080010,0x01080110,
+0x00200000,0x00200100,0x00280000,0x00280100,
+0x01200000,0x01200100,0x01280000,0x01280100,
+0x00200010,0x00200110,0x00280010,0x00280110,
+0x01200010,0x01200110,0x01280010,0x01280110,
+0x00000200,0x00000300,0x00080200,0x00080300,
+0x01000200,0x01000300,0x01080200,0x01080300,
+0x00000210,0x00000310,0x00080210,0x00080310,
+0x01000210,0x01000310,0x01080210,0x01080310,
+0x00200200,0x00200300,0x00280200,0x00280300,
+0x01200200,0x01200300,0x01280200,0x01280300,
+0x00200210,0x00200310,0x00280210,0x00280310,
+0x01200210,0x01200310,0x01280210,0x01280310,
+);
+@skb7=(
+# for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
+0x00000000,0x04000000,0x00040000,0x04040000,
+0x00000002,0x04000002,0x00040002,0x04040002,
+0x00002000,0x04002000,0x00042000,0x04042000,
+0x00002002,0x04002002,0x00042002,0x04042002,
+0x00000020,0x04000020,0x00040020,0x04040020,
+0x00000022,0x04000022,0x00040022,0x04040022,
+0x00002020,0x04002020,0x00042020,0x04042020,
+0x00002022,0x04002022,0x00042022,0x04042022,
+0x00000800,0x04000800,0x00040800,0x04040800,
+0x00000802,0x04000802,0x00040802,0x04040802,
+0x00002800,0x04002800,0x00042800,0x04042800,
+0x00002802,0x04002802,0x00042802,0x04042802,
+0x00000820,0x04000820,0x00040820,0x04040820,
+0x00000822,0x04000822,0x00040822,0x04040822,
+0x00002820,0x04002820,0x00042820,0x04042820,
+0x00002822,0x04002822,0x00042822,0x04042822,
+);
+
+@shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
+
+# used in ecb_encrypt
+@SP0=(
+0x00410100, 0x00010000, 0x40400000, 0x40410100,
+0x00400000, 0x40010100, 0x40010000, 0x40400000,
+0x40010100, 0x00410100, 0x00410000, 0x40000100,
+0x40400100, 0x00400000, 0x00000000, 0x40010000,
+0x00010000, 0x40000000, 0x00400100, 0x00010100,
+0x40410100, 0x00410000, 0x40000100, 0x00400100,
+0x40000000, 0x00000100, 0x00010100, 0x40410000,
+0x00000100, 0x40400100, 0x40410000, 0x00000000,
+0x00000000, 0x40410100, 0x00400100, 0x40010000,
+0x00410100, 0x00010000, 0x40000100, 0x00400100,
+0x40410000, 0x00000100, 0x00010100, 0x40400000,
+0x40010100, 0x40000000, 0x40400000, 0x00410000,
+0x40410100, 0x00010100, 0x00410000, 0x40400100,
+0x00400000, 0x40000100, 0x40010000, 0x00000000,
+0x00010000, 0x00400000, 0x40400100, 0x00410100,
+0x40000000, 0x40410000, 0x00000100, 0x40010100,
+);
+@SP1=(
+0x08021002, 0x00000000, 0x00021000, 0x08020000,
+0x08000002, 0x00001002, 0x08001000, 0x00021000,
+0x00001000, 0x08020002, 0x00000002, 0x08001000,
+0x00020002, 0x08021000, 0x08020000, 0x00000002,
+0x00020000, 0x08001002, 0x08020002, 0x00001000,
+0x00021002, 0x08000000, 0x00000000, 0x00020002,
+0x08001002, 0x00021002, 0x08021000, 0x08000002,
+0x08000000, 0x00020000, 0x00001002, 0x08021002,
+0x00020002, 0x08021000, 0x08001000, 0x00021002,
+0x08021002, 0x00020002, 0x08000002, 0x00000000,
+0x08000000, 0x00001002, 0x00020000, 0x08020002,
+0x00001000, 0x08000000, 0x00021002, 0x08001002,
+0x08021000, 0x00001000, 0x00000000, 0x08000002,
+0x00000002, 0x08021002, 0x00021000, 0x08020000,
+0x08020002, 0x00020000, 0x00001002, 0x08001000,
+0x08001002, 0x00000002, 0x08020000, 0x00021000,
+);
+@SP2=(
+0x20800000, 0x00808020, 0x00000020, 0x20800020,
+0x20008000, 0x00800000, 0x20800020, 0x00008020,
+0x00800020, 0x00008000, 0x00808000, 0x20000000,
+0x20808020, 0x20000020, 0x20000000, 0x20808000,
+0x00000000, 0x20008000, 0x00808020, 0x00000020,
+0x20000020, 0x20808020, 0x00008000, 0x20800000,
+0x20808000, 0x00800020, 0x20008020, 0x00808000,
+0x00008020, 0x00000000, 0x00800000, 0x20008020,
+0x00808020, 0x00000020, 0x20000000, 0x00008000,
+0x20000020, 0x20008000, 0x00808000, 0x20800020,
+0x00000000, 0x00808020, 0x00008020, 0x20808000,
+0x20008000, 0x00800000, 0x20808020, 0x20000000,
+0x20008020, 0x20800000, 0x00800000, 0x20808020,
+0x00008000, 0x00800020, 0x20800020, 0x00008020,
+0x00800020, 0x00000000, 0x20808000, 0x20000020,
+0x20800000, 0x20008020, 0x00000020, 0x00808000,
+);
+@SP3=(
+0x00080201, 0x02000200, 0x00000001, 0x02080201,
+0x00000000, 0x02080000, 0x02000201, 0x00080001,
+0x02080200, 0x02000001, 0x02000000, 0x00000201,
+0x02000001, 0x00080201, 0x00080000, 0x02000000,
+0x02080001, 0x00080200, 0x00000200, 0x00000001,
+0x00080200, 0x02000201, 0x02080000, 0x00000200,
+0x00000201, 0x00000000, 0x00080001, 0x02080200,
+0x02000200, 0x02080001, 0x02080201, 0x00080000,
+0x02080001, 0x00000201, 0x00080000, 0x02000001,
+0x00080200, 0x02000200, 0x00000001, 0x02080000,
+0x02000201, 0x00000000, 0x00000200, 0x00080001,
+0x00000000, 0x02080001, 0x02080200, 0x00000200,
+0x02000000, 0x02080201, 0x00080201, 0x00080000,
+0x02080201, 0x00000001, 0x02000200, 0x00080201,
+0x00080001, 0x00080200, 0x02080000, 0x02000201,
+0x00000201, 0x02000000, 0x02000001, 0x02080200,
+);
+@SP4=(
+0x01000000, 0x00002000, 0x00000080, 0x01002084,
+0x01002004, 0x01000080, 0x00002084, 0x01002000,
+0x00002000, 0x00000004, 0x01000004, 0x00002080,
+0x01000084, 0x01002004, 0x01002080, 0x00000000,
+0x00002080, 0x01000000, 0x00002004, 0x00000084,
+0x01000080, 0x00002084, 0x00000000, 0x01000004,
+0x00000004, 0x01000084, 0x01002084, 0x00002004,
+0x01002000, 0x00000080, 0x00000084, 0x01002080,
+0x01002080, 0x01000084, 0x00002004, 0x01002000,
+0x00002000, 0x00000004, 0x01000004, 0x01000080,
+0x01000000, 0x00002080, 0x01002084, 0x00000000,
+0x00002084, 0x01000000, 0x00000080, 0x00002004,
+0x01000084, 0x00000080, 0x00000000, 0x01002084,
+0x01002004, 0x01002080, 0x00000084, 0x00002000,
+0x00002080, 0x01002004, 0x01000080, 0x00000084,
+0x00000004, 0x00002084, 0x01002000, 0x01000004,
+);
+@SP5=(
+0x10000008, 0x00040008, 0x00000000, 0x10040400,
+0x00040008, 0x00000400, 0x10000408, 0x00040000,
+0x00000408, 0x10040408, 0x00040400, 0x10000000,
+0x10000400, 0x10000008, 0x10040000, 0x00040408,
+0x00040000, 0x10000408, 0x10040008, 0x00000000,
+0x00000400, 0x00000008, 0x10040400, 0x10040008,
+0x10040408, 0x10040000, 0x10000000, 0x00000408,
+0x00000008, 0x00040400, 0x00040408, 0x10000400,
+0x00000408, 0x10000000, 0x10000400, 0x00040408,
+0x10040400, 0x00040008, 0x00000000, 0x10000400,
+0x10000000, 0x00000400, 0x10040008, 0x00040000,
+0x00040008, 0x10040408, 0x00040400, 0x00000008,
+0x10040408, 0x00040400, 0x00040000, 0x10000408,
+0x10000008, 0x10040000, 0x00040408, 0x00000000,
+0x00000400, 0x10000008, 0x10000408, 0x10040400,
+0x10040000, 0x00000408, 0x00000008, 0x10040008,
+);
+@SP6=(
+0x00000800, 0x00000040, 0x00200040, 0x80200000,
+0x80200840, 0x80000800, 0x00000840, 0x00000000,
+0x00200000, 0x80200040, 0x80000040, 0x00200800,
+0x80000000, 0x00200840, 0x00200800, 0x80000040,
+0x80200040, 0x00000800, 0x80000800, 0x80200840,
+0x00000000, 0x00200040, 0x80200000, 0x00000840,
+0x80200800, 0x80000840, 0x00200840, 0x80000000,
+0x80000840, 0x80200800, 0x00000040, 0x00200000,
+0x80000840, 0x00200800, 0x80200800, 0x80000040,
+0x00000800, 0x00000040, 0x00200000, 0x80200800,
+0x80200040, 0x80000840, 0x00000840, 0x00000000,
+0x00000040, 0x80200000, 0x80000000, 0x00200040,
+0x00000000, 0x80200040, 0x00200040, 0x00000840,
+0x80000040, 0x00000800, 0x80200840, 0x00200000,
+0x00200840, 0x80000000, 0x80000800, 0x80200840,
+0x80200000, 0x00200840, 0x00200800, 0x80000800,
+);
+@SP7=(
+0x04100010, 0x04104000, 0x00004010, 0x00000000,
+0x04004000, 0x00100010, 0x04100000, 0x04104010,
+0x00000010, 0x04000000, 0x00104000, 0x00004010,
+0x00104010, 0x04004010, 0x04000010, 0x04100000,
+0x00004000, 0x00104010, 0x00100010, 0x04004000,
+0x04104010, 0x04000010, 0x00000000, 0x00104000,
+0x04000000, 0x00100000, 0x04004010, 0x04100010,
+0x00100000, 0x00004000, 0x04104000, 0x00000010,
+0x00100000, 0x00004000, 0x04000010, 0x04104010,
+0x00004010, 0x04000000, 0x00000000, 0x00104000,
+0x04100010, 0x04004010, 0x04004000, 0x00100010,
+0x04104000, 0x00000010, 0x00100010, 0x04004000,
+0x04104010, 0x00100000, 0x04100000, 0x04000010,
+0x00104000, 0x00004010, 0x04004010, 0x04100000,
+0x00000010, 0x04104000, 0x00104010, 0x00000000,
+0x04000000, 0x04100010, 0x00004000, 0x00104010,
+);
+
+sub main'des_set_key
+	{
+	local($param)=@_;
+	local(@key);
+	local($c,$d,$i,$s,$t);
+	local(@ks)=();
+
+	# Get the bytes in the order we want.
+	@key=unpack("C8",$param);
+
+	$c=	($key[0]    )|
+		($key[1]<< 8)|
+		($key[2]<<16)|
+		($key[3]<<24);
+	$d=	($key[4]    )|
+		($key[5]<< 8)|
+		($key[6]<<16)|
+		($key[7]<<24);
+
+	&doPC1(*c,*d);
+
+	for $i (@shifts2)
+		{
+		if ($i)
+			{
+			$c=($c>>2)|($c<<26);
+			$d=($d>>2)|($d<<26);
+			}
+		else
+			{
+			$c=($c>>1)|($c<<27);
+			$d=($d>>1)|($d<<27);
+			}
+		$c&=0x0fffffff;
+		$d&=0x0fffffff;
+		$s=	$skb0[ ($c    )&0x3f                 ]|
+			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
+			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
+			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
+					     (($c>>22)&0x38)];
+		$t=     $skb4[ ($d    )&0x3f                ]|
+			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
+			$skb6[ ($d>>15)&0x3f                 ]|
+			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
+		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
+		$s=      (($s>>16)&0x0000ffff)|($t&0xffff0000) ;
+		push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff);
+		}
+	@ks;
+	}
+
+sub doPC1
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>>4)^$a)&0x0f0f0f0f;
+	$b^=($t<<4); $a^=$t;
+	# do $a first 
+	$t=(($a<<18)^$a)&0xcccc0000;
+	$a=$a^$t^(($t>>18)&0x00003fff);
+	$t=(($a<<17)^$a)&0xaaaa0000;
+	$a=$a^$t^(($t>>17)&0x00007fff);
+	$t=(($a<< 8)^$a)&0x00ff0000;
+	$a=$a^$t^(($t>> 8)&0x00ffffff);
+	$t=(($a<<17)^$a)&0xaaaa0000;
+	$a=$a^$t^(($t>>17)&0x00007fff);
+
+	# now do $b
+	$t=(($b<<24)^$b)&0xff000000;
+	$b=$b^$t^(($t>>24)&0x000000ff);
+	$t=(($b<< 8)^$b)&0x00ff0000;
+	$b=$b^$t^(($t>> 8)&0x00ffffff);
+	$t=(($b<<14)^$b)&0x33330000;
+	$b=$b^$t^(($t>>14)&0x0003ffff);
+	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
+	$b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff);
+	$a&=0x0fffffff;
+	}
+
+sub doIP
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+	$b^=($t<< 4); $a^=$t;
+	$t=(($a>>16)^$b)&0x0000ffff;
+	$a^=($t<<16); $b^=$t;
+	$t=(($b>> 2)^$a)&0x33333333;
+	$b^=($t<< 2); $a^=$t;
+	$t=(($a>> 8)^$b)&0x00ff00ff;
+	$a^=($t<< 8); $b^=$t;
+	$t=(($b>> 1)^$a)&0x55555555;
+	$b^=($t<< 1); $a^=$t;
+	$t=$a;
+	$a=$b&0xffffffff;
+	$b=$t&0xffffffff;
+	}
+
+sub doFP
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>> 1)^$a)&0x55555555;
+	$b^=($t<< 1); $a^=$t;
+	$t=(($a>> 8)^$b)&0x00ff00ff;
+	$a^=($t<< 8); $b^=$t;
+	$t=(($b>> 2)^$a)&0x33333333;
+	$b^=($t<< 2); $a^=$t;
+	$t=(($a>>16)^$b)&0x0000ffff;
+	$a^=($t<<16); $b^=$t;
+	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+	$b^=($t<< 4); $a^=$t;
+	$a&=0xffffffff;
+	$b&=0xffffffff;
+	}
+
+sub main'des_ecb_encrypt
+	{
+	local(*ks,$encrypt,$in)=@_;
+	local($l,$r,$i,$t,$u,@input);
+	
+	@input=unpack("C8",$in);
+	# Get the bytes in the order we want.
+	$l=	($input[0]    )|
+		($input[1]<< 8)|
+		($input[2]<<16)|
+		($input[3]<<24);
+	$r=	($input[4]    )|
+		($input[5]<< 8)|
+		($input[6]<<16)|
+		($input[7]<<24);
+
+	$l&=0xffffffff;
+	$r&=0xffffffff;
+	&doIP(*l,*r);
+	if ($encrypt)
+		{
+		for ($i=0; $i<32; $i+=4)
+			{
+			$t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001));
+			$u=$t^$ks[$i  ];
+			$t=$t^$ks[$i+1];
+			$t2=(($t&0x0000000f)<<28);
+
+			$t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28));
+			$l^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+
+			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i+2];
+			$t=$t^$ks[$i+3];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$r^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+			}
+		}
+	else	
+		{
+		for ($i=30; $i>0; $i-=4)
+			{
+			$t=(($r<<1)|(($r>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i  ];
+			$t=$t^$ks[$i+1];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$l^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+
+			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i-2];
+			$t=$t^$ks[$i-1];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$r^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+			}
+		}
+	&doFP(*l,*r);
+	pack("C8",$l&0xff, 
+	          ($l>> 8)&0x00ffffff,
+	          ($l>>16)&0x0000ffff,
+		  ($l>>24)&0x000000ff,
+		  $r&0xff,
+	          ($r>> 8)&0x00ffffff,
+	          ($r>>16)&0x0000ffff,
+		  ($r>>24)&0x000000ff);
+	}
diff --git a/crypto/des/des_crypt.man b/crypto/des/des_crypt.man
new file mode 100644
index 0000000000000000000000000000000000000000..0ecc416877fe6d7c8b2416dd546b615d665b325e
--- /dev/null
+++ b/crypto/des/des_crypt.man
@@ -0,0 +1,508 @@
+.TH DES_CRYPT 3 
+.SH NAME
+des_read_password, des_read_2password,
+des_string_to_key, des_string_to_2key, des_read_pw_string,
+des_random_key, des_set_key,
+des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
+des_3cbc_encrypt,
+des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
+des_cbc_cksum, des_quad_cksum,
+des_enc_read, des_enc_write, des_set_odd_parity,
+des_is_weak_key, crypt \- (non USA) DES encryption
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include 
+.PP
+.B int des_read_password(key,prompt,verify)
+des_cblock *key;
+char *prompt;
+int verify;
+.PP
+.B int des_read_2password(key1,key2,prompt,verify)
+des_cblock *key1,*key2;
+char *prompt;
+int verify;
+.PP
+.B int des_string_to_key(str,key)
+char *str;
+des_cblock *key;
+.PP
+.B int des_string_to_2keys(str,key1,key2)
+char *str;
+des_cblock *key1,*key2;
+.PP
+.B int des_read_pw_string(buf,length,prompt,verify)
+char *buf;
+int length;
+char *prompt;
+int verify;
+.PP
+.B int des_random_key(key)
+des_cblock *key;
+.PP
+.B int des_set_key(key,schedule)
+des_cblock *key;
+des_key_schedule schedule;
+.PP
+.B int des_key_sched(key,schedule)
+des_cblock *key;
+des_key_schedule schedule;
+.PP
+.B int des_ecb_encrypt(input,output,schedule,encrypt)
+des_cblock *input;
+des_cblock *output;
+des_key_schedule schedule;
+int encrypt;
+.PP
+.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
+des_cblock *input;
+des_cblock *output;
+des_key_schedule ks1,ks2;
+int encrypt;
+.PP
+.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule sk1;
+des_key_schedule sk2;
+des_cblock *ivec1;
+des_cblock *ivec2;
+int encrypt;
+.PP
+.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
+unsigned char *input;
+unsigned char *output;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
+unsigned char *input,*output;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+.PP
+.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+.PP
+.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
+des_cblock *input;
+des_cblock *output;
+long length;
+int out_count;
+des_cblock *seed;
+.PP
+.B int des_check_key;
+.PP
+.B int des_enc_read(fd,buf,len,sched,iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock *iv;
+.PP
+.B int des_enc_write(fd,buf,len,sched,iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock *iv;
+.PP
+.B extern int des_rw_mode;
+.PP
+.B void des_set_odd_parity(key)
+des_cblock *key;
+.PP
+.B int des_is_weak_key(key)
+des_cblock *key;
+.PP
+.B char *crypt(passwd,salt)
+char *passwd;
+char *salt;
+.PP
+.fi
+.SH DESCRIPTION
+This library contains a fast implementation of the DES encryption
+algorithm.
+.PP
+There are two phases to the use of DES encryption.
+The first is the generation of a
+.I des_key_schedule
+from a key,
+the second is the actual encryption.
+A des key is of type
+.I des_cblock.
+This type is made from 8 characters with odd parity.
+The least significant bit in the character is the parity bit.
+The key schedule is an expanded form of the key; it is used to speed the
+encryption process.
+.PP
+.I des_read_password
+writes the string specified by prompt to the standard output,
+turns off echo and reads an input string from standard input
+until terminated with a newline.
+If verify is non-zero, it prompts and reads the input again and verifies
+that both entered passwords are the same.
+The entered string is converted into a des key by using the
+.I des_string_to_key
+routine.
+The new key is placed in the
+.I des_cblock
+that was passed (by reference) to the routine.
+If there were no errors,
+.I des_read_password
+returns 0,
+-1 is returned if there was a terminal error and 1 is returned for
+any other error.
+.PP
+.I des_read_2password
+operates in the same way as
+.I des_read_password
+except that it generates 2 keys by using the
+.I des_string_to_2key
+function.
+.PP
+.I des_read_pw_string
+is called by
+.I des_read_password
+to read and verify a string from a terminal device.
+The string is returned in
+.I buf.
+The size of
+.I buf
+is passed to the routine via the
+.I length
+parameter.
+.PP
+.I des_string_to_key
+converts a string into a valid des key.
+.PP
+.I des_string_to_2key
+converts a string into 2 valid des keys.
+This routine is best suited for used to generate keys for use with
+.I des_ecb3_encrypt.
+.PP
+.I des_random_key
+returns a random key that is made of a combination of process id,
+time and an increasing counter.
+.PP
+Before a des key can be used it is converted into a
+.I des_key_schedule
+via the
+.I des_set_key
+routine.
+If the
+.I des_check_key
+flag is non-zero,
+.I des_set_key
+will check that the key passed is of odd parity and is not a week or
+semi-weak key.
+If the parity is wrong,
+then -1 is returned.
+If the key is a weak key,
+then -2 is returned.
+If an error is returned,
+the key schedule is not generated.
+.PP
+.I des_key_sched
+is another name for the
+.I des_set_key
+function.
+.PP
+The following routines mostly operate on an input and output stream of
+.I des_cblock's.
+.PP
+.I des_ecb_encrypt
+is the basic DES encryption routine that encrypts or decrypts a single 8-byte
+.I des_cblock
+in
+.I electronic code book
+mode.
+It always transforms the input data, pointed to by
+.I input,
+into the output data,
+pointed to by the
+.I output
+argument.
+If the
+.I encrypt
+argument is non-zero (DES_ENCRYPT),
+the
+.I input
+(cleartext) is encrypted in to the
+.I output
+(ciphertext) using the key_schedule specified by the
+.I schedule
+argument,
+previously set via
+.I des_set_key.
+If
+.I encrypt
+is zero (DES_DECRYPT),
+the
+.I input
+(now ciphertext)
+is decrypted into the
+.I output
+(now cleartext).
+Input and output may overlap.
+No meaningful value is returned.
+.PP
+.I des_ecb3_encrypt
+encrypts/decrypts the
+.I input
+block by using triple ecb DES encryption.
+This involves encrypting the input with 
+.I ks1,
+decryption with the key schedule
+.I ks2,
+and then encryption with the first again.
+This routine greatly reduces the chances of brute force breaking of
+DES and has the advantage of if
+.I ks1
+and
+.I ks2
+are the same, it is equivalent to just encryption using ecb mode and
+.I ks1
+as the key.
+.PP
+.I des_cbc_encrypt
+encrypts/decrypts using the
+.I cipher-block-chaining
+mode of DES.
+If the
+.I encrypt
+argument is non-zero,
+the routine cipher-block-chain encrypts the cleartext data pointed to by the
+.I input
+argument into the ciphertext pointed to by the
+.I output
+argument,
+using the key schedule provided by the
+.I schedule
+argument,
+and initialisation vector provided by the
+.I ivec
+argument.
+If the
+.I length
+argument is not an integral multiple of eight bytes, 
+the last block is copied to a temporary area and zero filled.
+The output is always
+an integral multiple of eight bytes.
+To make multiple cbc encrypt calls on a large amount of data appear to
+be one 
+.I des_cbc_encrypt
+call, the
+.I ivec
+of subsequent calls should be the last 8 bytes of the output.
+.PP
+.I des_3cbc_encrypt
+encrypts/decrypts the
+.I input
+block by using triple cbc DES encryption.
+This involves encrypting the input with key schedule
+.I ks1,
+decryption with the key schedule
+.I ks2,
+and then encryption with the first again.
+2 initialisation vectors are required,
+.I ivec1
+and
+.I ivec2.
+Unlike
+.I des_cbc_encrypt,
+these initialisation vectors are modified by the subroutine.
+This routine greatly reduces the chances of brute force breaking of
+DES and has the advantage of if
+.I ks1
+and
+.I ks2
+are the same, it is equivalent to just encryption using cbc mode and
+.I ks1
+as the key.
+.PP
+.I des_pcbc_encrypt
+encrypt/decrypts using a modified block chaining mode.
+It provides better error propagation characteristics than cbc
+encryption.
+.PP
+.I des_cfb_encrypt
+encrypt/decrypts using cipher feedback mode.  This method takes an
+array of characters as input and outputs and array of characters.  It
+does not require any padding to 8 character groups.  Note: the ivec
+variable is changed and the new changed value needs to be passed to
+the next call to this function.  Since this function runs a complete
+DES ecb encryption per numbits, this function is only suggested for
+use when sending small numbers of characters.
+.PP
+.I des_ofb_encrypt
+encrypt using output feedback mode.  This method takes an
+array of characters as input and outputs and array of characters.  It
+does not require any padding to 8 character groups.  Note: the ivec
+variable is changed and the new changed value needs to be passed to
+the next call to this function.  Since this function runs a complete
+DES ecb encryption per numbits, this function is only suggested for
+use when sending small numbers of characters.
+.PP
+.I des_cbc_cksum
+produces an 8 byte checksum based on the input stream (via cbc encryption).
+The last 4 bytes of the checksum is returned and the complete 8 bytes is
+placed in
+.I output.
+.PP
+.I des_quad_cksum
+returns a 4 byte checksum from the input bytes.
+The algorithm can be iterated over the input,
+depending on
+.I out_count,
+1, 2, 3 or 4 times.
+If
+.I output
+is non-NULL,
+the 8 bytes generated by each pass are written into
+.I output.
+.PP
+.I des_enc_write
+is used to write
+.I len
+bytes
+to file descriptor
+.I fd
+from buffer
+.I buf.
+The data is encrypted via
+.I pcbc_encrypt
+(default) using
+.I sched
+for the key and
+.I iv
+as a starting vector.
+The actual data send down
+.I fd
+consists of 4 bytes (in network byte order) containing the length of the
+following encrypted data.  The encrypted data then follows, padded with random
+data out to a multiple of 8 bytes.
+.PP
+.I des_enc_read
+is used to read
+.I len
+bytes
+from file descriptor
+.I fd
+into buffer
+.I buf.
+The data being read from
+.I fd
+is assumed to have come from
+.I des_enc_write
+and is decrypted using
+.I sched
+for the key schedule and
+.I iv
+for the initial vector.
+The
+.I des_enc_read/des_enc_write
+pair can be used to read/write to files, pipes and sockets.
+I have used them in implementing a version of rlogin in which all
+data is encrypted.
+.PP
+.I des_rw_mode
+is used to specify the encryption mode to use with 
+.I des_enc_read
+and 
+.I des_end_write.
+If set to
+.I DES_PCBC_MODE
+(the default), des_pcbc_encrypt is used.
+If set to
+.I DES_CBC_MODE
+des_cbc_encrypt is used.
+These two routines and the variable are not part of the normal MIT library.
+.PP
+.I des_set_odd_parity
+sets the parity of the passed
+.I key
+to odd.  This routine is not part of the standard MIT library.
+.PP
+.I des_is_weak_key
+returns 1 is the passed key is a weak key (pick again :-),
+0 if it is ok.
+This routine is not part of the standard MIT library.
+.PP
+.I crypt
+is a replacement for the normal system crypt.
+It is much faster than the system crypt.
+.PP
+.SH FILES
+/usr/include/des.h
+.br
+/usr/lib/libdes.a
+.PP
+The encryption routines have been tested on 16bit, 32bit and 64bit
+machines of various endian and even works under VMS.
+.PP
+.SH BUGS
+.PP
+If you think this manual is sparse,
+read the des_crypt(3) manual from the MIT kerberos (or bones outside
+of the USA) distribution.
+.PP
+.I des_cfb_encrypt
+and
+.I des_ofb_encrypt
+operates on input of 8 bits.  What this means is that if you set
+numbits to 12, and length to 2, the first 12 bits will come from the 1st
+input byte and the low half of the second input byte.  The second 12
+bits will have the low 8 bits taken from the 3rd input byte and the
+top 4 bits taken from the 4th input byte.  The same holds for output.
+This function has been implemented this way because most people will
+be using a multiple of 8 and because once you get into pulling bytes input
+bytes apart things get ugly!
+.PP
+.I des_read_pw_string
+is the most machine/OS dependent function and normally generates the
+most problems when porting this code.
+.PP
+.I des_string_to_key
+is probably different from the MIT version since there are lots
+of fun ways to implement one-way encryption of a text string.
+.PP
+The routines are optimised for 32 bit machines and so are not efficient
+on IBM PCs.
+.PP
+NOTE: extensive work has been done on this library since this document
+was origionally written.  Please try to read des.doc from the libdes
+distribution since it is far more upto date and documents more of the
+functions.  Libdes is now also being shipped as part of SSLeay, a
+general cryptographic library that amonst other things implements
+netscapes SSL protocoll.  The most recent version can be found in
+SSLeay distributions.
+.SH AUTHOR
+Eric Young (eay@cryptsoft.com)
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..b04e12dc293662767d2532f01d12e9139ac4531e
--- /dev/null
+++ b/crypto/des/des_enc.c
@@ -0,0 +1,301 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_encrypt(data, ks, enc)
+DES_LONG *data;
+des_key_schedule ks;
+int enc;
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+	register int i;
+#endif
+	register DES_LONG *s;
+
+	r=data[0];
+	l=data[1];
+
+	IP(r,l);
+	/* Things have been modified so that the initial rotate is
+	 * done outside the loop.  This required the
+	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * One perl script later and things have a 5% speed up on a sparc2.
+	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	 * for pointing this out. */
+	/* clear the top bits on machines with 8byte longs */
+	/* shift left by 2 */
+	r=ROTATE(r,29)&0xffffffffL;
+	l=ROTATE(l,29)&0xffffffffL;
+
+	s=(DES_LONG *)ks;
+	/* I don't know if it is worth the effort of loop unrolling the
+	 * inner loop */
+	if (enc)
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#else
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  3 */
+			D_ENCRYPT(r,l,i+6); /*  4 */
+			}
+#endif
+		}
+	else
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r,30); /* 16 */
+		D_ENCRYPT(r,l,28); /* 15 */
+		D_ENCRYPT(l,r,26); /* 14 */
+		D_ENCRYPT(r,l,24); /* 13 */
+		D_ENCRYPT(l,r,22); /* 12 */
+		D_ENCRYPT(r,l,20); /* 11 */
+		D_ENCRYPT(l,r,18); /* 10 */
+		D_ENCRYPT(r,l,16); /*  9 */
+		D_ENCRYPT(l,r,14); /*  8 */
+		D_ENCRYPT(r,l,12); /*  7 */
+		D_ENCRYPT(l,r,10); /*  6 */
+		D_ENCRYPT(r,l, 8); /*  5 */
+		D_ENCRYPT(l,r, 6); /*  4 */
+		D_ENCRYPT(r,l, 4); /*  3 */
+		D_ENCRYPT(l,r, 2); /*  2 */
+		D_ENCRYPT(r,l, 0); /*  1 */
+#else
+		for (i=30; i>0; i-=8)
+			{
+			D_ENCRYPT(l,r,i-0); /* 16 */
+			D_ENCRYPT(r,l,i-2); /* 15 */
+			D_ENCRYPT(l,r,i-4); /* 14 */
+			D_ENCRYPT(r,l,i-6); /* 13 */
+			}
+#endif
+		}
+
+	/* rotate and clear the top bits on machines with 8byte longs */
+	l=ROTATE(l,3)&0xffffffffL;
+	r=ROTATE(r,3)&0xffffffffL;
+
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	l=r=t=u=0;
+	}
+
+void des_encrypt2(data, ks, enc)
+DES_LONG *data;
+des_key_schedule ks;
+int enc;
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+	register int i;
+#endif
+	register DES_LONG *s;
+
+	r=data[0];
+	l=data[1];
+
+	/* Things have been modified so that the initial rotate is
+	 * done outside the loop.  This required the
+	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * One perl script later and things have a 5% speed up on a sparc2.
+	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	 * for pointing this out. */
+	/* clear the top bits on machines with 8byte longs */
+	r=ROTATE(r,29)&0xffffffff;
+	l=ROTATE(l,29)&0xffffffff;
+
+	s=(DES_LONG *)ks;
+	/* I don't know if it is worth the effort of loop unrolling the
+	 * inner loop */
+	if (enc)
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#else
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  3 */
+			D_ENCRYPT(r,l,i+6); /*  4 */
+			}
+#endif
+		}
+	else
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r,30); /* 16 */
+		D_ENCRYPT(r,l,28); /* 15 */
+		D_ENCRYPT(l,r,26); /* 14 */
+		D_ENCRYPT(r,l,24); /* 13 */
+		D_ENCRYPT(l,r,22); /* 12 */
+		D_ENCRYPT(r,l,20); /* 11 */
+		D_ENCRYPT(l,r,18); /* 10 */
+		D_ENCRYPT(r,l,16); /*  9 */
+		D_ENCRYPT(l,r,14); /*  8 */
+		D_ENCRYPT(r,l,12); /*  7 */
+		D_ENCRYPT(l,r,10); /*  6 */
+		D_ENCRYPT(r,l, 8); /*  5 */
+		D_ENCRYPT(l,r, 6); /*  4 */
+		D_ENCRYPT(r,l, 4); /*  3 */
+		D_ENCRYPT(l,r, 2); /*  2 */
+		D_ENCRYPT(r,l, 0); /*  1 */
+#else
+		for (i=30; i>0; i-=8)
+			{
+			D_ENCRYPT(l,r,i-0); /* 16 */
+			D_ENCRYPT(r,l,i-2); /* 15 */
+			D_ENCRYPT(l,r,i-4); /* 14 */
+			D_ENCRYPT(r,l,i-6); /* 13 */
+			}
+#endif
+		}
+	/* rotate and clear the top bits on machines with 8byte longs */
+	data[0]=ROTATE(l,3)&0xffffffff;
+	data[1]=ROTATE(r,3)&0xffffffff;
+	l=r=t=u=0;
+	}
+
+void des_encrypt3(data,ks1,ks2,ks3)
+DES_LONG *data;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+	{
+	register DES_LONG l,r;
+
+	l=data[0];
+	r=data[1];
+	IP(l,r);
+	data[0]=l;
+	data[1]=r;
+	des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+	des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+	des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+	l=data[0];
+	r=data[1];
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	}
+
+void des_decrypt3(data,ks1,ks2,ks3)
+DES_LONG *data;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+	{
+	register DES_LONG l,r;
+
+	l=data[0];
+	r=data[1];
+	IP(l,r);
+	data[0]=l;
+	data[1]=r;
+	des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+	des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+	des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+	l=data[0];
+	r=data[1];
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	}
+
diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
new file mode 100644
index 0000000000000000000000000000000000000000..e2e503cbed71b030ca37b7a8ed132a557c069a9f
--- /dev/null
+++ b/crypto/des/des_locl.h
@@ -0,0 +1,516 @@
+/* crypto/des/des_locl.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * Always modify des_locl.org since des_locl.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#if defined(WIN32) || defined(WIN16)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include 
+#include 
+#ifndef MSDOS
+#include 
+#endif
+#include "des.h"
+
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman 
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+  #define DES_PTR
+  #define DES_RISC1
+  #define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+  #define DES_PTR
+  #define DES_RISC2
+  #define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+  #define DES_PTR
+  #define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+  #define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+  #define DES_PTR
+  #define DES_RISC2
+  #define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+  #define DES_PTR
+  #define DES_RISC1
+  #define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+
+#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#include 
+#include 
+#include 
+#include 
+#ifndef RAND
+#define RAND
+#endif
+#undef NOPROTO
+#endif
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include 
+#endif
+
+#ifndef RAND
+#define RAND
+#endif
+
+#ifdef linux
+#undef RAND
+#endif
+
+#ifdef MSDOS
+#define getpid() 2
+#define RAND
+#undef NOPROTO
+#endif
+
+#if defined(NOCONST)
+#define const
+#endif
+
+#ifdef __STDC__
+#undef NOPROTO
+#endif
+
+#ifdef RAND
+#define srandom(s) srand(s)
+#define random rand
+#endif
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE	(1024*16)
+#define BSIZE		(MAXWRITE+4)
+
+#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 5: l2|=((DES_LONG)(*(--(c))));     \
+			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 1: l1|=((DES_LONG)(*(--(c))));     \
+				} \
+			}
+
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+#if defined(WIN32)
+#define	ROTATE(a,n)	(_lrotr(a,n))
+#else
+#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	t=R^(R>>16L); \
+	u=t&E0; t&=E1; \
+	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	u=R^s[S  ]; \
+	t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * Inspired by Dana How 
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together.  This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	u>>=16L; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	u3=(int)(u>>8L); \
+	u1=(int)u&0xfc; \
+	u3&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	t>>=16L; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	u3=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u3&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	s1=(int)(u>>16L); \
+	s2=(int)(u>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	s1=(int)(t>>16L); \
+	s2=(int)(t>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^= \
+	*(DES_LONG *)((unsigned char *)des_SP      +((u     )&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x100+((t     )&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	u>>=16L; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	u3=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[4][u1]; \
+	LL^=des_SPtrans[6][u3]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	t>>=16L; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	u3=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[5][u1]; \
+	LL^=des_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	s1=(int)u>>16L; \
+	s2=(int)u>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[4][s1]; \
+	LL^=des_SPtrans[6][s2]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	s1=(int)t>>16; \
+	s2=(int)t>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[5][s1]; \
+	LL^=des_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^=\
+		des_SPtrans[0][(u>> 2L)&0x3f]^ \
+		des_SPtrans[2][(u>>10L)&0x3f]^ \
+		des_SPtrans[4][(u>>18L)&0x3f]^ \
+		des_SPtrans[6][(u>>26L)&0x3f]^ \
+		des_SPtrans[1][(t>> 2L)&0x3f]^ \
+		des_SPtrans[3][(t>>10L)&0x3f]^ \
+		des_SPtrans[5][(t>>18L)&0x3f]^ \
+		des_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+	/* IP and FP
+	 * The problem is more of a geometric problem that random bit fiddling.
+	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+	The output has been subject to swaps of the form
+	0 1 -> 3 1 but the odd and even bits have been put into
+	2 3    2 0
+	different words.  The main trick is to remember that
+	t=((l>>size)^r)&(mask);
+	r^=t;
+	l^=(t<>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#define IP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+	PERM_OP(l,r,tt,16,0x0000ffffL); \
+	PERM_OP(r,l,tt, 2,0x33333333L); \
+	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+	PERM_OP(r,l,tt, 1,0x55555555L); \
+	}
+
+#define FP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(l,r,tt, 1,0x55555555L); \
+	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+	PERM_OP(l,r,tt, 2,0x33333333L); \
+	PERM_OP(r,l,tt,16,0x0000ffffL); \
+	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+	}
+
+extern const DES_LONG des_SPtrans[8][64];
+
+#ifndef NOPROTO
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+#else
+void fcrypt_body();
+#endif
+
+#endif
diff --git a/crypto/des/des_locl.org b/crypto/des/des_locl.org
new file mode 100644
index 0000000000000000000000000000000000000000..e2e503cbed71b030ca37b7a8ed132a557c069a9f
--- /dev/null
+++ b/crypto/des/des_locl.org
@@ -0,0 +1,516 @@
+/* crypto/des/des_locl.org */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * Always modify des_locl.org since des_locl.h is automatically generated from
+ * it during SSLeay configuration.
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#if defined(WIN32) || defined(WIN16)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include 
+#include 
+#ifndef MSDOS
+#include 
+#endif
+#include "des.h"
+
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman 
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+  #define DES_PTR
+  #define DES_RISC1
+  #define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+  #define DES_PTR
+  #define DES_RISC2
+  #define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+  #define DES_PTR
+  #define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+  #define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+  #define DES_PTR
+  #define DES_RISC2
+  #define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+  #define DES_PTR
+  #define DES_RISC1
+  #define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+
+#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#include 
+#include 
+#include 
+#include 
+#ifndef RAND
+#define RAND
+#endif
+#undef NOPROTO
+#endif
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include 
+#endif
+
+#ifndef RAND
+#define RAND
+#endif
+
+#ifdef linux
+#undef RAND
+#endif
+
+#ifdef MSDOS
+#define getpid() 2
+#define RAND
+#undef NOPROTO
+#endif
+
+#if defined(NOCONST)
+#define const
+#endif
+
+#ifdef __STDC__
+#undef NOPROTO
+#endif
+
+#ifdef RAND
+#define srandom(s) srand(s)
+#define random rand
+#endif
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE	(1024*16)
+#define BSIZE		(MAXWRITE+4)
+
+#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 5: l2|=((DES_LONG)(*(--(c))));     \
+			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 1: l1|=((DES_LONG)(*(--(c))));     \
+				} \
+			}
+
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+#if defined(WIN32)
+#define	ROTATE(a,n)	(_lrotr(a,n))
+#else
+#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	t=R^(R>>16L); \
+	u=t&E0; t&=E1; \
+	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	u=R^s[S  ]; \
+	t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * Inspired by Dana How 
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together.  This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	u>>=16L; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	u3=(int)(u>>8L); \
+	u1=(int)u&0xfc; \
+	u3&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	t>>=16L; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	u3=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u3&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	s1=(int)(u>>16L); \
+	s2=(int)(u>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	s1=(int)(t>>16L); \
+	s2=(int)(t>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^= \
+	*(DES_LONG *)((unsigned char *)des_SP      +((u     )&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x100+((t     )&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	u>>=16L; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	u3=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[4][u1]; \
+	LL^=des_SPtrans[6][u3]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	t>>=16L; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	u3=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[5][u1]; \
+	LL^=des_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	s1=(int)u>>16L; \
+	s2=(int)u>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[4][s1]; \
+	LL^=des_SPtrans[6][s2]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	s1=(int)t>>16; \
+	s2=(int)t>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[5][s1]; \
+	LL^=des_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^=\
+		des_SPtrans[0][(u>> 2L)&0x3f]^ \
+		des_SPtrans[2][(u>>10L)&0x3f]^ \
+		des_SPtrans[4][(u>>18L)&0x3f]^ \
+		des_SPtrans[6][(u>>26L)&0x3f]^ \
+		des_SPtrans[1][(t>> 2L)&0x3f]^ \
+		des_SPtrans[3][(t>>10L)&0x3f]^ \
+		des_SPtrans[5][(t>>18L)&0x3f]^ \
+		des_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+	/* IP and FP
+	 * The problem is more of a geometric problem that random bit fiddling.
+	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+	The output has been subject to swaps of the form
+	0 1 -> 3 1 but the odd and even bits have been put into
+	2 3    2 0
+	different words.  The main trick is to remember that
+	t=((l>>size)^r)&(mask);
+	r^=t;
+	l^=(t<>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#define IP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+	PERM_OP(l,r,tt,16,0x0000ffffL); \
+	PERM_OP(r,l,tt, 2,0x33333333L); \
+	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+	PERM_OP(r,l,tt, 1,0x55555555L); \
+	}
+
+#define FP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(l,r,tt, 1,0x55555555L); \
+	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+	PERM_OP(l,r,tt, 2,0x33333333L); \
+	PERM_OP(r,l,tt,16,0x0000ffffL); \
+	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+	}
+
+extern const DES_LONG des_SPtrans[8][64];
+
+#ifndef NOPROTO
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+#else
+void fcrypt_body();
+#endif
+
+#endif
diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c
new file mode 100644
index 0000000000000000000000000000000000000000..8522c28a6e309d295d90e4855596889042f57217
--- /dev/null
+++ b/crypto/des/des_opts.c
@@ -0,0 +1,620 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#include 
+#ifndef MSDOS
+#include 
+#else
+#include 
+extern void exit();
+#endif
+#include 
+#ifndef VMS
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+#else /* VMS */
+#include 
+struct tms {
+	time_t tms_utime;
+	time_t tms_stime;
+	time_t tms_uchild;	/* I dunno...  */
+	time_t tms_uchildsys;	/* so these names are a guess :-) */
+	}
+#endif
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef sun
+#include 
+#include 
+#endif
+
+#include "des.h"
+#include "spr.h"
+
+#define DES_DEFAULT_OPTIONS
+
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+
+#ifdef PART1
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt2 des_encrypt2_u4_cisc_idx
+#define des_encrypt3 des_encrypt3_u4_cisc_idx
+#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt2 des_encrypt2_u16_cisc_idx
+#define des_encrypt3 des_encrypt3_u16_cisc_idx
+#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt2 des_encrypt2_u4_risc1_idx
+#define des_encrypt3 des_encrypt3_u4_risc1_idx
+#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART2
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt2 des_encrypt2_u4_risc2_idx
+#define des_encrypt3 des_encrypt3_u4_risc2_idx
+#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt2 des_encrypt2_u16_risc1_idx
+#define des_encrypt3 des_encrypt3_u16_risc1_idx
+#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt2 des_encrypt2_u16_risc2_idx
+#define des_encrypt3 des_encrypt3_u16_risc2_idx
+#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART3
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt2 des_encrypt2_u4_cisc_ptr
+#define des_encrypt3 des_encrypt3_u4_cisc_ptr
+#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt2 des_encrypt2_u16_cisc_ptr
+#define des_encrypt3 des_encrypt3_u16_cisc_ptr
+#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt2 des_encrypt2_u4_risc1_ptr
+#define des_encrypt3 des_encrypt3_u4_risc1_ptr
+#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART4
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt2 des_encrypt2_u4_risc2_ptr
+#define des_encrypt3 des_encrypt3_u4_risc2_ptr
+#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt2 des_encrypt2_u16_risc1_ptr
+#define des_encrypt3 des_encrypt3_u16_risc1_ptr
+#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt2 des_encrypt2_u16_risc2_ptr
+#define des_encrypt3 des_encrypt3_u16_risc2_ptr
+#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ	100.0
+#   else /* VMS */
+#    define HZ	100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+
+SIGRETTYPE sig_done(sig)
+int sig;
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(s)
+int s;
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+	
+#define time_it(func,name,index) \
+	print_name(name); \
+	Time_F(START); \
+	for (count=0,run=1; COND(cb); count++) \
+		{ \
+		unsigned long d[2]; \
+		func(d,&(sch[0]),DES_ENCRYPT); \
+		} \
+	tm[index]=Time_F(STOP); \
+	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+	tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+		tm[index]*8,1.0e6/tm[index]);
+
+int main(argc,argv)
+int argc;
+char **argv;
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+	double d,tm[16],max=0;
+	int rank[16];
+	char *str[16];
+	int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+	long ca,cb,cc,cd,ce;
+#endif
+
+	for (i=0; i<12; i++)
+		{
+		tm[i]=0.0;
+		rank[i]=0;
+		}
+
+#ifndef TIMES
+	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+	des_set_key((C_Block *)key,sch);
+	des_set_key((C_Block *)key2,sch2);
+	des_set_key((C_Block *)key3,sch3);
+
+#ifndef SIGALRM
+	fprintf(stderr,"First we calculate the approximate speed ...\n");
+	des_set_key((C_Block *)key,sch);
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+
+	ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+#ifdef PART1
+	time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+	time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+	time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+	num+=3;
+#endif
+#ifdef PART2
+	time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+	time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+	time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+	num+=3;
+#endif
+#ifdef PART3
+	time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+	time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+	time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+	num+=3;
+#endif
+#ifdef PART4
+	time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+	time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+	time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+	num+=3;
+#endif
+
+#ifdef PART1
+	str[0]=" 4  c i";
+	print_it("des_encrypt_u4_cisc_idx  ",0);
+	max=tm[0];
+	max_idx=0;
+	str[1]="16  c i";
+	print_it("des_encrypt_u16_cisc_idx ",1);
+	if (max < tm[1]) { max=tm[1]; max_idx=1; }
+	str[2]=" 4 r1 i";
+	print_it("des_encrypt_u4_risc1_idx ",2);
+	if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+	str[3]="16 r1 i";
+	print_it("des_encrypt_u16_risc1_idx",3);
+	if (max < tm[3]) { max=tm[3]; max_idx=3; }
+	str[4]=" 4 r2 i";
+	print_it("des_encrypt_u4_risc2_idx ",4);
+	if (max < tm[4]) { max=tm[4]; max_idx=4; }
+	str[5]="16 r2 i";
+	print_it("des_encrypt_u16_risc2_idx",5);
+	if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+	str[6]=" 4  c p";
+	print_it("des_encrypt_u4_cisc_ptr  ",6);
+	if (max < tm[6]) { max=tm[6]; max_idx=6; }
+	str[7]="16  c p";
+	print_it("des_encrypt_u16_cisc_ptr ",7);
+	if (max < tm[7]) { max=tm[7]; max_idx=7; }
+	str[8]=" 4 r1 p";
+	print_it("des_encrypt_u4_risc1_ptr ",8);
+	if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+	str[9]="16 r1 p";
+	print_it("des_encrypt_u16_risc1_ptr",9);
+	if (max < tm[9]) { max=tm[9]; max_idx=9; }
+	str[10]=" 4 r2 p";
+	print_it("des_encrypt_u4_risc2_ptr ",10);
+	if (max < tm[10]) { max=tm[10]; max_idx=10; }
+	str[11]="16 r2 p";
+	print_it("des_encrypt_u16_risc2_ptr",11);
+	if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+	printf("options    des ecb/s\n");
+	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+	d=tm[max_idx];
+	tm[max_idx]= -2.0;
+	max= -1.0;
+	for (;;)
+		{
+		for (i=0; i<12; i++)
+			{
+			if (max < tm[i]) { max=tm[i]; j=i; }
+			}
+		if (max < 0.0) break;
+		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+		tm[j]= -2.0;
+		max= -1.0;
+		}
+
+	switch (max_idx)
+		{
+	case 0:
+		printf("-DDES_DEFAULT_OPTIONS\n");
+		break;
+	case 1:
+		printf("-DDES_UNROLL\n");
+		break;
+	case 2:
+		printf("-DDES_RISC1\n");
+		break;
+	case 3:
+		printf("-DDES_UNROLL -DDES_RISC1\n");
+		break;
+	case 4:
+		printf("-DDES_RISC2\n");
+		break;
+	case 5:
+		printf("-DDES_UNROLL -DDES_RISC2\n");
+		break;
+	case 6:
+		printf("-DDES_PTR\n");
+		break;
+	case 7:
+		printf("-DDES_UNROLL -DDES_PTR\n");
+		break;
+	case 8:
+		printf("-DDES_RISC1 -DDES_PTR\n");
+		break;
+	case 9:
+		printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+		break;
+	case 10:
+		printf("-DDES_RISC2 -DDES_PTR\n");
+		break;
+	case 11:
+		printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+		break;
+		}
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h
new file mode 100644
index 0000000000000000000000000000000000000000..98352bc0d45461da76430fe9063392aa0cc915d1
--- /dev/null
+++ b/crypto/des/des_ver.h
@@ -0,0 +1,60 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+extern char *DES_version;	/* SSLeay version string */
+extern char *libdes_version;	/* old libdes version string */
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
new file mode 100644
index 0000000000000000000000000000000000000000..6aa582b19e614dba26845c17c0e14d197a8c97b8
--- /dev/null
+++ b/crypto/des/destest.c
@@ -0,0 +1,856 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include 
+#include 
+#ifndef MSDOS
+#include 
+#else
+#include 
+#endif
+#include 
+#include "des.h"
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+	{0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+	{0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+	{0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+	{0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+	{0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+	{0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+	{0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+	{0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+	{0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+	{0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+	{0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+	{0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+	{0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+	{0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+	{0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+	{0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+	{0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+	{0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+	{0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+	{0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+	{0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+	{0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+	{0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+	{0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+	{0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+	{0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+	{0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+	{0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+	{0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+	{0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+	{0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+	{0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+	{0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+	{0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+	{0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+	{0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+	{0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+	{0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+	{0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+	{0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+	{0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+	{0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+	{0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+	{0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+	{0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+	{0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+	{0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+	{0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+	{0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+	{0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+	{0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+	{0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+	{0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+	{0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+	{0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+	{0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+	{0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+	{0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+	{0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+	{0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+	{0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+	{0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+	{0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+	{0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+
+static unsigned char cbc_ok[32]={
+	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+	0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static unsigned char xcbc_ok[32]={
+	0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+	0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+	0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+	0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+	};
+
+static unsigned char cbc3_ok[32]={
+	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+	0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+	0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+	0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+
+static unsigned char pcbc_ok[32]={
+	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+	0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+	0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+	0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+	{
+	0x4e,0x6f,0x77,0x20,0x69,0x73,
+	0x20,0x74,0x68,0x65,0x20,0x74,
+	0x69,0x6d,0x65,0x20,0x66,0x6f,
+	0x72,0x20,0x61,0x6c,0x6c,0x20
+	};
+static unsigned char cfb_cipher8[24]= {
+	0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+	0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+	0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+	0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+	0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+	0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+	0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+	0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+	{
+	0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+	0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+	};
+
+DES_LONG cbc_cksum_ret=0xB462FEF7L;
+unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+#ifndef NOPROTO
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+#else
+static char *pt();
+static int cfb_test();
+static int cfb64_test();
+static int ede_cfb64_test();
+#endif
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	int i,j,err=0;
+	des_cblock in,out,outin,iv3;
+	des_key_schedule ks,ks2,ks3;
+	unsigned char cbc_in[40];
+	unsigned char cbc_out[40];
+	DES_LONG cs;
+	unsigned char qret[4][4],cret[8];
+	DES_LONG lqret[4];
+	int num;
+	char *str;
+
+	printf("Doing ecb\n");
+	for (i=0; i>4)&0xf];
+		ret[i*2+1]=f[p[i]&0xf];
+		}
+	ret[16]='\0';
+	return(ret);
+	}
+
+#ifndef LIBDES_LIT
+
+static int cfb_test(bits, cfb_cipher)
+int bits;
+unsigned char *cfb_cipher;
+	{
+	des_key_schedule ks;
+	int i,err=0;
+
+	des_key_sched((C_Block *)cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
+		(C_Block *)cfb_tmp,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
+		(C_Block *)cfb_tmp,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	return(err);
+	}
+
+static int cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+	{
+	des_key_schedule ks;
+	int err=0,i,n;
+
+	des_key_sched((C_Block *)cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
+		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+		(long)sizeof(plain)-12,ks,
+		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
+		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+		(long)sizeof(plain)-17,ks,
+		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf2[i])));
+		}
+	return(err);
+	}
+
+static int ede_cfb64_test(cfb_cipher)
+unsigned char *cfb_cipher;
+	{
+	des_key_schedule ks;
+	int err=0,i,n;
+
+	des_key_sched((C_Block *)cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
+		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+		(long)sizeof(plain)-12,ks,ks,ks,
+		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("ede_cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+		(long)sizeof(plain)-17,ks,ks,ks,
+		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("ede_cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf2[i])));
+		}
+	return(err);
+	}
+
+#endif
+
diff --git a/crypto/des/doIP b/crypto/des/doIP
new file mode 100644
index 0000000000000000000000000000000000000000..18cf23130364b782e4456252e403d11ede3a9898
--- /dev/null
+++ b/crypto/des/doIP
@@ -0,0 +1,46 @@
+#!/usr/local/bin/perl
+
+@l=(
+	 0, 1, 2, 3, 4, 5, 6, 7,
+	 8, 9,10,11,12,13,14,15,
+	16,17,18,19,20,21,22,23,
+	24,25,26,27,28,29,30,31
+	);
+@r=(
+	32,33,34,35,36,37,38,39,
+	40,41,42,43,44,45,46,47,
+	48,49,50,51,52,53,54,55,
+	56,57,58,59,60,61,62,63
+	);
+
+require 'shifts.pl';
+
+sub PERM_OP
+	{
+	local(*a,*b,*t,$n,$m)=@_;
+
+	@z=&shift(*a,-$n);
+	@z=&xor(*b,*z);
+	@z=&and(*z,$m);
+	@b=&xor(*b,*z);
+	@z=&shift(*z,$n);
+	@a=&xor(*a,*z);
+	}
+
+
+@L=@l;
+@R=@r;
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+&PERM_OP(*L,*R,*T,16,0x0000ffff);
+&PERM_OP(*R,*L,*T,2,0x33333333);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	&printit(@L);
+	&printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+&PERM_OP(*R,*L,*T,2,0x33333333);
+&PERM_OP(*L,*R,*T,16,0x0000ffff);
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+	&printit(@L);
+	&printit(@R);
diff --git a/crypto/des/doPC1 b/crypto/des/doPC1
new file mode 100644
index 0000000000000000000000000000000000000000..096afd8c4614e4f6475e73d9df37cd7863ce3953
--- /dev/null
+++ b/crypto/des/doPC1
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+
+@l=(
+	 0, 1, 2, 3, 4, 5, 6, 7,
+	 8, 9,10,11,12,13,14,15,
+	16,17,18,19,20,21,22,23,
+	24,25,26,27,28,29,30,31
+	);
+@r=(
+	32,33,34,35,36,37,38,39,
+	40,41,42,43,44,45,46,47,
+	48,49,50,51,52,53,54,55,
+	56,57,58,59,60,61,62,63
+	);
+
+require 'shifts.pl';
+
+sub PERM_OP
+	{
+	local(*a,*b,*t,$n,$m)=@_;
+
+	@z=&shift(*a,-$n);
+	@z=&xor(*b,*z);
+	@z=&and(*z,$m);
+	@b=&xor(*b,*z);
+	@z=&shift(*z,$n);
+	@a=&xor(*a,*z);
+	}
+
+sub HPERM_OP2
+	{
+	local(*a,*t,$n,$m)=@_;
+	local(@x,@y,$i);
+
+	@z=&shift(*a,16-$n);
+	@z=&xor(*a,*z);
+	@z=&and(*z,$m);
+	@a=&xor(*a,*z);
+	@z=&shift(*z,$n-16);
+	@a=&xor(*a,*z);
+	}
+
+sub HPERM_OP
+        {
+        local(*a,*t,$n,$m)=@_;
+        local(@x,@y,$i);
+
+        for ($i=0; $i<16; $i++)
+                {
+                $x[$i]=$a[$i];
+                $y[$i]=$a[16+$i];
+                }
+        @z=&shift(*x,-$n);
+        @z=&xor(*y,*z);
+        @z=&and(*z,$m);
+        @y=&xor(*y,*z);
+        @z=&shift(*z,$n);
+        @x=&xor(*x,*z);
+        for ($i=0; $i<16; $i++)
+                {
+                $a[$i]=$x[$i];
+                $a[16+$i]=$y[$i];
+                }
+        }
+
+@L=@l;
+@R=@r;
+
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+	print "---\n"; &printit(@R);
+&HPERM_OP2(*L,*T,-2,0xcccc0000);
+&HPERM_OP2(*R,*T,-2,0xcccc0000);
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	print "---\n"; &printit(@R);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	print "---\n"; &printit(@R);
+#	&printit(@L);
+	&printit(@R);
+print <<"EOF";
+==============================
+63  55  47  39  31  23  15   7  
+62  54  46  38  30  22  14   6  
+61  53  45  37  29  21  13   5  
+60  52  44  36  --  --  --  --  
+
+57  49  41  33  25  17   9   1  
+58  50  42  34  26  18  10   2  
+59  51  43  35  27  19  11   3  
+28  20  12   4  --  --  --  --  
+EOF
+exit(1);
+@A=&and(*R,0x000000ff);
+@A=&shift(*A,16);
+@B=&and(*R,0x0000ff00);
+@C=&and(*R,0x00ff0000);
+@C=&shift(*C,-16);
+@D=&and(*L,0xf0000000);
+@D=&shift(*D,-4);
+@A=&or(*A,*B);
+@B=&or(*D,*C);
+@R=&or(*A,*B);
+@L=&and(*L,0x0fffffff);
+
+	&printit(@L);
+	&printit(@R);
+
diff --git a/crypto/des/doPC2 b/crypto/des/doPC2
new file mode 100644
index 0000000000000000000000000000000000000000..fa5cf74cf71319dbedb4ad3ea923009b91e623e6
--- /dev/null
+++ b/crypto/des/doPC2
@@ -0,0 +1,94 @@
+#!/usr/local/bin/perl
+
+@PC2_C=(14,17,11,24, 1, 5,
+	 3,28,15, 6,21,10,
+	23,19,12, 4,26, 8,
+	16, 7,27,20,13, 2,
+	);
+
+@PC2_D=(41,52,31,37,47,55,
+	30,40,51,45,33,48,
+	44,49,39,56,34,53,
+	46,42,50,36,29,32,
+	);
+
+$i=0;
+foreach (@PC2_C) {
+	$_--;
+#	printf "%2d,",$_;
+	$C{$_}=$i;
+	++$i;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+$i=0;
+#print "\n";
+foreach (@PC2_D) {
+	$_-=28;
+	$_--;
+#	printf "%2d,",$_;
+	$D{$_}=$i;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+
+#print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$C{$i};
+#	printf "%2d,",$_;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+#print "\n";
+
+#print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$D{$i};
+#	printf "%2d,",$_;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+#print "\n";
+
+print "static ulong skb[8][64]={\n";
+&doit("C",*C, 0, 1, 2, 3, 4, 5);
+&doit("C",*C, 6, 7, 9,10,11,12);
+&doit("C",*C,13,14,15,16,18,19);
+&doit("C",*C,20,22,23,25,26,27);
+
+&doit("D",*D, 0, 1, 2, 3, 4, 5);
+&doit("D",*D, 7, 8,10,11,12,13);
+&doit("D",*D,15,16,17,18,19,20);
+&doit("D",*D,21,22,23,24,26,27);
+print "};\n";
+
+sub doit
+	{
+	local($l,*A,@b)=@_;
+	local(@out);
+
+	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
+		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
+	for ($i=0; $i<64; $i++)
+		{
+		$out[$i]=0;
+		$j=1;
+#print "\n";
+		for ($k=0; $k<6; $k++)
+			{
+			$l=$A{$b[$k]};
+#print"$l - ";
+			if ((1<<$k) & $i)
+				{
+				$ll=int($l/6)*8+($l%6);
+				$out[$i]|=1<<($ll);
+				}
+			}
+		$pp=$out[$i];
+		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
+					(($pp&0x0000ff00)<<8);
+		printf("0x%08X,",$pp);
+		print "\n" if (($i+1) % 4 == 0);
+		}
+	}
diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..28c0d886b46ccad172b6481bdf9d111e10296ee0
--- /dev/null
+++ b/crypto/des/ecb3_enc.c
@@ -0,0 +1,87 @@
+/* crypto/des/ecb3_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_ecb3_encrypt(input, output, ks1, ks2, ks3, enc)
+des_cblock (*input);
+des_cblock (*output);
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+int enc;
+	{
+	register DES_LONG l0,l1;
+	register unsigned char *in,*out;
+	DES_LONG ll[2];
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	c2l(in,l0);
+	c2l(in,l1);
+	ll[0]=l0;
+	ll[1]=l1;
+	if (enc)
+		des_encrypt3(ll,ks1,ks2,ks3);
+	else
+		des_decrypt3(ll,ks1,ks2,ks3);
+	l0=ll[0];
+	l1=ll[1];
+	l2c(l0,out);
+	l2c(l1,out);
+	}
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..fac4b41b198f705f47b6aa43299557932d0f7d0a
--- /dev/null
+++ b/crypto/des/ecb_enc.c
@@ -0,0 +1,124 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "spr.h"
+
+char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay";
+char *DES_version="DES part of SSLeay 0.8.1b 29-Jun-1998";
+
+char *des_options()
+	{
+	static int init=1;
+	static char buf[32];
+
+	if (init)
+		{
+		char *ptr,*unroll,*risc,*size;
+
+		init=0;
+#ifdef DES_PTR
+		ptr="ptr";
+#else
+		ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+		risc="risc1";
+#endif
+#ifdef DES_RISC2
+		risc="risc2";
+#endif
+#else
+		risc="cisc";
+#endif
+#ifdef DES_UNROLL
+		unroll="16";
+#else
+		unroll="4";
+#endif
+		if (sizeof(DES_LONG) != sizeof(long))
+			size="int";
+		else
+			size="long";
+		sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+		}
+	return(buf);
+	}
+		
+
+void des_ecb_encrypt(input, output, ks, enc)
+des_cblock (*input);
+des_cblock (*output);
+des_key_schedule ks;
+int enc;
+	{
+	register DES_LONG l;
+	register unsigned char *in,*out;
+	DES_LONG ll[2];
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	c2l(in,l); ll[0]=l;
+	c2l(in,l); ll[1]=l;
+	des_encrypt(ll,ks,enc);
+	l=ll[0]; l2c(l,out);
+	l=ll[1]; l2c(l,out);
+	l=ll[0]=ll[1]=0;
+	}
+
diff --git a/crypto/des/ede_enc.c b/crypto/des/ede_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..20c3cf34a9038fc7374f7727cd4a106a52409f1f
--- /dev/null
+++ b/crypto/des/ede_enc.c
@@ -0,0 +1,189 @@
+/* crypto/des/ede_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		iv=(unsigned char *)ivec;
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		register DES_LONG t0,t1;
+
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=t0;
+			xor1=t1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=t0;
+			xor1=t1;
+			}
+		iv=(unsigned char *)ivec;
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_cbc_encrypt(input, output, length, ks1, ks2, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_cblock (*ivec);
+int enc;
+	{
+	des_ede3_cbc_encrypt(input,output,length,ks1,ks2,ks1,ivec,enc);
+	}
+#endif
+
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
new file mode 100644
index 0000000000000000000000000000000000000000..3b254d0fd59d82140fc3580cc820616115c3f65e
--- /dev/null
+++ b/crypto/des/enc_read.c
@@ -0,0 +1,214 @@
+/* crypto/des/enc_read.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "des_locl.h"
+
+/* This has some uglies in it but it works - even over sockets. */
+/*extern int errno;*/
+int des_rw_mode=DES_PCBC_MODE;
+
+int des_enc_read(fd, buf, len, sched, iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock (*iv);
+	{
+	/* data to be unencrypted */
+	int net_num=0;
+	static unsigned char *net=NULL;
+	/* extra unencrypted data 
+	 * for when a block of 100 comes in but is des_read one byte at
+	 * a time. */
+	static char *unnet=NULL;
+	static int unnet_start=0;
+	static int unnet_left=0;
+	static char *tmpbuf=NULL;
+	int i;
+	long num=0,rnum;
+	unsigned char *p;
+
+	if (tmpbuf == NULL)
+		{
+		tmpbuf=(char *)malloc(BSIZE);
+		if (tmpbuf == NULL) return(-1);
+		}
+	if (net == NULL)
+		{
+		net=(unsigned char *)malloc(BSIZE);
+		if (net == NULL) return(-1);
+		}
+	if (unnet == NULL)
+		{
+		unnet=(char *)malloc(BSIZE);
+		if (unnet == NULL) return(-1);
+		}
+	/* left over data from last decrypt */
+	if (unnet_left != 0)
+		{
+		if (unnet_left < len)
+			{
+			/* we still still need more data but will return
+			 * with the number of bytes we have - should always
+			 * check the return value */
+			memcpy(buf,&(unnet[unnet_start]),
+				(unsigned int)unnet_left);
+			/* eay 26/08/92 I had the next 2 lines
+			 * reversed :-( */
+			i=unnet_left;
+			unnet_start=unnet_left=0;
+			}
+		else
+			{
+			memcpy(buf,&(unnet[unnet_start]),(unsigned int)len);
+			unnet_start+=len;
+			unnet_left-=len;
+			i=len;
+			}
+		return(i);
+		}
+
+	/* We need to get more data. */
+	if (len > MAXWRITE) len=MAXWRITE;
+
+	/* first - get the length */
+	while (net_num < HDRSIZE) 
+		{
+		i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+		if ((i == -1) && (errno == EINTR)) continue;
+		if (i <= 0) return(0);
+		net_num+=i;
+		}
+
+	/* we now have at net_num bytes in net */
+	p=net;
+	/* num=0;  */
+	n2l(p,num);
+	/* num should be rounded up to the next group of eight
+	 * we make sure that we have read a multiple of 8 bytes from the net.
+	 */
+	if ((num > MAXWRITE) || (num < 0)) /* error */
+		return(-1);
+	rnum=(num < 8)?8:((num+7)/8*8);
+
+	net_num=0;
+	while (net_num < rnum)
+		{
+		i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+		if ((i == -1) && (errno == EINTR)) continue;
+		if (i <= 0) return(0);
+		net_num+=i;
+		}
+
+	/* Check if there will be data left over. */
+	if (len < num)
+		{
+		if (des_rw_mode & DES_PCBC_MODE)
+			des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+				num,sched,iv,DES_DECRYPT);
+		else
+			des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+				num,sched,iv,DES_DECRYPT);
+		memcpy(buf,unnet,(unsigned int)len);
+		unnet_start=len;
+		unnet_left=(int)num-len;
+
+		/* The following line is done because we return num
+		 * as the number of bytes read. */
+		num=len;
+		}
+	else
+		{
+		/* >output is a multiple of 8 byes, if len < rnum
+		 * >we must be careful.  The user must be aware that this
+		 * >routine will write more bytes than he asked for.
+		 * >The length of the buffer must be correct.
+		 * FIXED - Should be ok now 18-9-90 - eay */
+		if (len < rnum)
+			{
+
+			if (des_rw_mode & DES_PCBC_MODE)
+				des_pcbc_encrypt((des_cblock *)net,
+					(des_cblock *)tmpbuf,
+					num,sched,iv,DES_DECRYPT);
+			else
+				des_cbc_encrypt((des_cblock *)net,
+					(des_cblock *)tmpbuf,
+					num,sched,iv,DES_DECRYPT);
+
+			/* eay 26/08/92 fix a bug that returned more
+			 * bytes than you asked for (returned len bytes :-( */
+			memcpy(buf,tmpbuf,(unsigned int)num);
+			}
+		else
+			{
+			if (des_rw_mode & DES_PCBC_MODE)
+				des_pcbc_encrypt((des_cblock *)net,
+					(des_cblock *)buf,num,sched,iv,
+					DES_DECRYPT);
+			else
+				des_cbc_encrypt((des_cblock *)net,
+					(des_cblock *)buf,num,sched,iv,
+					DES_DECRYPT);
+			}
+		}
+	return((int)num);
+	}
+
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
new file mode 100644
index 0000000000000000000000000000000000000000..672c745664dc47cd52a3e88c29587e34b35bd141
--- /dev/null
+++ b/crypto/des/enc_writ.c
@@ -0,0 +1,160 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "des_locl.h"
+
+int des_enc_write(fd, buf, len, sched, iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock (*iv);
+	{
+#ifdef _LIBC
+	extern int srandom();
+	extern unsigned long time();
+	extern int random();
+	extern int write();
+#endif
+
+	long rnum;
+	int i,j,k,outnum;
+	char *outbuf=NULL;
+	char shortbuf[8];
+	char *p;
+	static int start=1;
+
+	if (outbuf == NULL)
+		{
+		outbuf=(char *)malloc(BSIZE+HDRSIZE);
+		if (outbuf == NULL) return(-1);
+		}
+	/* If we are sending less than 8 bytes, the same char will look
+	 * the same if we don't pad it out with random bytes */
+	if (start)
+		{
+		start=0;
+		srandom((unsigned int)time(NULL));
+		}
+
+	/* lets recurse if we want to send the data in small chunks */
+	if (len > MAXWRITE)
+		{
+		j=0;
+		for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+			if (k < 0)
+				return(k);
+			else
+				j+=k;
+			}
+		return(j);
+		}
+
+	/* write length first */
+	p=outbuf;
+	l2n(len,p);
+
+	/* pad short strings */
+	if (len < 8)
+		{
+		p=shortbuf;
+		memcpy(shortbuf,buf,(unsigned int)len);
+		for (i=len; i<8; i++)
+			shortbuf[i]=random();
+		rnum=8;
+		}
+	else
+		{
+		p=buf;
+		rnum=((len+7)/8*8); /* round up to nearest eight */
+		}
+
+	if (des_rw_mode & DES_PCBC_MODE)
+		des_pcbc_encrypt((des_cblock *)p,
+			(des_cblock *)&(outbuf[HDRSIZE]),
+			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+	else
+		des_cbc_encrypt((des_cblock *)p,
+			(des_cblock *)&(outbuf[HDRSIZE]),
+			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+
+	/* output */
+	outnum=(int)rnum+HDRSIZE;
+
+	for (j=0; j
+
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+/* Modification by Jens Kupferschmidt (Cu)
+ * I have included directive PARA for shared memory computers.
+ * I have included a directive LONGCRYPT to using this routine to cipher
+ * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
+ * definition is the maximum of lenght of password and can changed. I have
+ * defined 24.
+ */
+
+#include "des_locl.h"
+
+/* Added more values to handle illegal salt values the way normal
+ * crypt() implementations do.  The patch was sent by 
+ * Bjorn Gronvall 
+ */
+static unsigned const char con_salt[128]={
+0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
+0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
+0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
+0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
+0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
+0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
+0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
+0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
+0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
+0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
+0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
+0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
+0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
+0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
+0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
+0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
+};
+
+static unsigned const char cov_2char[64]={
+0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+#ifndef NOPROTO
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+
+#ifdef PERL5
+char *des_crypt(const char *buf,const char *salt);
+#else
+char *crypt(const char *buf,const char *salt);
+#endif
+#else
+void fcrypt_body();
+#ifdef PERL5
+char *des_crypt();
+#else
+char *crypt();
+#endif
+#endif
+
+#ifdef PERL5
+char *des_crypt(buf,salt)
+#else
+char *crypt(buf,salt)
+#endif
+const char *buf;
+const char *salt;
+	{
+	static char buff[14];
+
+	return(des_fcrypt(buf,salt,buff));
+	}
+
+
+char *des_fcrypt(buf,salt,ret)
+const char *buf;
+const char *salt;
+char *ret;
+	{
+	unsigned int i,j,x,y;
+	DES_LONG Eswap0,Eswap1;
+	DES_LONG out[2],ll;
+	des_cblock key;
+	des_key_schedule ks;
+	unsigned char bb[9];
+	unsigned char *b=bb;
+	unsigned char c,u;
+
+	/* eay 25/08/92
+	 * If you call crypt("pwd","*") as often happens when you
+	 * have * as the pwd field in /etc/passwd, the function
+	 * returns *\0XXXXXXXXX
+	 * The \0 makes the string look like * so the pwd "*" would
+	 * crypt to "*".  This was found when replacing the crypt in
+	 * our shared libraries.  People found that the disbled
+	 * accounts effectivly had no passwd :-(. */
+	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
+	Eswap0=con_salt[x]<<2;
+	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
+	Eswap1=con_salt[x]<<6;
+
+/* EAY
+r=strlen(buf);
+r=(r+7)/8;
+*/
+	for (i=0; i<8; i++)
+		{
+		c= *(buf++);
+		if (!c) break;
+		key[i]=(c<<1);
+		}
+	for (; i<8; i++)
+		key[i]=0;
+
+	des_set_key((des_cblock *)(key),ks);
+	fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+
+	ll=out[0]; l2c(ll,b);
+	ll=out[1]; l2c(ll,b);
+	y=0;
+	u=0x80;
+	bb[8]=0;
+	for (i=2; i<13; i++)
+		{
+		c=0;
+		for (j=0; j<6; j++)
+			{
+			c<<=1;
+			if (bb[y] & u) c|=1;
+			u>>=1;
+			if (!u)
+				{
+				y++;
+				u=0x80;
+				}
+			}
+		ret[i]=cov_2char[c];
+		}
+	ret[13]='\0';
+	return(ret);
+	}
+
diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
new file mode 100644
index 0000000000000000000000000000000000000000..f929b66cfb80930c3e72d1aa5e600409e5493fb1
--- /dev/null
+++ b/crypto/des/fcrypt_b.c
@@ -0,0 +1,148 @@
+/* crypto/des/fcrypt_b.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(out, ks, Eswap0, Eswap1)
+DES_LONG *out;
+des_key_schedule ks;
+DES_LONG Eswap0;
+DES_LONG Eswap1;
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+#endif
+	register DES_LONG *s;
+	register int j;
+	register DES_LONG E0,E1;
+
+	l=0;
+	r=0;
+
+	s=(DES_LONG *)ks;
+	E0=Eswap0;
+	E1=Eswap1;
+
+	for (j=0; j<25; j++)
+		{
+#ifdef DES_UNROLL
+		register int i;
+
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  1 */
+			D_ENCRYPT(r,l,i+6); /*  2 */
+			}
+#else
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#endif
+
+		t=l;
+		l=r;
+		r=t;
+		}
+	l=ROTATE(l,3)&0xffffffffL;
+	r=ROTATE(r,3)&0xffffffffL;
+
+	PERM_OP(l,r,t, 1,0x55555555L);
+	PERM_OP(r,l,t, 8,0x00ff00ffL);
+	PERM_OP(l,r,t, 2,0x33333333L);
+	PERM_OP(r,l,t,16,0x0000ffffL);
+	PERM_OP(l,r,t, 4,0x0f0f0f0fL);
+
+	out[0]=r;
+	out[1]=l;
+	}
+
diff --git a/crypto/des/makefile.bc b/crypto/des/makefile.bc
new file mode 100644
index 0000000000000000000000000000000000000000..1fe6d4915a91925da62d051c5539710a681284e5
--- /dev/null
+++ b/crypto/des/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun 
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+
+.c.obj:
+	$(CC) $(CFLAGS) $*.c
+
+.obj.exe:
+	$(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+	del *.exe
+	del *.obj
+	del libdes.lib
+	del libdes.rsp
+
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+	qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+	enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+	ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+	cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+	ofb64ede.obj supp.obj
+
+LIB=    libdes.lib
+
+$(LIB): $(OBJS)
+	del $(LIB)
+	makersp "+%s &\n" &&|
+	$(OBJS)
+|       >libdes.rsp
+	$(TLIB) libdes.lib @libdes.rsp,nul
+	del libdes.rsp
+
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
+
+
diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..b79d965237768d2ff6005a1f8b7082d0c8b0c481
--- /dev/null
+++ b/crypto/des/ncbc_enc.c
@@ -0,0 +1,141 @@
+/* crypto/des/ncbc_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		iv=(unsigned char *)ivec;
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		iv=(unsigned char *)ivec;
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
new file mode 100644
index 0000000000000000000000000000000000000000..6a6b95c769472d1d26a2e5fc66bb7251866fdf94
--- /dev/null
+++ b/crypto/des/ofb64ede.c
@@ -0,0 +1,131 @@
+/* crypto/des/ofb64ede.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num)
+register unsigned char *in;
+register unsigned char *out;
+long length;
+des_key_schedule k1,k2,k3;
+des_cblock (*ivec);
+int *num;
+	{
+	register DES_LONG v0,v1;
+	register int n= *num;
+	register long l=length;
+	des_cblock d;
+	register char *dp;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt3((DES_LONG *)ti,k1,k2,k3);
+			v0=ti[0];
+			v1=ti[1];
+
+			dp=(char *)d;
+			l2c(v0,dp);
+			l2c(v1,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+/*		v0=ti[0];
+		v1=ti[1];*/
+		iv=(unsigned char *)ivec;
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num)
+register unsigned char *in;
+register unsigned char *out;
+long length;
+des_key_schedule k1,k2;
+des_cblock (*ivec);
+int *num;
+	{
+	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+	}
+#endif
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..fe4073981d866a2f884379bd3910dabf33391afe
--- /dev/null
+++ b/crypto/des/ofb64enc.c
@@ -0,0 +1,114 @@
+/* crypto/des/ofb64enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ofb64_encrypt(in, out, length, schedule, ivec, num)
+register unsigned char *in;
+register unsigned char *out;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int *num;
+	{
+	register DES_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	des_cblock d;
+	register char *dp;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			dp=(char *)d;
+			t=ti[0]; l2c(t,dp);
+			t=ti[1]; l2c(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=(unsigned char *)ivec;
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..9b2ecb6749a324d9a514cf4d14bd2b7b17303d33
--- /dev/null
+++ b/crypto/des/ofb_enc.c
@@ -0,0 +1,122 @@
+/* crypto/des/ofb_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_ofb_encrypt(in, out, numbits, length, schedule, ivec)
+unsigned char *in;
+unsigned char *out;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+	{
+	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG mask0,mask1;
+	register long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+
+	if (num > 64) return;
+	if (num > 32)
+		{
+		mask0=0xffffffffL;
+		if (num >= 64)
+			mask1=mask0;
+		else
+			mask1=(1L<<(num-32))-1;
+		}
+	else
+		{
+		if (num == 32)
+			mask0=0xffffffffL;
+		else
+			mask0=(1L< 0)
+		{
+		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		c2ln(in,d0,d1,n);
+		in+=n;
+		d0=(d0^ti[0])&mask0;
+		d1=(d1^ti[1])&mask1;
+		l2cn(d0,d1,out,n);
+		out+=n;
+		}
+	v0=ti[0];
+	v1=ti[1];
+	iv=(unsigned char *)ivec;
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=0;
+	}
+
diff --git a/crypto/des/options.txt b/crypto/des/options.txt
new file mode 100644
index 0000000000000000000000000000000000000000..9fe648816abd7ded6621ecea6ecfa7bf8d0e2a74
--- /dev/null
+++ b/crypto/des/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assember		577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR	496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]	459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1	433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 		380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assember			281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assember			281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL 				275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR		235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR			233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR		191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]			181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR		158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]	 			148,000	1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL		123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR			101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL			 81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assember			 65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR	 76,000	 608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2		 43,500  344k/s
+AIX - old slow one :-) - cc -					 39,000  312k/s
+
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..8adba1aad33d89e1ffb7cbcf37f2bd746d14dac6
--- /dev/null
+++ b/crypto/des/pcbc_enc.c
@@ -0,0 +1,126 @@
+/* crypto/des/pcbc_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_pcbc_encrypt(input, output, length, schedule, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+int enc;
+	{
+	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
+	DES_LONG tin[2];
+	unsigned char *in,*out,*iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (; length>0; length-=8)
+			{
+			if (length >= 8)
+				{
+				c2l(in,sin0);
+				c2l(in,sin1);
+				}
+			else
+				c2ln(in,sin0,sin1,length);
+			tin[0]=sin0^xor0;
+			tin[1]=sin1^xor1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0];
+			tout1=tin[1];
+			xor0=sin0^tout0;
+			xor1=sin1^tout1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		}
+	else
+		{
+		c2l(iv,xor0); c2l(iv,xor1);
+		for (; length>0; length-=8)
+			{
+			c2l(in,sin0);
+			c2l(in,sin1);
+			tin[0]=sin0;
+			tin[1]=sin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			if (length >= 8)
+				{
+				l2c(tout0,out);
+				l2c(tout1,out);
+				}
+			else
+				l2cn(tout0,tout1,out,length);
+			xor0=tout0^sin0;
+			xor1=tout1^sin1;
+			}
+		}
+	tin[0]=tin[1]=0;
+	sin0=sin1=xor0=xor1=tout0=tout1=0;
+	}
diff --git a/crypto/des/podd.h b/crypto/des/podd.h
new file mode 100644
index 0000000000000000000000000000000000000000..c00cd6ba0c2e7aa3af22680e2041c91c6d3e00af
--- /dev/null
+++ b/crypto/des/podd.h
@@ -0,0 +1,75 @@
+/* crypto/des/podd.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const unsigned char odd_parity[256]={
+  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
new file mode 100644
index 0000000000000000000000000000000000000000..39e8f40fa902cdb92878a697530100998b0c0ea3
--- /dev/null
+++ b/crypto/des/qud_cksm.c
@@ -0,0 +1,144 @@
+/* crypto/des/qud_cksm.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
+ * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
+ * This module in only based on the code in this paper and is
+ * almost definitely not the same as the MIT implementation.
+ */
+#include "des_locl.h"
+
+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
+#define Q_B0(a)	(((DES_LONG)(a)))
+#define Q_B1(a)	(((DES_LONG)(a))<<8)
+#define Q_B2(a)	(((DES_LONG)(a))<<16)
+#define Q_B3(a)	(((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE	((DES_LONG)83653421L)
+
+DES_LONG des_quad_cksum(input, output, length, out_count, seed)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+int out_count;
+des_cblock (*seed);
+	{
+	DES_LONG z0,z1,t0,t1;
+	int i;
+	long l;
+	unsigned char *cp;
+	unsigned char *lp;
+
+	if (out_count < 1) out_count=1;
+	lp=(unsigned char *)output;
+
+	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
+	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
+
+	for (i=0; ((i<4)&&(i 0)
+			{
+			if (l > 1)
+				{
+				t0= (DES_LONG)(*(cp++));
+				t0|=(DES_LONG)Q_B1(*(cp++));
+				l--;
+				}
+			else
+				t0= (DES_LONG)(*(cp++));
+			l--;
+			/* add */
+			t0+=z0;
+			t0&=0xffffffffL;
+			t1=z1;
+			/* square, well sort of square */
+			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
+				&0xffffffffL)%0x7fffffffL; 
+			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
+			}
+		if (lp != NULL)
+			{
+			/* I believe I finally have things worked out.
+			 * The MIT library assumes that the checksum
+			 * is one huge number and it is returned in a
+			 * host dependant byte order.
+			 */
+			static DES_LONG ltmp=1;
+			static unsigned char *c=(unsigned char *)<mp;
+
+			if (c[0])
+				{
+				l2c(z0,lp);
+				l2c(z1,lp);
+				}
+			else
+				{
+				lp=output[out_count-i-1];
+				l2n(z1,lp);
+				l2n(z0,lp);
+				}
+			}
+		}
+	return(z0);
+	}
+
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
new file mode 100644
index 0000000000000000000000000000000000000000..feb7ba75bcb820c360f55a94d590290a8a7586cd
--- /dev/null
+++ b/crypto/des/rand_key.c
@@ -0,0 +1,118 @@
+/* crypto/des/rand_key.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include 
+
+static int seed=0;
+static des_cblock init;
+
+void des_random_seed(key)
+des_cblock key;
+	{
+	memcpy(init,key,sizeof(des_cblock));
+	seed=1;
+	}
+
+void des_random_key(ret)
+unsigned char *ret;
+	{
+	des_key_schedule ks;
+	static DES_LONG c=0;
+	static unsigned short pid=0;
+	static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+	des_cblock key;
+	unsigned char *p;
+	DES_LONG t;
+	int i;
+
+#ifdef MSDOS
+	pid=1;
+#else
+	if (!pid) pid=getpid();
+#endif
+	p=key;
+	if (seed)
+		{
+		for (i=0; i<8; i++)
+			{
+			data[i] ^= init[i];
+			init[i]=0;
+			}
+		seed=0;
+		}
+	t=(DES_LONG)time(NULL);
+	l2c(t,p);
+	t=(DES_LONG)((pid)|((c++)<<16));
+	l2c(t,p);
+
+	des_set_odd_parity((des_cblock *)data);
+	des_set_key((des_cblock *)data,ks);
+	des_cbc_cksum((des_cblock *)key,(des_cblock *)key,
+		(long)sizeof(key),ks,(des_cblock *)data);
+
+	des_set_odd_parity((des_cblock *)key);
+	des_set_key((des_cblock *)key,ks);
+	des_cbc_cksum((des_cblock *)key,(des_cblock *)data,
+		(long)sizeof(key),ks,(des_cblock *)key);
+
+	memcpy(ret,data,sizeof(key));
+	memset(key,0,sizeof(key));
+	memset(ks,0,sizeof(ks));
+	t=0;
+	}
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
new file mode 100644
index 0000000000000000000000000000000000000000..84136b950be25ae95b0a31b234b35f203491c4b9
--- /dev/null
+++ b/crypto/des/read2pwd.c
@@ -0,0 +1,90 @@
+/* crypto/des/read2pwd.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+int des_read_password(key, prompt, verify)
+des_cblock (*key);
+char *prompt;
+int verify;
+	{
+	int ok;
+	char buf[BUFSIZ],buff[BUFSIZ];
+
+	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		des_string_to_key(buf,key);
+	memset(buf,0,BUFSIZ);
+	memset(buff,0,BUFSIZ);
+	return(ok);
+	}
+
+int des_read_2passwords(key1, key2, prompt, verify)
+des_cblock (*key1);
+des_cblock (*key2);
+char *prompt;
+int verify;
+	{
+	int ok;
+	char buf[BUFSIZ],buff[BUFSIZ];
+
+	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		des_string_to_2keys(buf,key1,key2);
+	memset(buf,0,BUFSIZ);
+	memset(buff,0,BUFSIZ);
+	return(ok);
+	}
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
new file mode 100644
index 0000000000000000000000000000000000000000..75d035cf9c08d8b9b17981818d04952c7640210f
--- /dev/null
+++ b/crypto/des/read_pwd.c
@@ -0,0 +1,419 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifdef WIN16TTY
+#undef WIN16
+#undef _WINDOWS
+#include 
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include 
+#include 
+#include 
+#include 
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+
+#ifdef TERMIOS
+#include 
+#define TTY_STRUCT		struct termios
+#define TTY_FLAGS		c_lflag
+#define	TTY_get(tty,data)	tcgetattr(tty,data)
+#define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+#include 
+#define TTY_STRUCT		struct termio
+#define TTY_FLAGS		c_lflag
+#define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+#include 
+#define TTY_STRUCT		struct sgttyb
+#define TTY_FLAGS		sg_flags
+#define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS)
+#include 
+#endif
+
+#ifdef MSDOS
+#include 
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+
+#ifdef VMS
+#include 
+#include 
+#include 
+#include 
+struct IOSB {
+	short iosb$w_value;
+	short iosb$w_count;
+	long  iosb$l_info;
+	};
+#endif
+
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+
+#ifndef NOPROTO
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#else
+static void read_till_nl();
+static void recsig();
+static void pushsig();
+static void popsig();
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets();
+#endif
+#endif
+
+#ifndef NOPROTO
+static void (*savsig[NX509_SIG])(int );
+#else
+static void (*savsig[NX509_SIG])();
+#endif
+static jmp_buf save;
+
+int des_read_pw_string(buf, length, prompt, verify)
+char *buf;
+int length;
+char *prompt;
+int verify;
+	{
+	char buff[BUFSIZ];
+	int ret;
+
+	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+	memset(buff,0,BUFSIZ);
+	return(ret);
+	}
+
+#ifndef WIN16
+
+static void read_till_nl(in)
+FILE *in;
+	{
+#define SIZE 4
+	char buf[SIZE+1];
+
+	do	{
+		fgets(buf,SIZE,in);
+		} while (strchr(buf,'\n') == NULL);
+	}
+
+
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(buf, buff, size, prompt, verify)
+char *buf;
+char *buff;
+int size;
+char *prompt;
+int verify;
+	{
+#ifdef VMS
+	struct IOSB iosb;
+	$DESCRIPTOR(terminal,"TT");
+	long tty_orig[3], tty_new[3];
+	long status;
+	unsigned short channel = 0;
+#else
+#ifndef MSDOS
+	TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+	int number=5;
+	int ok=0;
+	int ps=0;
+	int is_a_tty=1;
+
+	FILE *tty=NULL;
+	char *p;
+
+#ifndef MSDOS
+	if ((tty=fopen("/dev/tty","r")) == NULL)
+		tty=stdin;
+#else /* MSDOS */
+	if ((tty=fopen("con","r")) == NULL)
+		tty=stdin;
+#endif /* MSDOS */
+
+#if defined(TTY_get) && !defined(VMS)
+	if (TTY_get(fileno(tty),&tty_orig) == -1)
+		{
+#ifdef ENOTTY
+		if (errno == ENOTTY)
+			is_a_tty=0;
+		else
+#endif
+			return(-1);
+		}
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef VMS
+	status = SYS$ASSIGN(&terminal,&channel,0,0);
+	if (status != SS$_NORMAL)
+		return(-1);
+	status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return(-1);
+#endif
+
+	if (setjmp(save))
+		{
+		ok=0;
+		goto error;
+		}
+	pushsig();
+	ps=1;
+
+#ifdef TTY_FLAGS
+	tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(VMS)
+	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+		return(-1);
+#endif
+#ifdef VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return(-1);
+#endif
+	ps=2;
+
+	while ((!ok) && (number--))
+		{
+		fputs(prompt,stderr);
+		fflush(stderr);
+
+		buf[0]='\0';
+		fgets(buf,size,tty);
+		if (feof(tty)) goto error;
+		if (ferror(tty)) goto error;
+		if ((p=(char *)strchr(buf,'\n')) != NULL)
+			*p='\0';
+		else	read_till_nl(tty);
+		if (verify)
+			{
+			fprintf(stderr,"\nVerifying password - %s",prompt);
+			fflush(stderr);
+			buff[0]='\0';
+			fgets(buff,size,tty);
+			if (feof(tty)) goto error;
+			if ((p=(char *)strchr(buff,'\n')) != NULL)
+				*p='\0';
+			else	read_till_nl(tty);
+				
+			if (strcmp(buf,buff) != 0)
+				{
+				fprintf(stderr,"\nVerify failure");
+				fflush(stderr);
+				break;
+				/* continue; */
+				}
+			}
+		ok=1;
+		}
+
+error:
+	fprintf(stderr,"\n");
+#ifdef DEBUG
+	perror("fgets(tty)");
+#endif
+	/* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(VMS) 
+	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef VMS
+	if (ps >= 2)
+		status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0
+			,tty_orig,12,0,0,0,0);
+#endif
+	
+	if (ps >= 1) popsig();
+	if (stdin != tty) fclose(tty);
+#ifdef VMS
+	status = SYS$DASSGN(channel);
+#endif
+	return(!ok);
+	}
+
+#else /* WIN16 */
+
+int des_read_pw(buf, buff, size, prompt, verify)
+char *buf;
+char *buff;
+int size;
+char *prompt;
+int verify;
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#endif
+
+static void pushsig()
+	{
+	int i;
+
+	for (i=1; ides_key,ks);
+	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+
+	if (desp->des_mode == CBC)
+		des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf,
+				(des_cblock *)desp->UDES.UDES_buf,ks,enc);
+	else
+		{
+		des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf,
+				(des_cblock *)desp->UDES.UDES_buf,
+				(long)len,ks,
+				(des_cblock *)desp->des_ivec,enc);
+#ifdef undef
+		/* len will always be %8 if called from common_crypt
+		 * in secure_rpc.
+		 * Libdes's cbc encrypt does not copy back the iv,
+		 * so we have to do it here. */
+		/* It does now :-) eay 20/09/95 */
+
+		a=(char *)&(desp->UDES.UDES_buf[len-8]);
+		b=(char *)&(desp->des_ivec[0]);
+
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+#endif
+		}
+	return(1);	
+	}
+
diff --git a/crypto/des/rpw.c b/crypto/des/rpw.c
new file mode 100644
index 0000000000000000000000000000000000000000..93793c6f5368d3b49f83f726380c53d176d7c32f
--- /dev/null
+++ b/crypto/des/rpw.c
@@ -0,0 +1,101 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "des.h"
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	des_cblock k,k1;
+	int i;
+
+	printf("read passwd\n");
+	if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0)
+		{
+		printf("password = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k[i]);
+		}
+	else
+		printf("error %d\n",i);
+	printf("\n");
+	printf("read 2passwds and verify\n");
+	if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1,
+		"Enter verified password:",1)) == 0)
+		{
+		printf("password1 = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k[i]);
+		printf("\n");
+		printf("password2 = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k1[i]);
+		printf("\n");
+		exit(1);
+		}
+	else
+		{
+		printf("error %d\n",i);
+		exit(0);
+		}
+#ifdef LINT
+	return(0);
+#endif
+	}
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
new file mode 100644
index 0000000000000000000000000000000000000000..99ac2734843e8e3a4115a0aa2523f32488002abe
--- /dev/null
+++ b/crypto/des/set_key.c
@@ -0,0 +1,246 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+#ifndef NOPROTO
+static int check_parity(des_cblock (*key));
+#else
+static int check_parity();
+#endif
+
+int des_check_key=0;
+
+void des_set_odd_parity(key)
+des_cblock (*key);
+	{
+	int i;
+
+	for (i=0; i>(n))^(b))&(m)),\
+ * 	(b)^=(t),\
+ * 	(a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int des_set_key(key, schedule)
+des_cblock (*key);
+des_key_schedule schedule;
+	{
+	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+	register DES_LONG c,d,t,s,t2;
+	register unsigned char *in;
+	register DES_LONG *k;
+	register int i;
+
+	if (des_check_key)
+		{
+		if (!check_parity(key))
+			return(-1);
+
+		if (des_is_weak_key(key))
+			return(-2);
+		}
+
+	k=(DES_LONG *)schedule;
+	in=(unsigned char *)key;
+
+	c2l(in,c);
+	c2l(in,d);
+
+	/* do PC1 in 60 simple operations */ 
+/*	PERM_OP(d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2, 0xcccc0000L);
+	HPERM_OP(c,t,-1, 0xaaaa0000L);
+	HPERM_OP(c,t, 8, 0x00ff0000L);
+	HPERM_OP(c,t,-1, 0xaaaa0000L);
+	HPERM_OP(d,t,-8, 0xff000000L);
+	HPERM_OP(d,t, 8, 0x00ff0000L);
+	HPERM_OP(d,t, 2, 0x33330000L);
+	d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
+	d=(d>>8)|((c&0xf0000000L)>>4);
+	c&=0x0fffffffL; */
+
+	/* I now do it in 47 simple operations :-)
+	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 * for the inspiration. :-) */
+	PERM_OP (d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2,0xcccc0000L);
+	HPERM_OP(d,t,-2,0xcccc0000L);
+	PERM_OP (d,c,t,1,0x55555555L);
+	PERM_OP (c,d,t,8,0x00ff00ffL);
+	PERM_OP (d,c,t,1,0x55555555L);
+	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
+		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+	c&=0x0fffffffL;
+
+	for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+		else
+			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+		c&=0x0fffffffL;
+		d&=0x0fffffffL;
+		/* could be a few less shifts but I am to lazy at this
+		 * point in time to investigate */
+		s=	des_skb[0][ (c    )&0x3f                ]|
+			des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
+			des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
+			des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
+						  ((c>>22L)&0x38)];
+		t=	des_skb[4][ (d    )&0x3f                ]|
+			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+			des_skb[6][ (d>>15L)&0x3f                ]|
+			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+
+		/* table contained 0213 4657 */
+		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+		*(k++)=ROTATE(t2,30)&0xffffffffL;
+
+		t2=((s>>16L)|(t&0xffff0000L));
+		*(k++)=ROTATE(t2,26)&0xffffffffL;
+		}
+	return(0);
+	}
+
+int des_key_sched(key, schedule)
+des_cblock (*key);
+des_key_schedule schedule;
+	{
+	return(des_set_key(key,schedule));
+	}
diff --git a/crypto/des/shifts.pl b/crypto/des/shifts.pl
new file mode 100644
index 0000000000000000000000000000000000000000..ba686d8ef51ae987240b0000580432d59f1b38c1
--- /dev/null
+++ b/crypto/des/shifts.pl
@@ -0,0 +1,198 @@
+#!/usr/local/bin/perl
+
+sub lab_shift
+	{
+	local(*a,$n)=@_;
+	local(@r,$i,$j,$k,$d,@z);
+
+	@r=&shift(*a,$n);
+	foreach $i (0 .. 31)
+		{
+		@z=split(/\^/,$r[$i]);
+		for ($j=0; $j <= $#z; $j++)
+			{
+			($d)=($z[$j] =~ /^(..)/);
+			($k)=($z[$j] =~ /\[(.*)\]$/);
+			$k.=",$n" if ($k ne "");
+			$k="$n"	  if ($k eq "");
+			$d="$d[$k]";
+			$z[$j]=$d;
+			}
+		$r[$i]=join('^',@z);
+		}
+	return(@r);
+	}
+
+sub shift
+	{
+	local(*a,$n)=@_;
+	local(@f);
+
+	if ($n > 0)
+		{
+		@f=&shiftl(*a,$n);
+		}
+	else
+		{
+		@f=&shiftr(*a,-$n);
+		}
+	return(@f);
+	}
+
+sub rotate
+	{
+	local(*a,$n)=@_;
+	local(@f);
+
+	if ($n > 0)
+		{ @f=&rotatel(*a,$n); }
+	else
+		{ @f=&rotater(*a,-$n); }
+	return(@f);
+	}
+
+sub rotater
+	{
+	local(*a,$n)=@_;
+	local(@f,@g);
+
+	@f=&shiftr(*a,$n);
+	@g=&shiftl(*a,32-$n);
+	$#f=31;
+	$#g=31;
+	return(&or(*f,*g));
+	}
+
+sub rotatel
+	{
+	local(*a,$n)=@_;
+	local(@f,@g);
+
+	@f=&shiftl(*a,$n);
+	@g=&shiftr(*a,32-$n);
+	$#f=31;
+	$#g=31;
+	return(&or(*f,*g));
+	}
+
+sub shiftr
+	{
+	local(*a,$n)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		if (($i+$n) > 31)
+			{
+			$r[$i]="--";
+			}
+		else
+			{
+			$r[$i]=$a[$i+$n];
+			}
+		}
+	return(@r);
+	}
+
+sub shiftl
+	{
+	local(*a,$n)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		if ($i < $n)
+			{
+			$r[$i]="--";
+			}
+		else
+			{
+			$r[$i]=$a[$i-$n];
+			}
+		}
+	return(@r);
+	}
+
+sub printit
+	{
+	local(@a)=@_;
+	local($i);
+
+	foreach $i (0 .. 31)
+		{
+		printf "%2s  ",$a[$i];
+		print "\n" if (($i%8) == 7);
+		}
+	print "\n";
+	}
+
+sub xor
+	{
+	local(*a,*b)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]=&compress($a[$i].'^'.$b[$i]);
+#		$r[$i]=$a[$i]."^".$b[$i];
+		}
+	return(@r);
+	}
+
+sub and
+	{
+	local(*a,$m)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
+		}
+	return(@r);
+	}
+
+sub or
+	{
+	local(*a,*b)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
+		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
+		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
+		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
+		}
+	return(@r);
+	}
+
+sub compress
+	{
+	local($s)=@_;
+	local($_,$i,@a,%a,$r);
+
+	$s =~ s/\^\^/\^/g;
+	$s =~ s/^\^//;
+	$s =~ s/\^$//;
+	@a=split(/\^/,$s);
+
+	while ($#a >= 0)
+		{
+		$_=shift(@a);
+		next unless /\d/;
+		$a{$_}++;
+		}
+	foreach $i (sort keys %a)
+		{
+		next if ($a{$i}%2 == 0);
+		$r.="$i^";
+		}
+	chop($r);
+	return($r);
+	}
+1;
diff --git a/crypto/des/sk.h b/crypto/des/sk.h
new file mode 100644
index 0000000000000000000000000000000000000000..2407030704369319ff33938b1029bcd0adaada9f
--- /dev/null
+++ b/crypto/des/sk.h
@@ -0,0 +1,204 @@
+/* crypto/des/sk.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const DES_LONG des_skb[8][64]={
+{
+/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+},{
+/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+},{
+/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+},{
+/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+},{
+/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+},{
+/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+},{
+/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+},{
+/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+}};
diff --git a/crypto/des/speed.c b/crypto/des/speed.c
new file mode 100644
index 0000000000000000000000000000000000000000..250b697135ed0615bb80dedcbc291410ac37cc76
--- /dev/null
+++ b/crypto/des/speed.c
@@ -0,0 +1,329 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#include 
+#ifndef MSDOS
+#include 
+#else
+#include 
+extern int exit();
+#endif
+#include 
+#ifndef VMS
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+#else /* VMS */
+#include 
+struct tms {
+	time_t tms_utime;
+	time_t tms_stime;
+	time_t tms_uchild;	/* I dunno...  */
+	time_t tms_uchildsys;	/* so these names are a guess :-) */
+	}
+#endif
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef sun
+#include 
+#include 
+#endif
+
+#include "des.h"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   ifndef VMS
+#    define HZ	100.0
+#   else /* VMS */
+#    define HZ	100.0
+#   endif
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+#ifndef NOPROTO
+double Time_F(int s);
+#else
+double Time_F();
+#endif
+
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+#ifndef NOPROTO
+SIGRETTYPE sig_done(int sig);
+#else
+SIGRETTYPE sig_done();
+#endif
+
+SIGRETTYPE sig_done(sig)
+int sig;
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(s)
+int s;
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(argc,argv)
+int argc;
+char **argv;
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+	double a,b,c,d,e;
+#ifndef SIGALRM
+	long ca,cb,cc,cd,ce;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+	des_set_key((C_Block *)key2,sch2);
+	des_set_key((C_Block *)key3,sch3);
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	des_set_key((C_Block *)key,sch);
+	count=10;
+	do	{
+		long i;
+		DES_LONG data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+	ce=count/20+1;
+	printf("Doing set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count++)
+		des_set_key((C_Block *)key,sch);
+	d=Time_F(STOP);
+	printf("%ld set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing des_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing des_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count++)
+		{
+		DES_LONG data[2];
+
+		des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		}
+	d=Time_F(STOP);
+	printf("%ld des_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
+			(C_Block *)&(key[0]),DES_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+	printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cd); count++)
+		des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
+			&(sch[0]),
+			&(sch2[0]),
+			&(sch3[0]),
+			(C_Block *)&(key[0]),
+			DES_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	d=((double)COUNT(cd)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+	printf("Doing crypt for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing crypt %ld times\n",ce);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(ce); count++)
+		crypt("testing1","ef");
+	e=Time_F(STOP);
+	printf("%ld crypts in %.2f second\n",count,e);
+	e=((double)COUNT(ce))/e;
+
+	printf("set_key            per sec = %12.2f (%5.1fuS)\n",a,1.0e6/a);
+	printf("DES raw ecb bytes  per sec = %12.2f (%5.1fuS)\n",b,8.0e6/b);
+	printf("DES cbc bytes      per sec = %12.2f (%5.1fuS)\n",c,8.0e6/c);
+	printf("DES ede cbc bytes  per sec = %12.2f (%5.1fuS)\n",d,8.0e6/d);
+	printf("crypt              per sec = %12.2f (%5.1fuS)\n",e,1.0e6/e);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/des/spr.h b/crypto/des/spr.h
new file mode 100644
index 0000000000000000000000000000000000000000..a84d6a723f9f3b8906aeaa2e5bf5be1b7390a1a0
--- /dev/null
+++ b/crypto/des/spr.h
@@ -0,0 +1,204 @@
+/* crypto/des/spr.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+const DES_LONG des_SPtrans[8][64]={
+{
+/* nibble 0 */
+0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+},{
+/* nibble 1 */
+0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+},{
+/* nibble 2 */
+0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+},{
+/* nibble 3 */
+0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+},{
+/* nibble 4 */
+0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+},{
+/* nibble 5 */
+0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+},{
+/* nibble 6 */
+0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+},{
+/* nibble 7 */
+0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+}};
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
new file mode 100644
index 0000000000000000000000000000000000000000..65a118465320d83e000b2ffadff408865063a770
--- /dev/null
+++ b/crypto/des/str2key.c
@@ -0,0 +1,171 @@
+/* crypto/des/str2key.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+extern int des_check_key;
+
+void des_string_to_key(str, key)
+char *str;
+des_cblock (*key);
+	{
+	des_key_schedule ks;
+	int i,length;
+	register unsigned char j;
+
+	memset(key,0,8);
+	length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+	for (i=0; i>4)&0x0f);
+			j=((j<<2)&0xcc)|((j>>2)&0x33);
+			j=((j<<1)&0xaa)|((j>>1)&0x55);
+			(*key)[7-(i%8)]^=j;
+			}
+		}
+#endif
+	des_set_odd_parity((des_cblock *)key);
+	i=des_check_key;
+	des_check_key=0;
+	des_set_key((des_cblock *)key,ks);
+	des_check_key=i;
+	des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks,
+		(des_cblock *)key);
+	memset(ks,0,sizeof(ks));
+	des_set_odd_parity((des_cblock *)key);
+	}
+
+void des_string_to_2keys(str, key1, key2)
+char *str;
+des_cblock (*key1);
+des_cblock (*key2);
+	{
+	des_key_schedule ks;
+	int i,length;
+	register unsigned char j;
+
+	memset(key1,0,8);
+	memset(key2,0,8);
+	length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+	if (length <= 8)
+		{
+		for (i=0; i>4)&0x0f);
+			j=((j<<2)&0xcc)|((j>>2)&0x33);
+			j=((j<<1)&0xaa)|((j>>1)&0x55);
+			if ((i%16) < 8)
+				(*key1)[7-(i%8)]^=j;
+			else
+				(*key2)[7-(i%8)]^=j;
+			}
+		}
+	if (length <= 8) memcpy(key2,key1,8);
+#endif
+	des_set_odd_parity((des_cblock *)key1);
+	des_set_odd_parity((des_cblock *)key2);
+	i=des_check_key;
+	des_check_key=0;
+	des_set_key((des_cblock *)key1,ks);
+	des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks,
+		(des_cblock *)key1);
+	des_set_key((des_cblock *)key2,ks);
+	des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks,
+		(des_cblock *)key2);
+	des_check_key=i;
+	memset(ks,0,sizeof(ks));
+	des_set_odd_parity(key1);
+	des_set_odd_parity(key2);
+	}
diff --git a/crypto/des/supp.c b/crypto/des/supp.c
new file mode 100644
index 0000000000000000000000000000000000000000..56bd85beff670e5a94260f98d5e23063762151a5
--- /dev/null
+++ b/crypto/des/supp.c
@@ -0,0 +1,109 @@
+/* crypto/des/supp.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Copyright (c) 1995
+ *	Mark Murray.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Mark Murray
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: supp.c,v 1.1 1998/12/21 10:52:29 rse Exp $
+ */
+
+#include 
+#include "des_locl.h"
+
+void des_cblock_print_file(cb, fp)
+	des_cblock *cb;
+	FILE *fp;
+{
+	int i;
+	unsigned int *p = (unsigned int *)cb;
+
+	fprintf(fp, " 0x { ");
+	for (i = 0; i < 8; i++) {
+		fprintf(fp, "%x", p[i]);
+		if (i != 7) fprintf(fp, ", ");
+	}
+	fprintf(fp, " }");
+}
diff --git a/crypto/des/t/test b/crypto/des/t/test
new file mode 100644
index 0000000000000000000000000000000000000000..97acd0552e43031d50d4ed3c25a3dd75d9c72add
--- /dev/null
+++ b/crypto/des/t/test
@@ -0,0 +1,27 @@
+#!./perl
+
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+
+use DES;
+
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
+
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
diff --git a/crypto/des/testdes.pl b/crypto/des/testdes.pl
new file mode 100644
index 0000000000000000000000000000000000000000..01a165a963d1ae5d38fcf616d0bdbf0a8d60770e
--- /dev/null
+++ b/crypto/des/testdes.pl
@@ -0,0 +1,167 @@
+#!/usr/local/bin/perl
+
+# des.pl tesing code
+
+require 'des.pl';
+
+$num_tests=34;
+@key_data=(
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
+	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
+	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
+	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
+	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
+	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
+	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
+	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
+	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
+	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
+	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
+	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
+	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
+	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
+	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
+	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
+	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
+	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
+	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+	);
+
+@plain_data=(
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
+	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
+	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
+	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
+	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
+	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
+	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
+	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
+	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
+	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
+	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
+	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
+	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
+	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
+	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
+	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
+	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
+	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
+	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
+
+@cipher_data=(
+	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
+	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
+	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
+	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
+	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
+	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
+	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
+	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
+	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
+	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
+	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
+	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
+	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
+	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
+	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
+	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
+	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
+	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
+	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
+	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
+	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
+	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
+	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
+	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
+	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
+	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
+	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
+	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
+	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
+	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
+	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
+	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
+
+print "Doing ecb tests\n";
+for ($i=0; $i<$num_tests; $i++)
+	{
+	printf "Doing test $i\n";
+	$key =pack("C8",splice(@key_data   ,0,8));
+	$data=pack("C8",splice(@plain_data ,0,8));
+	$res =pack("C8",splice(@cipher_data,0,8));
+
+	@ks=  &des_set_key($key);
+	$out1= &des_ecb_encrypt(*ks,1,$data);
+	$out2= &des_ecb_encrypt(*ks,0,$out1);
+	$out3= &des_ecb_encrypt(*ks,0,$res);
+	&eprint("encryption failure",$res,$out1)
+		if ($out1 ne $res);
+	&eprint("encryption/decryption failure",$data,$out2)
+		if ($out2 ne $data);
+	&eprint("decryption failure",$data,$out3)
+		if ($data ne $out3);
+	}
+print "Done\n";
+
+print "doing speed test over 30 seconds\n";
+$SIG{'ALRM'}='done';
+sub done {$done=1;}
+$done=0;
+
+$count=0;
+$d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+@ks=  &des_set_key($d);
+alarm(30);
+$start=(times)[0];
+while (!$done)
+	{
+	$count++;
+	$d=&des_ecb_encrypt(*ks,1,$d);
+	}
+$end=(times)[0];
+$t=$end-$start;
+printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
+	1.0*$t,1.0*$count/$t,$count*8.0/$t;
+
+sub eprint
+	{
+	local($s,$c,$e)=@_;
+	local(@k);
+
+	@k=unpack("C8",$c);
+	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
+	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
+	print " $s\n";
+	}
diff --git a/crypto/des/times/486-50.sol b/crypto/des/times/486-50.sol
new file mode 100644
index 0000000000000000000000000000000000000000..0de62d6db31e014eb14f6c1382a51720235a32aa
--- /dev/null
+++ b/crypto/des/times/486-50.sol
@@ -0,0 +1,16 @@
+Solaris 2.4, 486 50mhz, gcc 2.6.3
+options    des ecb/s
+16 r2 i     43552.51 100.0%
+16 r1 i     43487.45  99.9%
+16  c p     43003.23  98.7%
+16 r2 p     42339.00  97.2%
+16  c i     41900.91  96.2%
+16 r1 p     41360.64  95.0%
+ 4  c i     38728.48  88.9%
+ 4  c p     38225.63  87.8%
+ 4 r1 i     38085.79  87.4%
+ 4 r2 i     37825.64  86.9%
+ 4 r2 p     34611.00  79.5%
+ 4 r1 p     31802.00  73.0%
+-DDES_UNROLL -DDES_RISC2
+
diff --git a/crypto/des/times/586-100.lnx b/crypto/des/times/586-100.lnx
new file mode 100644
index 0000000000000000000000000000000000000000..4323914a11bbeca655590ddb4827fe39f69a8d01
--- /dev/null
+++ b/crypto/des/times/586-100.lnx
@@ -0,0 +1,20 @@
+Pentium 100
+Linux 2 kernel
+gcc 2.7.0 -O3 -fomit-frame-pointer
+No X server running, just a console, it makes the top speed jump from 151,000
+to 158,000 :-).
+options    des ecb/s
+assember   281000.00 177.1%
+16 r1 p    158667.40 100.0%
+16 r1 i    148471.70  93.6%
+16 r2 p    143961.80  90.7%
+16 r2 i    141689.20  89.3%
+ 4 r1 i    140100.00  88.3%
+ 4 r2 i    134049.40  84.5%
+16  c i    124145.20  78.2%
+16  c p    121584.20  76.6%
+ 4  c i    118116.00  74.4%
+ 4 r2 p    117977.90  74.4%
+ 4  c p    114971.40  72.5%
+ 4 r1 p    114578.40  72.2%
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/crypto/des/times/686-200.fre b/crypto/des/times/686-200.fre
new file mode 100644
index 0000000000000000000000000000000000000000..7d83f6adee15288637924d4ad9726f3718006637
--- /dev/null
+++ b/crypto/des/times/686-200.fre
@@ -0,0 +1,18 @@
+Pentium 100
+Free BSD 2.1.5 kernel
+gcc 2.7.2.2 -O3 -fomit-frame-pointer
+options    des ecb/s
+assember   578000.00 133.1%
+16 r2 i    434454.80 100.0%
+16 r1 i    433621.43  99.8%
+16 r2 p    431375.69  99.3%
+ 4 r1 i    423722.30  97.5%
+ 4 r2 i    422399.40  97.2%
+16 r1 p    421739.40  97.1%
+16  c i    399027.94  91.8%
+16  c p    372251.70  85.7%
+ 4  c i    365118.35  84.0%
+ 4  c p    352880.51  81.2%
+ 4 r2 p    255104.90  58.7%
+ 4 r1 p    251289.18  57.8%
+-DDES_UNROLL -DDES_RISC2
diff --git a/crypto/des/times/aix.cc b/crypto/des/times/aix.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d96b74e2ceddefee805f493481bdb242ffc249a6
--- /dev/null
+++ b/crypto/des/times/aix.cc
@@ -0,0 +1,26 @@
+From: Paco Garcia 
+
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+
+options    des ecb/s       
+ 4  c p    275118.61 100.0%
+ 4  c i    273545.07  99.4%
+ 4 r2 p    270441.02  98.3%
+ 4 r1 p    253052.15  92.0%
+ 4 r2 i    240842.97  87.5%
+ 4 r1 i    240556.66  87.4%
+16  c i    224603.99  81.6%
+16  c p    224483.98  81.6%
+16 r2 p    215691.19  78.4%
+16 r1 p    208332.83  75.7%
+16 r1 i    199206.50  72.4%
+16 r2 i    198963.70  72.3%
+-DDES_PTR
+
diff --git a/crypto/des/times/alpha.cc b/crypto/des/times/alpha.cc
new file mode 100644
index 0000000000000000000000000000000000000000..95c17efae7e5f6b1d2c605204c2eee8f5a593429
--- /dev/null
+++ b/crypto/des/times/alpha.cc
@@ -0,0 +1,18 @@
+cc -O2
+DES_LONG is 'unsigned int'
+
+options    des ecb/s
+ 4 r2 p    181146.14 100.0%
+16 r2 p    172102.94  95.0%
+ 4 r2 i    165424.11  91.3%
+16  c p    160468.64  88.6%
+ 4  c p    156653.59  86.5%
+ 4  c i    155245.18  85.7%
+ 4 r1 p    154729.68  85.4%
+16 r2 i    154137.69  85.1%
+16 r1 p    152357.96  84.1%
+16  c i    148743.91  82.1%
+ 4 r1 i    146695.59  81.0%
+16 r1 i    144961.00  80.0%
+-DDES_RISC2 -DDES_PTR
+
diff --git a/crypto/des/times/hpux.cc b/crypto/des/times/hpux.cc
new file mode 100644
index 0000000000000000000000000000000000000000..3de856ddac5ac63fcaea374c8e98d8b4cb32256a
--- /dev/null
+++ b/crypto/des/times/hpux.cc
@@ -0,0 +1,17 @@
+HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+
+options    des ecb/s
+16  c i    149448.90 100.0%
+ 4  c i    145861.79  97.6%
+16 r2 i    141710.96  94.8%
+16 r1 i    139455.33  93.3%
+ 4 r2 i    138800.00  92.9%
+ 4 r1 i    136692.65  91.5%
+16 r2 p    110228.17  73.8%
+16 r1 p    109397.07  73.2%
+16  c p    109209.89  73.1%
+ 4  c p    108014.71  72.3%
+ 4 r2 p    107873.88  72.2%
+ 4 r1 p    107685.83  72.1%
+-DDES_UNROLL
+
diff --git a/crypto/des/times/sparc.gcc b/crypto/des/times/sparc.gcc
new file mode 100644
index 0000000000000000000000000000000000000000..8eaa042104063fb34be4822af566db60bf4ccc84
--- /dev/null
+++ b/crypto/des/times/sparc.gcc
@@ -0,0 +1,17 @@
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
+
+options    des ecb/s
+16  c i    124382.70 100.0%
+ 4  c i    118884.68  95.6%
+16  c p    112261.20  90.3%
+16 r2 i    111777.10  89.9%
+16 r2 p    108896.30  87.5%
+16 r1 p    108791.59  87.5%
+ 4  c p    107290.10  86.3%
+ 4 r1 p    104583.80  84.1%
+16 r1 i    104206.20  83.8%
+ 4 r2 p    103709.80  83.4%
+ 4 r2 i     98306.43  79.0%
+ 4 r1 i     91525.80  73.6%
+-DDES_UNROLL
+      
diff --git a/crypto/des/times/usparc.cc b/crypto/des/times/usparc.cc
new file mode 100644
index 0000000000000000000000000000000000000000..f6ec8e8831d8864fbbbd9b38f2e3bbcc9af2398c
--- /dev/null
+++ b/crypto/des/times/usparc.cc
@@ -0,0 +1,31 @@
+solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
+
+For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
+gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
+I belive the difference is tied up in optimisation that the compiler
+is able to perform when the code is 'inlined'.  For 'speed', the DES
+routines are being linked from a library.  I'll record the higher
+speed since if performance is everything, you can always inline
+'des_enc.c'.
+
+[ 16-Jan-06 - I've been playing with the
+  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
+  and while it makes the des_opts numbers much slower, it makes the
+  actual 'speed' numbers look better which is a realistic version of
+  using the libraries. ]
+
+options    des ecb/s
+16 r1 p    475516.90 100.0%
+16 r2 p    439388.10  92.4%
+16  c i    427001.40  89.8%
+16  c p    419516.50  88.2%
+ 4 r2 p    409491.70  86.1%
+ 4 r1 p    404266.90  85.0%
+ 4  c p    398121.00  83.7%
+ 4  c i    370588.40  77.9%
+ 4 r1 i    362742.20  76.3%
+16 r2 i    331275.50  69.7%
+16 r1 i    324730.60  68.3%
+ 4 r2 i     63535.10  13.4%	<-- very very weird, must be cache problems.
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
+
diff --git a/crypto/des/typemap b/crypto/des/typemap
new file mode 100644
index 0000000000000000000000000000000000000000..a524f53634e7fb5d777dc26e2bc67d19229c9d05
--- /dev/null
+++ b/crypto/des/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *	T_DESCHARP
+des_cblock *	T_CBLOCK
+des_cblock	T_CBLOCK
+des_key_schedule	T_SCHEDULE
+des_key_schedule *	T_SCHEDULE
+
+INPUT
+T_CBLOCK
+	$var=(des_cblock *)SvPV($arg,len);
+	if (len < DES_KEY_SZ)
+		{
+		croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+		}
+
+T_SCHEDULE
+	$var=(des_key_schedule *)SvPV($arg,len);
+	if (len < DES_SCHEDULE_SZ)
+		{
+		croak(\"$var needs to be at least %u bytes long\",
+			DES_SCHEDULE_SZ);
+		}
+
+OUTPUT
+T_CBLOCK
+	sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+
+T_SCHEDULE
+	sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+
+T_DESCHARP
+	sv_setpvn($arg,(char *)$var,len);
diff --git a/crypto/des/vms.com b/crypto/des/vms.com
new file mode 100755
index 0000000000000000000000000000000000000000..62ca1fbda497d5585696f6117b88d1683aed9384
--- /dev/null
+++ b/crypto/des/vms.com
@@ -0,0 +1,90 @@
+$! --- VMS.com ---
+$!
+$ GoSub defines
+$ GoSub linker_options
+$ If (P1 .nes. "")
+$ Then 
+$   GoSub 'P1'
+$ Else
+$   GoSub lib
+$   GoSub destest
+$   GoSub rpw
+$   GoSub speed
+$   GoSub des
+$ EndIF
+$!
+$ Exit
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$DEFINES:
+$ OPT_FILE := "VAX_LINKER_OPTIONS.OPT"
+$!
+$ CC_OPTS := "/NODebug/OPTimize/NOWarn"
+$!
+$ LINK_OPTS := "/NODebug/NOTraceback/Contiguous"
+$!
+$ OBJS  = "cbc_cksm.obj,cbc_enc.obj,ecb_enc.obj,pcbc_enc.obj," + -
+          "qud_cksm.obj,rand_key.obj,read_pwd.obj,set_key.obj,"      + -
+          "str2key.obj,enc_read.obj,enc_writ.obj,fcrypt.obj,"           + -
+	  "cfb_enc.obj,ecb3_enc.obj,ofb_enc.obj"
+	   
+	   
+$!
+$ LIBDES = "cbc_cksm.c,cbc_enc.c,ecb_enc.c,enc_read.c,"           + -
+           "enc_writ.c,pcbc_enc.c,qud_cksm.c,rand_key.c,"         + -
+           "read_pwd.c,set_key.c,str2key.c,fcrypt.c,"                + -
+	   "cfb_enc.c,ecb3_enc.c,ofb_enc.c"
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$LINKER_OPTIONS:
+$ If (f$search(OPT_FILE) .eqs. "")
+$ Then
+$   Create 'OPT_FILE'
+$DECK
+! Default system options file to link against the sharable C runtime library
+!
+Sys$Share:VAXcRTL.exe/Share
+$EOD
+$ EndIF
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$LIB:
+$ CC 'CC_OPTS' 'LIBDES'
+$ If (f$search("LIBDES.OLB") .nes. "")
+$ Then Library /Object /Replace libdes 'OBJS'
+$ Else Library /Create /Object  libdes 'OBJS'
+$ EndIF
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$DESTEST:
+$ CC 'CC_OPTS' destest
+$ Link 'link_opts' /Exec=destest destest.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$RPW:
+$ CC 'CC_OPTS' rpw
+$ Link 'link_opts' /Exec=rpw  rpw.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$SPEED:
+$ CC 'CC_OPTS' speed
+$ Link 'link_opts' /Exec=speed speed.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$DES:
+$ CC 'CC_OPTS' des
+$ Link 'link_opts' /Exec=des des.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
new file mode 100644
index 0000000000000000000000000000000000000000..fa251170fbd46db826ef195f5df5166f46fcc767
--- /dev/null
+++ b/crypto/des/xcbc_enc.c
@@ -0,0 +1,206 @@
+/* crypto/des/xcbc_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+static unsigned char desx_white_in2out[256]={
+0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
+0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
+0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
+0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
+0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
+0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
+0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
+0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
+0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
+0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
+0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
+0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
+0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
+0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
+0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
+0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
+	};
+
+void des_xwhite_in2out(des_key,in_white,out_white)
+des_cblock (*des_key);
+des_cblock (*in_white);
+des_cblock (*out_white);
+	{
+	unsigned char *key,*in,*out;
+	int out0,out1;
+	int i;
+
+	key=(unsigned char *)des_key;
+	in=(unsigned char *)in_white;
+	out=(unsigned char *)out_white;
+
+	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
+	out0=out1=0;
+	for (i=0; i<8; i++)
+		{
+		out[i]=key[i]^desx_white_in2out[out0^out1];
+		out0=out1;
+		out1=(int)out[i&0x07];
+		}
+
+	out0=out[0];
+	out1=out[i];
+	for (i=0; i<8; i++)
+		{
+		out[i]=in[i]^desx_white_in2out[out0^out1];
+		out0=out1;
+		out1=(int)out[i&0x07];
+		}
+	}
+
+void des_xcbc_encrypt(input, output, length, schedule, ivec, inw,outw,enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule schedule;
+des_cblock (*ivec);
+des_cblock (*inw);
+des_cblock (*outw);
+int enc;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register DES_LONG inW0,inW1,outW0,outW1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)inw;
+	c2l(in,inW0);
+	c2l(in,inW1);
+	in=(unsigned char *)outw;
+	c2l(in,outW0);
+	c2l(in,outW1);
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0^inW0; tin[0]=tin0;
+			tin1^=tout1^inW1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]^outW0; l2c(tout0,out);
+			tout1=tin[1]^outW1; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0^inW0; tin[0]=tin0;
+			tin1^=tout1^inW1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]^outW0; l2c(tout0,out);
+			tout1=tin[1]^outW1; l2c(tout1,out);
+			}
+		iv=(unsigned char *)ivec;
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0^outW0;
+			c2l(in,tin1); tin[1]=tin1^outW1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0^inW0;
+			tout1=tin[1]^xor1^inW1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0^outW0;
+			c2l(in,tin1); tin[1]=tin1^outW1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0^inW0;
+			tout1=tin[1]^xor1^inW1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+
+		iv=(unsigned char *)ivec;
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	inW0=inW1=outW0=outW1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..7e0c1e104915f521a585b2f4ad3198534558b1f3
--- /dev/null
+++ b/crypto/dh/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+
+DIR=	dh
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=dh
+ERRC=dh_err
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c $(ERRC).c
+LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/dh/dh.err b/crypto/dh/dh.err
new file mode 100644
index 0000000000000000000000000000000000000000..a4fe746985e02b4cd4a6e6e89e3a98b0d173480b
--- /dev/null
+++ b/crypto/dh/dh.err
@@ -0,0 +1,12 @@
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+#define DH_F_DHPARAMS_PRINT				 100
+#define DH_F_DHPARAMS_PRINT_FP				 101
+#define DH_F_DH_COMPUTE_KEY				 102
+#define DH_F_DH_GENERATE_KEY				 103
+#define DH_F_DH_GENERATE_PARAMETERS			 104
+#define DH_F_DH_NEW					 105
+
+/* Reason codes. */
+#define DH_R_NO_PRIVATE_VALUE				 100
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
new file mode 100644
index 0000000000000000000000000000000000000000..44978028b70e544b6313ee5d48c4cc380fc89c88
--- /dev/null
+++ b/crypto/dh/dh.h
@@ -0,0 +1,162 @@
+/* crypto/dh/dh.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DH_H
+#define HEADER_DH_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef HEADER_BN_H
+#define BIGNUM 		char
+#endif
+
+typedef struct dh_st
+	{
+	/* This first argument is used to pick up errors when
+	 * a DH is passed instead of a EVP_PKEY */
+	int pad;
+	int version;
+	BIGNUM *p;
+	BIGNUM *g;
+	int length; /* optional */
+	BIGNUM *pub_key;	/* y */
+	BIGNUM *priv_key;	/* x */
+	} DH;
+
+#define DH_GENERATOR_2		2
+/* #define DH_GENERATOR_3	3 */
+#define DH_GENERATOR_5		5
+
+/* DH_check error codes */
+#define DH_CHECK_P_NOT_PRIME		0x01
+#define DH_CHECK_P_NOT_STRONG_PRIME	0x02
+#define DH_UNABLE_TO_CHECK_GENERATOR	0x04
+#define DH_NOT_SUITABLE_GENERATOR	0x08
+
+#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
+		(char *(*)())d2i_DHparams,(char *)(x))
+#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+		(unsigned char *)(x))
+#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
+		(char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
+		(unsigned char *)(x))
+
+#ifndef NOPROTO
+DH *	DH_new(void);
+void	DH_free(DH *dh);
+int	DH_size(DH *dh);
+DH *	DH_generate_parameters(int prime_len,int generator,
+		void (*callback)(int,int));
+int	DH_check(DH *dh,int *codes);
+int	DH_generate_key(DH *dh);
+int	DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
+DH *	d2i_DHparams(DH **a,unsigned char **pp, long length);
+int	i2d_DHparams(DH *a,unsigned char **pp);
+#ifndef WIN16
+int	DHparams_print_fp(FILE *fp, DH *x);
+#endif
+#ifdef HEADER_BIO_H
+int	DHparams_print(BIO *bp, DH *x);
+#else
+int	DHparams_print(char *bp, DH *x);
+#endif
+void	ERR_load_DH_strings(void );
+
+#else
+
+DH *	DH_new();
+void	DH_free();
+int	DH_size();
+DH *	DH_generate_parameters();
+int	DH_check();
+int	DH_generate_key();
+int	DH_compute_key();
+DH *	d2i_DHparams();
+int	i2d_DHparams();
+#ifndef WIN16
+int	DHparams_print_fp();
+#endif
+int	DHparams_print();
+void	ERR_load_DH_strings();
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+#define DH_F_DHPARAMS_PRINT				 100
+#define DH_F_DHPARAMS_PRINT_FP				 101
+#define DH_F_DH_COMPUTE_KEY				 102
+#define DH_F_DH_GENERATE_KEY				 103
+#define DH_F_DH_GENERATE_PARAMETERS			 104
+#define DH_F_DH_NEW					 105
+
+/* Reason codes. */
+#define DH_R_NO_PRIVATE_VALUE				 100
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/dh/dh1024.pem b/crypto/dh/dh1024.pem
new file mode 100644
index 0000000000000000000000000000000000000000..81d43f6a3eae3e68d664df67149392e9012eae20
--- /dev/null
+++ b/crypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/crypto/dh/dh192.pem b/crypto/dh/dh192.pem
new file mode 100644
index 0000000000000000000000000000000000000000..521c07271d0de03dd7822f1a013c3394eeb65c1a
--- /dev/null
+++ b/crypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/crypto/dh/dh2048.pem b/crypto/dh/dh2048.pem
new file mode 100644
index 0000000000000000000000000000000000000000..295460f5081ee79db0fdbfd1cdab16cc71c3647b
--- /dev/null
+++ b/crypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/crypto/dh/dh4096.pem b/crypto/dh/dh4096.pem
new file mode 100644
index 0000000000000000000000000000000000000000..390943a21dc4c9d5934a266e7bfafecf391095c7
--- /dev/null
+++ b/crypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
+
diff --git a/crypto/dh/dh512.pem b/crypto/dh/dh512.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0a4d863ebe27ac2dd0dae387d4f3ab269aae09b2
--- /dev/null
+++ b/crypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
new file mode 100644
index 0000000000000000000000000000000000000000..8da8dc839390184b801acfdd8353d5ff904a0a54
--- /dev/null
+++ b/crypto/dh/dh_check.c
@@ -0,0 +1,120 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+
+/* Check that p is a strong prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+int DH_check(dh,ret)
+DH *dh;
+int *ret;
+	{
+	int ok=0;
+	BN_CTX *ctx=NULL;
+	BN_ULONG l;
+	BIGNUM *q=NULL;
+
+	*ret=0;
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	q=BN_new();
+	if (q == NULL) goto err;
+
+	if (BN_is_word(dh->g,DH_GENERATOR_2))
+		{
+		l=BN_mod_word(dh->p,24);
+		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+		}
+/*	else if (BN_is_word(dh->g,DH_GENERATOR_3))
+		{
+		l=BN_mod_word(dh->p,12);
+		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+		}*/
+	else if (BN_is_word(dh->g,DH_GENERATOR_5))
+		{
+		l=BN_mod_word(dh->p,10);
+		if ((l != 3) && (l != 7))
+			*ret|=DH_NOT_SUITABLE_GENERATOR;
+		}
+	else
+		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+
+	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx))
+		*ret|=DH_CHECK_P_NOT_PRIME;
+	else
+		{
+		if (!BN_rshift1(q,dh->p)) goto err;
+		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx))
+			*ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+		}
+	ok=1;
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (q != NULL) BN_free(q);
+	return(ok);
+	}
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..1950f43f624e3cf9766a65a5fe27a92297e340af
--- /dev/null
+++ b/crypto/dh/dh_err.c
@@ -0,0 +1,90 @@
+/* lib/dh/dh_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "dh.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA DH_str_functs[]=
+	{
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),	"DHparams_print"},
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0),	"DHparams_print_fp"},
+{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),	"DH_compute_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),	"DH_generate_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),	"DH_generate_parameters"},
+{ERR_PACK(0,DH_F_DH_NEW,0),	"DH_new"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA DH_str_reasons[]=
+	{
+{DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+{0,NULL},
+	};
+
+void ERR_load_DH_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_DH,DH_str_functs);
+		ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+		}
+	}
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
new file mode 100644
index 0000000000000000000000000000000000000000..ff4f18e1e05262bc9bb97c6881ed08570e475776
--- /dev/null
+++ b/crypto/dh/dh_gen.c
@@ -0,0 +1,149 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for strong primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn  for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a strong prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+
+DH *DH_generate_parameters(prime_len,generator,callback)
+int prime_len;
+int generator;
+void (*callback)(P_I_I);
+	{
+	BIGNUM *p=NULL,*t1,*t2;
+	DH *ret=NULL;
+	int g,ok= -1;
+	BN_CTX *ctx=NULL;
+
+	ret=DH_new();
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	t1=ctx->bn[0];
+	t2=ctx->bn[1];
+	ctx->tos=2;
+	
+	if (generator == DH_GENERATOR_2)
+		{
+		BN_set_word(t1,24);
+		BN_set_word(t2,11);
+		g=2;
+		}
+#ifdef undef  /* does not work for strong primes */
+	else if (generator == DH_GENERATOR_3)
+		{
+		BN_set_word(t1,12);
+		BN_set_word(t2,5);
+		g=3;
+		}
+#endif
+	else if (generator == DH_GENERATOR_5)
+		{
+		BN_set_word(t1,10);
+		BN_set_word(t2,3);
+		/* BN_set_word(t3,7); just have to miss
+		 * out on these ones :-( */
+		g=5;
+		}
+	else
+		g=generator;
+	
+	p=BN_generate_prime(prime_len,1,t1,t2,callback);
+	if (p == NULL) goto err;
+	if (callback != NULL) callback(3,0);
+	ret->p=p;
+	ret->g=BN_new();
+	if (!BN_set_word(ret->g,g)) goto err;
+	ok=1;
+err:
+	if (ok == -1)
+		{
+		DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+		ok=0;
+		}
+
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (!ok && (ret != NULL))
+		{
+		DH_free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
new file mode 100644
index 0000000000000000000000000000000000000000..12f47c4574186392dc6c2a2b7a0092ee992ef7f4
--- /dev/null
+++ b/crypto/dh/dh_key.c
@@ -0,0 +1,142 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "rand.h"
+#include "dh.h"
+
+int DH_generate_key(dh)
+DH *dh;
+	{
+	int ok=0;
+	unsigned int i;
+	BN_CTX *ctx=NULL;
+	BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	if (dh->priv_key == NULL)
+		{
+		i=dh->length;
+		if (i == 0)
+			{
+			/* Make the number p-1 bits long */
+			i=BN_num_bits(dh->p)-1;
+			}
+		priv_key=BN_new();
+		if (priv_key == NULL) goto err;
+		if (!BN_rand(priv_key,i,0,0)) goto err;
+		}
+	else
+		priv_key=dh->priv_key;
+
+	if (dh->pub_key == NULL)
+		{
+		pub_key=BN_new();
+		if (pub_key == NULL) goto err;
+		}
+	else
+		pub_key=dh->pub_key;
+
+	if (!BN_mod_exp(pub_key,dh->g,priv_key,dh->p,ctx)) goto err;
+		
+	dh->pub_key=pub_key;
+	dh->priv_key=priv_key;
+	ok=1;
+err:
+	if (ok != 1)
+		DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+
+	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
+	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	return(ok);
+	}
+
+int DH_compute_key(key,pub_key,dh)
+unsigned char *key;
+BIGNUM *pub_key;
+DH *dh;
+	{
+	BN_CTX *ctx;
+	BIGNUM *tmp;
+	int ret= -1;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	tmp=ctx->bn[ctx->tos++];
+	
+	if (dh->priv_key == NULL)
+		{
+		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+		goto err;
+		}
+	if (!BN_mod_exp(tmp,pub_key,dh->priv_key,dh->p,ctx))
+		{
+		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+		goto err;
+		}
+
+	ret=BN_bn2bin(tmp,key);
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	return(ret);
+	}
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
new file mode 100644
index 0000000000000000000000000000000000000000..786a2c14b461bfb772f66c8a6468ddb16260431c
--- /dev/null
+++ b/crypto/dh/dh_lib.c
@@ -0,0 +1,100 @@
+/* crypto/dh/dh_lib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dh.h"
+
+char *DH_version="Diffie-Hellman part of SSLeay 0.8.1b 29-Jun-1998";
+
+DH *DH_new()
+	{
+	DH *ret;
+
+	ret=(DH *)Malloc(sizeof(DH));
+	if (ret == NULL)
+		{
+		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->pad=0;
+	ret->version=0;
+	ret->p=NULL;
+	ret->g=NULL;
+	ret->length=0;
+	ret->pub_key=NULL;
+	ret->priv_key=NULL;
+	return(ret);
+	}
+
+void DH_free(r)
+DH *r;
+	{
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	Free(r);
+	}
+
+int DH_size(dh)
+DH *dh;
+	{
+	return(BN_num_bytes(dh->p));
+	}
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
new file mode 100644
index 0000000000000000000000000000000000000000..b3387158806f96ab0a559a06b16e1c87e0039707
--- /dev/null
+++ b/crypto/dh/dhtest.c
@@ -0,0 +1,187 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "crypto.h"
+#include "bio.h"
+#include "bn.h"
+#include "dh.h"
+
+#ifdef WIN16
+#define MS_CALLBACK	_far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#ifndef NOPROTO
+static void MS_CALLBACK cb(int p, int n);
+#else
+static void MS_CALLBACK cb();
+#endif
+
+#ifdef WIN16
+#define APPS_WIN16
+#include "../bio/bss_file.c"
+#endif
+
+BIO *out=NULL;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	DH *a,*b;
+	char buf[12];
+	unsigned char *abuf=NULL,*bbuf=NULL;
+	int i,alen,blen,aout,bout,ret=1;
+
+#ifdef WIN32
+	CRYPTO_malloc_init();
+#endif
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) exit(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	a=DH_generate_parameters(64,DH_GENERATOR_5,cb);
+	if (a == NULL) goto err;
+
+	BIO_puts(out,"\np    =");
+	BN_print(out,a->p);
+	BIO_puts(out,"\ng    =");
+	BN_print(out,a->g);
+	BIO_puts(out,"\n");
+
+	b=DH_new();
+	if (b == NULL) goto err;
+
+	b->p=BN_dup(a->p);
+	b->g=BN_dup(a->g);
+	if ((b->p == NULL) || (b->g == NULL)) goto err;
+
+	if (!DH_generate_key(a)) goto err;
+	BIO_puts(out,"pri 1=");
+	BN_print(out,a->priv_key);
+	BIO_puts(out,"\npub 1=");
+	BN_print(out,a->pub_key);
+	BIO_puts(out,"\n");
+
+	if (!DH_generate_key(b)) goto err;
+	BIO_puts(out,"pri 2=");
+	BN_print(out,b->priv_key);
+	BIO_puts(out,"\npub 2=");
+	BN_print(out,b->pub_key);
+	BIO_puts(out,"\n");
+
+	alen=DH_size(a);
+	abuf=(unsigned char *)Malloc(alen);
+	aout=DH_compute_key(abuf,b->pub_key,a);
+
+	BIO_puts(out,"key1 =");
+	for (i=0; ipub_key,b);
+
+	BIO_puts(out,"key2 =");
+	for (i=0; i; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn 
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+
+The generator, g, for this prime is 2.
+
+Thanks!
+
+Phil Karn
+
+
diff --git a/crypto/dh/generate b/crypto/dh/generate
new file mode 100644
index 0000000000000000000000000000000000000000..5d407231df5b030a33c9b904c18cc5fba8e5e485
--- /dev/null
+++ b/crypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+
+....
+
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" 
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+
+3 is a generator iff P = 5 (mod 12).
+
+5 is a generator iff P = 3 or 7 (mod 10).
+
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+
+Rich  rcs@cs.arizona.edu
+
+
+
diff --git a/crypto/dh/p1024.c b/crypto/dh/p1024.c
new file mode 100644
index 0000000000000000000000000000000000000000..7f8cd56d5a7b156beff4ec4ba33999e041be80ae
--- /dev/null
+++ b/crypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+	0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+	0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+	0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+	0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+	0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+	0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+	0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+	0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+	0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+	0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+	0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+	0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+	0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+	0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+	0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+	};
+
+main()
+	{
+	DH *dh;
+
+	dh=DH_new();
+	dh->p=BN_bin2bn(data,sizeof(data),NULL);
+	dh->g=BN_new();
+	BN_set_word(dh->g,2);
+	PEM_write_DHparams(stdout,dh);
+	}
diff --git a/crypto/dh/p192.c b/crypto/dh/p192.c
new file mode 100644
index 0000000000000000000000000000000000000000..c96972c8c644ad67f38f09e7aecd872cb746c6dc
--- /dev/null
+++ b/crypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+	};
+
+main()
+	{
+	DH *dh;
+
+	dh=DH_new();
+	dh->p=BN_bin2bn(data,sizeof(data),NULL);
+	dh->g=BN_new();
+	BN_set_word(dh->g,3);
+	PEM_write_DHparams(stdout,dh);
+	}
diff --git a/crypto/dh/p512.c b/crypto/dh/p512.c
new file mode 100644
index 0000000000000000000000000000000000000000..6105612cf933a59468c3c90f5daeb2ed5d477810
--- /dev/null
+++ b/crypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bn.h"
+#include "asn1.h"
+#include "dh.h"
+#include "pem.h"
+
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+	};
+
+main()
+	{
+	DH *dh;
+
+	dh=DH_new();
+	dh->p=BN_bin2bn(data,sizeof(data),NULL);
+	dh->g=BN_new();
+	BN_set_word(dh->g,2);
+	PEM_write_DHparams(stdout,dh);
+	}
diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..7b9c9cf4ce40ea3660c2acd3ce1e2bd8cb772b28
--- /dev/null
+++ b/crypto/dsa/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=	dsa
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=dsa
+ERRC=dsa_err
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/dsa/README b/crypto/dsa/README
new file mode 100644
index 0000000000000000000000000000000000000000..6a7e9c170add7b4c7119c5bf051bc5ed32a7a69b
--- /dev/null
+++ b/crypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch  to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/crypto/dsa/dsa.err b/crypto/dsa/dsa.err
new file mode 100644
index 0000000000000000000000000000000000000000..1131e9fa7466285ecede0808deebdd60c1ae2c0b
--- /dev/null
+++ b/crypto/dsa/dsa.err
@@ -0,0 +1,15 @@
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+#define DSA_F_DSAPARAMS_PRINT				 100
+#define DSA_F_DSAPARAMS_PRINT_FP			 101
+#define DSA_F_DSA_IS_PRIME				 102
+#define DSA_F_DSA_NEW					 103
+#define DSA_F_DSA_PRINT					 104
+#define DSA_F_DSA_PRINT_FP				 105
+#define DSA_F_DSA_SIGN					 106
+#define DSA_F_DSA_SIGN_SETUP				 107
+#define DSA_F_DSA_VERIFY				 108
+
+/* Reason codes. */
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
new file mode 100644
index 0000000000000000000000000000000000000000..e5dfafe214b0f960ba963f25ce396fdd595007a9
--- /dev/null
+++ b/crypto/dsa/dsa.h
@@ -0,0 +1,194 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch .  He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+
+#ifndef HEADER_DSA_H
+#define HEADER_DSA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include "bn.h"
+
+typedef struct dsa_st
+	{
+	/* This first variable is used to pick up errors where
+	 * a DSA is passed instead of of a EVP_PKEY */
+	int pad;
+	int version;
+	int write_params;
+	BIGNUM *p;
+	BIGNUM *q;	/* == 20 */
+	BIGNUM *g;
+
+	BIGNUM *pub_key;  /* y public key */
+	BIGNUM *priv_key; /* x private key */
+
+	BIGNUM *kinv;	/* Signing pre-calc */
+	BIGNUM *r;	/* Signing pre-calc */
+
+	int references;
+	} DSA;
+
+#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
+		(char *(*)())d2i_DSAparams,(char *)(x))
+#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+		(unsigned char *)(x))
+#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
+		(char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
+		(unsigned char *)(x))
+
+#ifndef NOPROTO
+
+DSA *	DSA_new(void);
+int	DSA_size(DSA *);
+	/* DSA *	DSA_generate_key(int bits, void (*callback)()); */
+	/* next 4 return -1 on error */
+int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
+int	DSA_sign(int type,unsigned char *dgst,int dlen,
+		unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int	DSA_verify(int type,unsigned char *dgst,int dgst_len,
+		unsigned char *sigbuf, int siglen, DSA *dsa);
+void	DSA_free (DSA *r);
+
+void	ERR_load_DSA_strings(void );
+
+DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+DSA *	DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
+		int *counter_ret, unsigned long *h_ret,void (*callback)());
+int	DSA_generate_key(DSA *a);
+int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
+int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
+int	i2d_DSAparams(DSA *a,unsigned char **pp);
+
+#ifdef HEADER_BIO_H
+int	DSAparams_print(BIO *bp, DSA *x);
+int	DSA_print(BIO *bp, DSA *x, int off);
+#endif
+#ifndef WIN16
+int	DSAparams_print_fp(FILE *fp, DSA *x);
+int	DSA_print_fp(FILE *bp, DSA *x, int off);
+#endif
+
+int DSA_is_prime(BIGNUM *q,void (*callback)());
+
+#else
+
+DSA *	DSA_new();
+int	DSA_size();
+int	DSA_sign_setup();
+int	DSA_sign();
+int	DSA_verify();
+void	DSA_free ();
+
+void	ERR_load_DSA_strings();
+
+DSA *	d2i_DSAPublicKey();
+DSA *	d2i_DSAPrivateKey();
+DSA * 	d2i_DSAparams();
+DSA *	DSA_generate_parameters();
+int	DSA_generate_key();
+int	i2d_DSAPublicKey();
+int 	i2d_DSAPrivateKey();
+int	i2d_DSAparams();
+
+int	DSA_is_prime();
+
+int	DSAparams_print();
+int	DSA_print();
+
+#ifndef WIN16
+int	DSAparams_print_fp();
+int	DSA_print_fp();
+#endif
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+#define DSA_F_DSAPARAMS_PRINT				 100
+#define DSA_F_DSAPARAMS_PRINT_FP			 101
+#define DSA_F_DSA_IS_PRIME				 102
+#define DSA_F_DSA_NEW					 103
+#define DSA_F_DSA_PRINT					 104
+#define DSA_F_DSA_PRINT_FP				 105
+#define DSA_F_DSA_SIGN					 106
+#define DSA_F_DSA_SIGN_SETUP				 107
+#define DSA_F_DSA_VERIFY				 108
+
+/* Reason codes. */
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
new file mode 100644
index 0000000000000000000000000000000000000000..ec0699d282f50e234092b67fb4069e206a971edd
--- /dev/null
+++ b/crypto/dsa/dsa_err.c
@@ -0,0 +1,93 @@
+/* lib/dsa/dsa_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include "err.h"
+#include "dsa.h"
+
+/* BEGIN ERROR CODES */
+static ERR_STRING_DATA DSA_str_functs[]=
+	{
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),	"DSAparams_print"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),	"DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0),	"DSA_is_prime"},
+{ERR_PACK(0,DSA_F_DSA_NEW,0),	"DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_PRINT,0),	"DSA_print"},
+{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),	"DSA_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_SIGN,0),	"DSA_sign"},
+{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),	"DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_VERIFY,0),	"DSA_verify"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA DSA_str_reasons[]=
+	{
+{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{0,NULL},
+	};
+
+void ERR_load_DSA_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+		ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
+		ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+		}
+	}
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000000000000000000000000000000000..2b80104e7b13faeabaaff5f5df2ed4e255ab981f
--- /dev/null
+++ b/crypto/dsa/dsa_gen.c
@@ -0,0 +1,325 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+#define HASH    SHA
+#else
+#define HASH    SHA1
+#endif 
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "sha.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+
+DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback)
+int bits;
+unsigned char *seed_in;
+int seed_len;
+int *counter_ret;
+unsigned long *h_ret;
+void (*callback)();
+	{
+	int ok=0;
+	unsigned char seed[SHA_DIGEST_LENGTH];
+	unsigned char md[SHA_DIGEST_LENGTH];
+	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+	BIGNUM *r0,*W,*X,*c,*test;
+	BIGNUM *g=NULL,*q=NULL,*p=NULL;
+	int k,n=0,i,b,m=0;
+	int counter=0;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+	unsigned int h=2;
+	DSA *ret=NULL;
+
+	if (bits < 512) bits=512;
+	bits=(bits+63)/64*64;
+
+	if ((seed_in != NULL) && (seed_len == 20))
+		memcpy(seed,seed_in,seed_len);
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	ctx2=BN_CTX_new();
+	if (ctx2 == NULL) goto err;
+	ret=DSA_new();
+	if (ret == NULL) goto err;
+	r0=ctx2->bn[0];
+	g=ctx2->bn[1];
+	W=ctx2->bn[2];
+	q=ctx2->bn[3];
+	X=ctx2->bn[4];
+	c=ctx2->bn[5];
+	p=ctx2->bn[6];
+	test=ctx2->bn[7];
+
+	BN_lshift(test,BN_value_one(),bits-1);
+
+	for (;;)
+		{
+		for (;;)
+			{
+			/* step 1 */
+			if (callback != NULL) callback(0,m++);
+
+			if (!seed_len)
+				RAND_bytes(seed,SHA_DIGEST_LENGTH);
+			else
+				seed_len=0;
+
+			memcpy(buf,seed,SHA_DIGEST_LENGTH);
+			memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+			for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+				{
+				buf[i]++;
+				if (buf[i] != 0) break;
+				}
+
+			/* step 2 */
+			HASH(seed,SHA_DIGEST_LENGTH,md);
+			HASH(buf,SHA_DIGEST_LENGTH,buf2);
+			for (i=0; i 0) break;
+			/* do a callback call */
+			/* step 5 */
+			}
+
+		if (callback != NULL) callback(2,0);
+		if (callback != NULL) callback(3,0);
+
+		/* step 6 */
+		counter=0;
+
+		n=(bits-1)/160;
+		b=(bits-1)-n*160;
+
+		for (;;)
+			{
+			/* step 7 */
+			BN_zero(W);
+			for (k=0; k<=n; k++)
+				{
+				for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+					{
+					buf[i]++;
+					if (buf[i] != 0) break;
+					}
+
+				HASH(buf,SHA_DIGEST_LENGTH,md);
+
+				/* step 8 */
+				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
+				BN_lshift(r0,r0,160*k);
+				BN_add(W,W,r0);
+				}
+
+			/* more of step 8 */
+			BN_mask_bits(W,bits-1);
+			BN_copy(X,W); /* this should be ok */
+			BN_add(X,X,test); /* this should be ok */
+
+			/* step 9 */
+			BN_lshift1(r0,q);
+			BN_mod(c,X,r0,ctx);
+			BN_sub(r0,c,BN_value_one());
+			BN_sub(p,X,r0);
+
+			/* step 10 */
+			if (BN_cmp(p,test) >= 0)
+				{
+				/* step 11 */
+				if (DSA_is_prime(p,callback) > 0)
+					goto end;
+				}
+
+			/* step 13 */
+			counter++;
+
+			/* step 14 */
+			if (counter >= 4096) break;
+
+			if (callback != NULL) callback(0,counter);
+			}
+		}
+end:
+	if (callback != NULL) callback(2,1);
+
+	/* We now need to gernerate g */
+	/* Set r0=(p-1)/q */
+        BN_sub(test,p,BN_value_one());
+        BN_div(r0,NULL,test,q,ctx);
+
+	BN_set_word(test,h);
+	for (;;)
+		{
+		/* g=test^r0%p */
+		BN_mod_exp(g,test,r0,p,ctx);
+		if (!BN_is_one(g)) break;
+		BN_add(test,test,BN_value_one());
+		h++;
+		}
+
+	if (callback != NULL) callback(3,1);
+
+	ok=1;
+err:
+	if (!ok)
+		{
+		if (ret != NULL) DSA_free(ret);
+		}
+	else
+		{
+		ret->p=BN_dup(p);
+		ret->q=BN_dup(q);
+		ret->g=BN_dup(g);
+		if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+		if (counter_ret != NULL) *counter_ret=counter;
+		if (h_ret != NULL) *h_ret=h;
+		}
+	BN_CTX_free(ctx);
+	BN_CTX_free(ctx2);
+	return(ok?ret:NULL);
+	}
+
+int DSA_is_prime(w, callback)
+BIGNUM *w;
+void (*callback)();
+	{
+	int ok= -1,j,i,n;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+	BIGNUM *w_1,*b,*m,*z;
+	int a;
+
+	if (!BN_is_bit_set(w,0)) return(0);
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	ctx2=BN_CTX_new();
+	if (ctx2 == NULL) goto err;
+
+	m=  ctx2->bn[2];
+	b=  ctx2->bn[3];
+	z=  ctx2->bn[4];
+	w_1=ctx2->bn[5];
+
+	/* step 1 */
+	n=50;
+
+	/* step 2 */
+	if (!BN_sub(w_1,w,BN_value_one())) goto err;
+	for (a=1; !BN_is_bit_set(w_1,a); a++)
+		;
+	if (!BN_rshift(m,w_1,a)) goto err;
+
+	for (i=1; i < n; i++)
+		{
+		/* step 3 */
+		BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
+		BN_set_word(b,0x10001L);
+
+		/* step 4 */
+		j=0;
+		if (!BN_mod_exp(z,b,m,w,ctx)) goto err;
+
+		/* step 5 */
+		for (;;)
+			{
+			if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0))
+				break;
+
+			/* step 6 */
+			if ((j > 0) && BN_is_one(z))
+				{
+				ok=0;
+				goto err;
+				}
+
+			j++;
+			if (j >= a)
+				{
+				ok=0;
+				goto err;
+				}
+
+			if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
+			if (callback != NULL) callback(1,j);
+			}
+		}
+
+	ok=1;
+err:
+	if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
+	BN_CTX_free(ctx);
+	BN_CTX_free(ctx2);
+	
+	return(ok);
+	}
+
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
new file mode 100644
index 0000000000000000000000000000000000000000..2c70248687a0a42e3907297988534ba4cce37e4d
--- /dev/null
+++ b/crypto/dsa/dsa_key.c
@@ -0,0 +1,112 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "sha.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+
+int DSA_generate_key(dsa)
+DSA *dsa;
+	{
+	int ok=0;
+	unsigned int i;
+	BN_CTX *ctx=NULL;
+	BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+	if (dsa->priv_key == NULL)
+		{
+		if ((priv_key=BN_new()) == NULL) goto err;
+		}
+	else
+		priv_key=dsa->priv_key;
+
+	i=BN_num_bits(dsa->q);
+	for (;;)
+		{
+		BN_rand(priv_key,i,1,0);
+		if (BN_cmp(priv_key,dsa->q) >= 0)
+			BN_sub(priv_key,priv_key,dsa->q);
+		if (!BN_is_zero(priv_key)) break;
+		}
+
+	if (dsa->pub_key == NULL)
+		{
+		if ((pub_key=BN_new()) == NULL) goto err;
+		}
+	else
+		pub_key=dsa->pub_key;
+
+	if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+
+	dsa->priv_key=priv_key;
+	dsa->pub_key=pub_key;
+	ok=1;
+
+err:
+	if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+	if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	return(ok);
+	}
+
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000000000000000000000000000000000..e666db07f05ba82b8e07003885e1dbe4246405ed
--- /dev/null
+++ b/crypto/dsa/dsa_lib.c
@@ -0,0 +1,142 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "asn1.h"
+
+char *DSA_version="\0DSA part of SSLeay 0.8.1b 29-Jun-1998";
+
+DSA *DSA_new()
+	{
+	DSA *ret;
+
+	ret=(DSA *)Malloc(sizeof(DSA));
+	if (ret == NULL)
+		{
+		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->pad=0;
+	ret->version=0;
+	ret->write_params=1;
+	ret->p=NULL;
+	ret->q=NULL;
+	ret->g=NULL;
+
+	ret->pub_key=NULL;
+	ret->priv_key=NULL;
+
+	ret->kinv=NULL;
+	ret->r=NULL;
+
+	ret->references=1;
+	return(ret);
+	}
+
+void DSA_free(r)
+DSA *r;
+	{
+	int i;
+
+	if (r == NULL) return;
+
+	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"DSA_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	if (r->kinv != NULL) BN_clear_free(r->kinv);
+	if (r->r != NULL) BN_clear_free(r->r);
+	Free(r);
+	}
+
+int DSA_size(r)
+DSA *r;
+	{
+	int ret,i;
+	ASN1_INTEGER bs;
+	unsigned char buf[4];
+
+	i=BN_num_bits(r->q);
+	bs.length=(i+7)/8;
+	bs.data=buf;
+	bs.type=V_ASN1_INTEGER;
+	/* If the top bit is set the asn1 encoding is 1 larger. */
+	buf[0]=0xff;	
+
+	i=i2d_ASN1_INTEGER(&bs,NULL);
+	i+=i; /* r and s */
+	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+	return(ret);
+	}
+
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000000000000000000000000000000000..ebb758feb552b34393d68151aa6e833f74770379
--- /dev/null
+++ b/crypto/dsa/dsa_sign.c
@@ -0,0 +1,215 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+#include "asn1.h"
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/*	DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
+
+int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dlen;
+unsigned char *sig;	/* out */
+unsigned int *siglen;	/* out */
+DSA *dsa;
+	{
+	BIGNUM *kinv=NULL,*r=NULL;
+	BIGNUM *m=NULL;
+	BIGNUM *xr=NULL,*s=NULL;
+	BN_CTX *ctx=NULL;
+	unsigned char *p;
+	int i,len=0,ret=0,reason=ERR_R_BN_LIB;
+        ASN1_INTEGER rbs,sbs;
+	MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
+	MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
+
+	i=BN_num_bytes(dsa->q); /* should be 20 */
+	if ((dlen > i) || (dlen > 50))
+		{
+		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+		goto err;
+		}
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	if ((dsa->kinv == NULL) || (dsa->r == NULL))
+		{
+		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+		}
+	else
+		{
+		kinv=dsa->kinv;
+		dsa->kinv=NULL;
+		r=dsa->r;
+		dsa->r=NULL;
+		}
+
+	m=BN_new();
+	xr=BN_new();
+	s=BN_new();
+	if (m == NULL || xr == NULL || s == NULL) goto err;
+
+	if (BN_bin2bn(dgst,dlen,m) == NULL) goto err;
+
+	/* Compute  s = inv(k) (m + xr) mod q */
+	if (!BN_mul(xr, dsa->priv_key, r)) goto err;	/* s = xr */
+	if (!BN_add(s, xr, m)) goto err;		/* s = m + xr */
+	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+	/*
+	 * Now create a ASN.1 sequence of the integers R and S.
+	 */
+	rbs.data=rbuf;
+	sbs.data=sbuf;
+	rbs.type = V_ASN1_INTEGER;
+	sbs.type = V_ASN1_INTEGER;
+	rbs.length=BN_bn2bin(r,rbs.data);
+	sbs.length=BN_bn2bin(s,sbs.data);
+
+	len =i2d_ASN1_INTEGER(&rbs,NULL);
+	len+=i2d_ASN1_INTEGER(&sbs,NULL);
+
+	p=sig;
+	ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_INTEGER(&rbs,&p);
+	i2d_ASN1_INTEGER(&sbs,&p);
+	*siglen=(p-sig);
+	ret=1;
+err:
+	if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
+		
+#if 1 /* do the right thing :-) */
+	if (kinv != NULL) BN_clear_free(kinv);
+	if (r != NULL) BN_clear_free(r);
+#endif
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (m != NULL) BN_clear_free(m);
+	if (xr != NULL) BN_clear_free(xr);
+	if (s != NULL) BN_clear_free(s);
+	return(ret);
+	}
+
+int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
+DSA *dsa;
+BN_CTX *ctx_in;
+BIGNUM **kinvp;
+BIGNUM **rp;
+	{
+	BN_CTX *ctx;
+	BIGNUM *k=NULL,*kinv=NULL,*r=NULL;
+	int ret=0;
+
+	if (ctx_in == NULL)
+		{
+		if ((ctx=BN_CTX_new()) == NULL) goto err;
+		}
+	else
+		ctx=ctx_in;
+
+	r=BN_new();
+	k=BN_new();
+	if ((r == NULL) || (k == NULL))
+		goto err;
+	kinv=NULL;
+
+	if (r == NULL) goto err;
+
+	/* Get random k */
+	for (;;)
+		{
+		if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err;
+		if (BN_cmp(k,dsa->q) >= 0)
+			BN_sub(k,k,dsa->q);
+		if (!BN_is_zero(k)) break;
+		}
+
+	/* Compute r = (g^k mod p) mod q */
+	if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err;
+	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+	/* Compute  part of 's = inv(k) (m + xr) mod q' */
+	if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err;
+
+	if (*kinvp != NULL) BN_clear_free(*kinvp);
+	*kinvp=kinv;
+	kinv=NULL;
+	if (*rp != NULL) BN_clear_free(*rp);
+	*rp=r;
+	ret=1;
+err:
+	if (!ret)
+		{
+		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+		if (kinv != NULL) BN_clear_free(kinv);
+		if (r != NULL) BN_clear_free(r);
+		}
+	if (ctx_in == NULL) BN_CTX_free(ctx);
+	if (k != NULL) BN_clear_free(k);
+	if (kinv != NULL) BN_clear_free(kinv);
+	return(ret);
+	}
+
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000000000000000000000000000000000..a217f8631ce89d83c09efe4562b43e31cf413e7b
--- /dev/null
+++ b/crypto/dsa/dsa_vrf.c
@@ -0,0 +1,152 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *	 1: correct signature
+ *	 0: incorrect signature
+ *	-1: error
+ */
+int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
+int type;
+unsigned char *dgst;
+int dgst_len;
+unsigned char *sigbuf;
+int siglen;
+DSA *dsa;
+	{
+	/* The next 3 are used by the M_ASN1 macros */
+	long length=siglen;
+	ASN1_CTX c;
+	unsigned char **pp= &sigbuf;
+	BN_CTX *ctx;
+	BIGNUM *r=NULL;
+	BIGNUM *t1=NULL,*t2=NULL;
+	BIGNUM *u1=NULL,*u2=NULL;
+	ASN1_INTEGER *bs=NULL;
+	int ret = -1;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	t1=BN_new();
+	t2=BN_new();
+	if (t1 == NULL || t2 == NULL) goto err;
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+        if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
+        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+        if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
+	if (!asn1_Finish(&c)) goto err;
+
+	/* Calculate W = inv(S) mod Q
+	 * save W in u2 */
+	if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn;
+
+	/* save M in u1 */
+	if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
+
+	/* u1 = M * w mod q */
+	if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
+
+	/* u2 = r * w mod q */
+	if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
+
+	/* v = ( g^u1 * y^u2 mod p ) mod q */
+	/* let t1 = g ^ u1 mod p */
+	if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn;
+	/* let t2 = y ^ u2 mod p */
+	if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn;
+	/* let u1 = t1 * t2 mod p */
+	if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
+	/* let u1 = u1 mod q */
+	if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
+	/* V is now in u1.  If the signature is correct, it will be
+	 * equal to R. */
+	ret=(BN_ucmp(u1, r) == 0);
+	if (0)
+		{
+err: /* ASN1 error */
+		DSAerr(DSA_F_DSA_VERIFY,c.error);
+		}
+	if (0)
+		{
+err_bn: /* BN error */
+		DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
+		}
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (r != NULL) BN_free(r);
+	if (t1 != NULL) BN_free(t1);
+	if (t2 != NULL) BN_free(t2);
+	if (u1 != NULL) BN_free(u1);
+	if (u2 != NULL) BN_free(u2);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(ret);
+	}
diff --git a/crypto/dsa/dsagen.c b/crypto/dsa/dsagen.c
new file mode 100644
index 0000000000000000000000000000000000000000..3422d877f4136438f4f46497786a79a8985d8ebe
--- /dev/null
+++ b/crypto/dsa/dsagen.c
@@ -0,0 +1,105 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "dsa.h"
+
+#define TEST
+#define GENUINE_DSA
+
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+
+#ifdef TEST
+unsigned char seed[20]={
+	0xd5,0x01,0x4e,0x4b,
+	0x60,0xef,0x2b,0xa8,
+	0xb6,0x21,0x1b,0x40,
+	0x62,0xba,0x32,0x24,
+	0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+
+int cb(p,n)
+int p,n;
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	printf("%c",c);
+	fflush(stdout);
+	}
+
+main()
+	{
+	int i;
+	BIGNUM *n;
+	BN_CTX *ctx;
+	unsigned char seed_buf[20];
+	DSA *dsa;
+	int counter,h;
+
+	memcpy(seed_buf,seed,20);
+	dsa=DSA_generate_key(1024,seed,20,&counter,&h,cb);
+	}
+
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
new file mode 100644
index 0000000000000000000000000000000000000000..894d2dbf047ad2fa15ff9ebe549be60cf910daa5
--- /dev/null
+++ b/crypto/dsa/dsatest.c
@@ -0,0 +1,216 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "crypto.h"
+#include "rand.h"
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+
+#ifdef WIN16
+#include "../bio/bss_file.c"
+#endif
+
+#ifdef WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n);
+#else
+static void MS_CALLBACK dsa_cb();
+#endif
+
+static unsigned char seed[20]={
+	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+	};
+
+static unsigned char out_p[]={
+	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+	};
+
+static unsigned char out_q[]={
+	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+	0xda,0xce,0x91,0x5f,
+	};
+
+static unsigned char out_g[]={
+	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+	};
+
+static BIO *bio_err=NULL;
+
+int main(argc, argv)
+int argc;
+char **argv;
+	{
+	DSA *dsa=NULL;
+	int counter,ret=0,i,j;
+	unsigned char buf[256];
+	unsigned long h;
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	BIO_printf(bio_err,"test generation of DSA parameters\n");
+	BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
+	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb);
+
+	BIO_printf(bio_err,"seed\n");
+	for (i=0; i<20; i+=4)
+		{
+		BIO_printf(bio_err,"%02X%02X%02X%02X ",
+			seed[i],seed[i+1],seed[i+2],seed[i+3]);
+		}
+	BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+		
+	if (dsa == NULL) goto end;
+	DSA_print(bio_err,dsa,0);
+	if (counter != 105) 
+		{
+		BIO_printf(bio_err,"counter should be 105\n");
+		goto end;
+		}
+	if (h != 2)
+		{
+		BIO_printf(bio_err,"h should be 2\n");
+		goto end;
+		}
+
+	i=BN_bn2bin(dsa->q,buf);
+	j=sizeof(out_q);
+	if ((i != j) || (memcmp(buf,out_q,i) != 0))
+		{
+		BIO_printf(bio_err,"q value is wrong\n");
+		goto end;
+		}
+
+	i=BN_bn2bin(dsa->p,buf);
+	j=sizeof(out_p);
+	if ((i != j) || (memcmp(buf,out_p,i) != 0))
+		{
+		BIO_printf(bio_err,"p value is wrong\n");
+		goto end;
+		}
+
+	i=BN_bn2bin(dsa->g,buf);
+	j=sizeof(out_g);
+	if ((i != j) || (memcmp(buf,out_g,i) != 0))
+		{
+		BIO_printf(bio_err,"g value is wrong\n");
+		goto end;
+		}
+
+	ret=1;
+end:
+	if (!ret)
+		ERR_print_errors(bio_err);
+	if (bio_err != NULL) BIO_free(bio_err);
+	if (dsa != NULL) DSA_free(dsa);
+	exit(!ret);
+	return(0);
+	}
+
+static void MS_CALLBACK dsa_cb(p, n)
+int p;
+int n;
+	{
+	char c='*';
+	static int ok=0,num=0;
+
+	if (p == 0) { c='.'; num++; };
+	if (p == 1) c='+';
+	if (p == 2) { c='*'; ok++; }
+	if (p == 3) c='\n';
+	BIO_write(bio_err,&c,1);
+	BIO_flush(bio_err);
+
+	if (!ok && (p == 0) && (num > 1))
+		{
+		BIO_printf(bio_err,"error in dsatest\n");
+		exit(1);
+		}
+	}
+
+
diff --git a/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt
new file mode 100644
index 0000000000000000000000000000000000000000..3a2e0a0d51a28c5e8809e33dd922fa2133227446
--- /dev/null
+++ b/crypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+		     APPENDIX 5. EXAMPLE OF THE DSA
+
+
+This appendix is for informational purposes only and is not required to meet
+the standard.
+
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+
+With this SEED, the algorithm found p and q when the counter was at 105.
+
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+
+XSEED =   
+
+	bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+
+t =
+	67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+
+x = G(t,XSEED) mod q
+
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+
+KSEED =
+
+	687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+
+t =
+	EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+
+k = G(t,KSEED) mod q
+
+Finally:
+
+h = 2
+
+p =
+	8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+	cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+	49693dfb f83724c2 ec0736ee 31c80291
+
+
+q =
+	c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+
+
+g =
+	626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+	3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+	c42e9f6f 464b088c c572af53 e6d78802
+
+
+x =
+	2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+
+
+k =
+	358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+
+
+kinv = 
+
+	0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+
+SHA(M) =  
+
+	a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+
+
+y =
+
+	19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+	9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+	858fba33 f44c0669 9630a76b 030ee333
+
+
+r =
+	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+
+s =
+	41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+
+
+w =
+	9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+
+
+u1 =
+	bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+
+
+u2 =
+	821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+
+
+gu1 mod p =
+
+	51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+	9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+	6f96662a 1987a21b e4ec1071 010b6069
+
+
+yu2 mod p =
+
+	8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+	5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+	c19441f4 22bf3c34 08aeba1f 0a4dbec7
+
+v =
+	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl
new file mode 100644
index 0000000000000000000000000000000000000000..9e1e451e594d53e519a6b6e85219f2a3153086c9
--- /dev/null
+++ b/crypto/err/Makefile.ssl
@@ -0,0 +1,80 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+
+DIR=	error
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/err/err.c b/crypto/err/err.c
new file mode 100644
index 0000000000000000000000000000000000000000..6eec77a1545052dd54c84ed2619baf1b26105567
--- /dev/null
+++ b/crypto/err/err.c
@@ -0,0 +1,550 @@
+/* crypto/err/err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "lhash.h"
+#include "crypto.h"
+#include "cryptlib.h"
+#include "buffer.h"
+#include "err.h"
+#include "crypto.h"
+
+
+static LHASH *error_hash=NULL;
+static LHASH *thread_hash=NULL;
+
+#ifndef NOPROTO
+static unsigned long err_hash(ERR_STRING_DATA *a);
+static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
+static unsigned long pid_hash(ERR_STATE *pid);
+static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
+#else
+static unsigned long err_hash();
+static int err_cmp();
+static unsigned long pid_hash();
+static int pid_cmp();
+#endif
+
+#ifndef NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+	{
+{ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)		,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)		,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)		,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuation file routines"},
+{ERR_PACK(ERR_LIB_METH,0,0)		,"X509 lookup 'method' routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
+{ERR_PACK(ERR_LIB_RSAREF,0,0)		,"RSAref routines"},
+{ERR_PACK(ERR_LIB_PROXY,0,0)		,"Proxy routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA ERR_str_functs[]=
+	{
+	{ERR_PACK(0,SYS_F_FOPEN,0),     	"fopen"},
+	{ERR_PACK(0,SYS_F_CONNECT,0),		"connect"},
+	{ERR_PACK(0,SYS_F_GETSERVBYNAME,0),	"getservbyname"},
+	{ERR_PACK(0,SYS_F_SOCKET,0),		"socket"}, 
+	{ERR_PACK(0,SYS_F_IOCTLSOCKET,0),	"ioctlsocket"},
+	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},
+	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},
+	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},
+#ifdef WINDOWS
+	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
+#endif
+	{0,NULL},
+	};
+
+static ERR_STRING_DATA ERR_str_reasons[]=
+	{
+{ERR_R_FATAL                             ,"fatal"},
+{ERR_R_SYS_LIB				,"system lib"},
+{ERR_R_BN_LIB				,"BN lib"},
+{ERR_R_RSA_LIB				,"RSA lib"},
+{ERR_R_DH_LIB				,"DH lib"},
+{ERR_R_EVP_LIB				,"EVP lib"},
+{ERR_R_BUF_LIB				,"BUF lib"},
+{ERR_R_BIO_LIB				,"BIO lib"},
+{ERR_R_OBJ_LIB				,"OBJ lib"},
+{ERR_R_PEM_LIB				,"PEM lib"},
+{ERR_R_X509_LIB				,"X509 lib"},
+{ERR_R_METH_LIB				,"METH lib"},
+{ERR_R_ASN1_LIB				,"ASN1 lib"},
+{ERR_R_CONF_LIB				,"CONF lib"},
+{ERR_R_SSL_LIB				,"SSL lib"},
+{ERR_R_PROXY_LIB			,"PROXY lib"},
+{ERR_R_BIO_LIB				,"BIO lib"},
+{ERR_R_PKCS7_LIB			,"PKCS7 lib"},
+{ERR_R_MALLOC_FAILURE			,"Malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a fuction you should not call"},
+{0,NULL},
+	};
+#endif
+
+void ERR_load_ERR_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+		if (init == 0)
+			{
+			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+			return;
+			}
+		init=0;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+#ifndef NO_ERR
+		ERR_load_strings(0,ERR_str_libraries);
+		ERR_load_strings(0,ERR_str_reasons);
+		ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
+#endif
+		}
+	}
+
+void ERR_load_strings(lib,str)
+int lib;
+ERR_STRING_DATA *str;
+	{
+	if (error_hash == NULL)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
+		error_hash=lh_new(err_hash,err_cmp);
+		if (error_hash == NULL)
+			{
+			CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+			return;
+			}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+
+		ERR_load_ERR_strings();
+		}
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
+	while (str->error)
+		{
+		str->error|=ERR_PACK(lib,0,0);
+		lh_insert(error_hash,(char *)str);
+		str++;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+	}
+
+void ERR_free_strings()
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+
+	if (error_hash != NULL)
+		{
+		lh_free(error_hash);
+		error_hash=NULL;
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+void ERR_put_error(lib,func,reason,file,line)
+int lib,func,reason;
+char *file;
+int line;
+	{
+	ERR_STATE *es;
+
+	es=ERR_get_state();
+
+	es->top=(es->top+1)%ERR_NUM_ERRORS;
+	if (es->top == es->bottom)
+		es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
+	es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
+	es->err_file[es->top]=file;
+	es->err_line[es->top]=line;
+	}
+
+void ERR_clear_error()
+	{
+	int i;
+	ERR_STATE *es;
+
+	es=ERR_get_state();
+
+	for (i=0; ierr_buffer[i]=0;
+		es->err_file[i]=NULL;
+		es->err_line[i]= -1;
+		}
+	es->top=es->bottom=0;
+	}
+
+unsigned long ERR_peek_error()
+	{	
+	int i;
+	ERR_STATE *es;
+
+	/* should be fine since only one thread should ever be playing
+	 * with the value returned from this call */
+	es=ERR_get_state();
+
+	if (es->bottom == es->top) return(0);
+	i=(es->bottom+1)%ERR_NUM_ERRORS;
+
+
+	return(es->err_buffer[i]);
+	}
+
+unsigned long ERR_get_error()
+	{
+	int i;
+	unsigned long ret;
+	ERR_STATE *es;
+
+	es=ERR_get_state();
+
+	if (es->bottom == es->top) return(0);
+	i=(es->bottom+1)%ERR_NUM_ERRORS;
+	es->bottom=i;
+	ret=es->err_buffer[i];
+	es->err_buffer[i]=0;
+
+
+	return(ret);
+	}
+
+unsigned long ERR_peek_error_line(file,line)
+char **file;
+int *line;
+	{	
+	int i=0;
+	ERR_STATE *es;
+
+	es=ERR_get_state();
+
+	if (es->bottom == es->top)
+		{
+		return(0);
+		}
+
+	i=(es->bottom+1)%ERR_NUM_ERRORS;
+	if (es->err_file[i] == NULL)
+		{
+		*file="NA";
+		*line=0;
+		}
+	else
+		{
+		*file=es->err_file[i];
+		*line=es->err_line[i];
+		}
+
+	return(es->err_buffer[i]);
+	}
+
+unsigned long ERR_get_error_line(file,line)
+char **file;
+int *line;
+	{
+	int i;
+	unsigned long ret;
+	ERR_STATE *es;
+
+	es=ERR_get_state();
+
+	if (es->bottom == es->top)
+		return(0);
+
+	i=(es->bottom+1)%ERR_NUM_ERRORS;
+	es->bottom=i;
+	ret=  es->err_buffer[i];
+	if (es->err_file[i] == NULL)
+		{
+		*file="NA";
+		*line=0;
+		}
+	else
+		{
+		*file=es->err_file[i];
+		*line=es->err_line[i];
+		}
+	es->err_buffer[i]=0;
+	es->err_file[i]=NULL;
+	es->err_line[i]= -1;
+
+	return(ret);
+	}
+
+/* BAD for multi-threaded, uses a local buffer if ret == NULL */
+char *ERR_error_string(e,ret)
+unsigned long e;
+char *ret;
+	{
+	static char buf[256];
+	char *ls,*fs,*rs;
+	unsigned long l,f,r;
+	int i;
+
+	l=ERR_GET_LIB(e);
+	f=ERR_GET_FUNC(e);
+	r=ERR_GET_REASON(e);
+
+	ls=ERR_lib_error_string(e);
+	fs=ERR_func_error_string(e);
+	rs=ERR_reason_error_string(e);
+
+	if (ret == NULL) ret=buf;
+
+	sprintf(&(ret[0]),"error:%08lX:",e);
+	i=strlen(ret);
+	if (ls == NULL)
+		sprintf(&(ret[i]),":lib(%lu) ",l);
+	else	sprintf(&(ret[i]),"%s",ls);
+	i=strlen(ret);
+	if (fs == NULL)
+		sprintf(&(ret[i]),":func(%lu) ",f);
+	else	sprintf(&(ret[i]),":%s",fs);
+	i=strlen(ret);
+	if (rs == NULL)
+		sprintf(&(ret[i]),":reason(%lu)",r);
+	else	sprintf(&(ret[i]),":%s",rs);
+
+	return(ret);
+	}
+
+LHASH *ERR_get_string_table()
+	{
+	return(error_hash);
+	}
+
+LHASH *ERR_get_err_state_table()
+	{
+	return(thread_hash);
+	}
+
+char *ERR_lib_error_string(e)
+unsigned long e;
+	{
+	ERR_STRING_DATA d,*p=NULL;
+	unsigned long l;
+
+	l=ERR_GET_LIB(e);
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+
+	if (error_hash != NULL)
+		{
+		d.error=ERR_PACK(l,0,0);
+		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+		}
+
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+
+	return((p == NULL)?NULL:p->string);
+	}
+
+char *ERR_func_error_string(e)
+unsigned long e;
+	{
+	ERR_STRING_DATA d,*p=NULL;
+	unsigned long l,f;
+
+	l=ERR_GET_LIB(e);
+	f=ERR_GET_FUNC(e);
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+
+	if (error_hash != NULL)
+		{
+		d.error=ERR_PACK(l,f,0);
+		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+		}
+
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+
+	return((p == NULL)?NULL:p->string);
+	}
+
+char *ERR_reason_error_string(e)
+unsigned long e;
+	{
+	ERR_STRING_DATA d,*p=NULL;
+	unsigned long l,r;
+
+	l=ERR_GET_LIB(e);
+	r=ERR_GET_REASON(e);
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+
+	if (error_hash != NULL)
+		{
+		d.error=ERR_PACK(l,0,r);
+		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+		if (p == NULL)
+			{
+			d.error=ERR_PACK(0,0,r);
+			p=(ERR_STRING_DATA *)lh_retrieve(error_hash,
+				(char *)&d);
+			}
+		}
+
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+
+	return((p == NULL)?NULL:p->string);
+	}
+
+static unsigned long err_hash(a)
+ERR_STRING_DATA *a;
+	{
+	unsigned long ret,l;
+
+	l=a->error;
+	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+	return(ret^ret%19*13);
+	}
+
+static int err_cmp(a,b)
+ERR_STRING_DATA *a,*b;
+	{
+	return((int)(a->error-b->error));
+	}
+
+static unsigned long pid_hash(a)
+ERR_STATE *a;
+	{
+	return(a->pid*13);
+	}
+
+static int pid_cmp(a,b)
+ERR_STATE *a,*b;
+	{
+	return((int)((long)a->pid - (long)b->pid));
+	}
+
+void ERR_remove_state(pid)
+unsigned long pid;
+	{
+	ERR_STATE *p,tmp;
+
+	if (thread_hash == NULL)
+		return;
+	if (pid == 0)
+		pid=(unsigned long)CRYPTO_thread_id();
+	tmp.pid=pid;
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p=(ERR_STATE *)lh_delete(thread_hash,(char *)&tmp);
+	if (p != NULL) Free(p);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+ERR_STATE *ERR_get_state()
+	{
+	static ERR_STATE fallback;
+	ERR_STATE *ret=NULL,tmp,*tmpp;
+	unsigned long pid;
+
+	pid=(unsigned long)CRYPTO_thread_id();
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	if (thread_hash == NULL)
+		{
+		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+		if (thread_hash == NULL)
+			{
+			thread_hash=lh_new(pid_hash,pid_cmp);
+			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+			if (thread_hash == NULL) return(&fallback);
+			}
+		else
+			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+		}
+	else
+		{
+		tmp.pid=pid;
+		ret=(ERR_STATE *)lh_retrieve(thread_hash,(char *)&tmp);
+		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+		}
+
+	/* ret == the error state, if NULL, make a new one */
+	if (ret == NULL)
+		{
+		ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE));
+		if (ret == NULL) return(&fallback);
+		ret->pid=pid;
+		ret->top=0;
+		ret->bottom=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+		tmpp=(ERR_STATE *)lh_insert(thread_hash,(char *)ret);
+		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+		if (tmpp != NULL) /* old entry - should not happen */
+			Free(tmpp);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/err/err.h b/crypto/err/err.h
new file mode 100644
index 0000000000000000000000000000000000000000..aa3354e2ddaaafc7f5977d9cb7bcf1a04ae026d3
--- /dev/null
+++ b/crypto/err/err.h
@@ -0,0 +1,265 @@
+/* crypto/err/err.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ERR_H
+#define HEADER_ERR_H
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+/* The following is a bit of a trick to help the object files only contain
+ * the 'name of the file' string once.  Since 'err.h' is protected by the
+ * HEADER_ERR_H stuff, this should be included only once per file. */
+
+#define ERR_file_name	__FILE__
+
+#ifndef NO_ERR
+#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)
+#else
+#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
+#endif
+
+#include 
+
+#define ERR_NUM_ERRORS	10
+typedef struct err_state_st
+	{
+	unsigned long pid;
+	unsigned long err_buffer[ERR_NUM_ERRORS];
+	char *err_file[ERR_NUM_ERRORS];
+	int err_line[ERR_NUM_ERRORS];
+	int top,bottom;
+	} ERR_STATE;
+
+/* library */
+#define ERR_LIB_NONE		1
+#define ERR_LIB_SYS		2
+#define ERR_LIB_BN		3
+#define ERR_LIB_RSA		4
+#define ERR_LIB_DH		5
+#define ERR_LIB_EVP		6
+#define ERR_LIB_BUF		7
+#define ERR_LIB_OBJ		8
+#define ERR_LIB_PEM		9
+#define ERR_LIB_DSA		10
+#define ERR_LIB_X509		11
+#define ERR_LIB_METH		12
+#define ERR_LIB_ASN1		13
+#define ERR_LIB_CONF		14
+#define ERR_LIB_SSL		20
+#define ERR_LIB_SSL23		21
+#define ERR_LIB_SSL2		22
+#define ERR_LIB_SSL3		23
+#define ERR_LIB_RSAREF		30
+#define ERR_LIB_PROXY		31
+#define ERR_LIB_BIO		32
+#define ERR_LIB_PKCS7		33
+
+#define ERR_LIB_USER		128
+
+#define SYSerr(f,r)	ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
+#define BNerr(f,r)	ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
+#define RSAerr(f,r)	ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
+#define DHerr(f,r)	ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
+#define EVPerr(f,r)	ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
+#define BUFerr(f,r)	ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
+#define BIOerr(f,r)	ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
+#define OBJerr(f,r)	ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
+#define PEMerr(f,r)	ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
+#define DSAerr(f,r)	ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
+#define X509err(f,r)	ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
+#define METHerr(f,r)	ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
+#define ASN1err(f,r)	ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
+#define CONFerr(f,r)	ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
+#define SSLerr(f,r)	ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
+#define SSL23err(f,r)	ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
+#define SSL2err(f,r)	ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
+#define SSL3err(f,r)	ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
+#define RSAREFerr(f,r)	ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
+#define PROXYerr(f,r)	ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
+#define PKCS7err(f,r)	ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+
+/* Borland C seems too stupid to be able to shift and do longs in
+ * the pre-processor :-( */
+#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)*0x1000000)| \
+				((((unsigned long)f)&0xfffL)*0x1000)| \
+				((((unsigned long)r)&0xfffL)))
+#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)
+#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)
+#define ERR_GET_REASON(l)	(int)((l)&0xfffL)
+#define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
+
+/* OS fuctions */
+#define SYS_F_FOPEN		1
+#define SYS_F_CONNECT		2
+#define SYS_F_GETSERVBYNAME	3
+#define SYS_F_SOCKET		4
+#define SYS_F_IOCTLSOCKET	5
+#define SYS_F_BIND		6
+#define SYS_F_LISTEN		7
+#define SYS_F_ACCEPT		8
+#define SYS_F_WSASTARTUP	9 /* Winsock stuff */
+
+#define ERR_R_FATAL		32	
+/* reasons */
+#define ERR_R_SYS_LIB	ERR_LIB_SYS
+#define ERR_R_BN_LIB	ERR_LIB_BN
+#define ERR_R_RSA_LIB	ERR_LIB_RSA
+#define ERR_R_DSA_LIB	ERR_LIB_DSA
+#define ERR_R_DH_LIB	ERR_LIB_DH
+#define ERR_R_EVP_LIB	ERR_LIB_EVP
+#define ERR_R_BUF_LIB	ERR_LIB_BUF
+#define ERR_R_BIO_LIB	ERR_LIB_BIO
+#define ERR_R_OBJ_LIB	ERR_LIB_OBJ
+#define ERR_R_PEM_LIB	ERR_LIB_PEM
+#define ERR_R_X509_LIB	ERR_LIB_X509
+#define ERR_R_METH_LIB	ERR_LIB_METH
+#define ERR_R_ASN1_LIB	ERR_LIB_ASN1
+#define ERR_R_CONF_LIB	ERR_LIB_CONF
+#define ERR_R_SSL_LIB	ERR_LIB_SSL
+#define ERR_R_SSL23_LIB	ERR_LIB_SSL23
+#define ERR_R_SSL2_LIB	ERR_LIB_SSL2
+#define ERR_R_SSL3_LIB	ERR_LIB_SSL3
+#define ERR_R_PROXY_LIB	ERR_LIB_PROXY
+#define ERR_R_BIO_LIB	ERR_LIB_BIO
+#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+
+/* fatal error */
+#define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
+#define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
+#define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
+
+typedef struct ERR_string_data_st
+	{
+	unsigned long error;
+	char *string;
+	} ERR_STRING_DATA;
+
+#ifndef NOPROTO
+void ERR_put_error(int lib, int func,int reason,char *file,int line);
+unsigned long ERR_get_error(void );
+unsigned long ERR_get_error_line(char **file,int *line);
+unsigned long ERR_peek_error(void );
+unsigned long ERR_peek_error_line(char **file,int *line);
+void ERR_clear_error(void );
+char *ERR_error_string(unsigned long e,char *buf);
+char *ERR_lib_error_string(unsigned long e);
+char *ERR_func_error_string(unsigned long e);
+char *ERR_reason_error_string(unsigned long e);
+#ifndef WIN16
+void ERR_print_errors_fp(FILE *fp);
+#endif
+#ifdef HEADER_BIO_H
+void ERR_print_errors(BIO *bp);
+#endif
+void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_load_ERR_strings(void );
+void ERR_load_crypto_strings(void );
+void ERR_free_strings(void );
+
+void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+ERR_STATE *ERR_get_state(void);
+
+#ifdef HEADER_LHASH_H
+LHASH *ERR_get_string_table(void );
+LHASH *ERR_get_err_state_table(void );
+#else
+char *ERR_get_string_table(void );
+char *ERR_get_err_state_table(void );
+#endif
+
+#else
+
+void ERR_put_error();
+unsigned long ERR_get_error();
+unsigned long ERR_get_error_line();
+unsigned long ERR_peek_error();
+unsigned long ERR_peek_error_line();
+void ERR_clear_error();
+char *ERR_error_string();
+char *ERR_lib_error_string();
+char *ERR_func_error_string();
+char *ERR_reason_error_string();
+#ifndef WIN16
+void ERR_print_errors_fp();
+#endif
+void ERR_print_errors();
+void ERR_load_strings();
+void ERR_load_ERR_strings();
+void ERR_load_crypto_strings();
+void ERR_free_strings();
+
+void ERR_remove_state();
+ERR_STATE *ERR_get_state();
+
+#ifdef HEADER_LHASH_H
+LHASH *ERR_get_string_table();
+LHASH *ERR_get_err_state_table();
+#else
+char *ERR_get_string_table();
+char *ERR_get_err_state_table();
+#endif
+
+#endif
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
new file mode 100644
index 0000000000000000000000000000000000000000..d6d8109ea000f59de8eba321756ebea15ad06043
--- /dev/null
+++ b/crypto/err/err_all.c
@@ -0,0 +1,115 @@
+/* crypto/err/err_all.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "asn1.h"
+#include "bn.h"
+#include "buffer.h"
+#include "bio.h"
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#ifdef RSAref
+#include "rsaref.h"
+#endif
+#ifndef NO_DH
+#include "dh.h"
+#endif
+#ifndef NO_DSA
+#include "dsa.h"
+#endif
+#include "evp.h"
+#include "objects.h"
+#include "pem.h"
+#include "x509.h"
+#include "conf.h"
+#include "err.h"
+
+void ERR_load_crypto_strings()
+	{
+	static int done=0;
+
+	if (done) return;
+	done=1;
+#ifndef NO_ERR
+	ERR_load_ASN1_strings();
+	ERR_load_BN_strings();
+	ERR_load_BUF_strings();
+	ERR_load_BIO_strings();
+	ERR_load_CONF_strings();
+#ifndef NO_RSA
+#ifdef RSAref
+	ERR_load_RSAREF_strings();
+#else
+	ERR_load_RSA_strings();
+#endif
+#endif
+#ifndef NO_DH
+	ERR_load_DH_strings();
+#endif
+#ifndef NO_DSA
+	ERR_load_DSA_strings();
+#endif
+	ERR_load_ERR_strings();
+	ERR_load_EVP_strings();
+	ERR_load_OBJ_strings();
+	ERR_load_PEM_strings();
+	ERR_load_X509_strings();
+	ERR_load_PKCS7_strings();
+#endif
+	}
diff --git a/crypto/err/err_code.pl b/crypto/err/err_code.pl
new file mode 100644
index 0000000000000000000000000000000000000000..5b893001c62aad4aa0417a6aa6deeb9d1660c35d
--- /dev/null
+++ b/crypto/err/err_code.pl
@@ -0,0 +1,126 @@
+#!/usr/local/bin/perl
+
+%errfile=(
+	"ERR",	"NONE",
+	"BN",	"bn/bn.err",
+	"RSA",	"rsa/rsa.err",
+	"DSA",	"dsa/dsa.err",
+	"DH",	"dh/dh.err",
+	"EVP",	"evp/evp.err",
+	"BUF",	"buffer/buffer.err",
+	"BIO",	"bio/bio.err",
+	"OBJ",	"objects/objects.err",
+	"PEM",	"pem/pem.err",
+	"X509",	"x509/x509.err",
+	"METH",	"meth/meth.err",
+	"ASN1",	"asn1/asn1.err",
+	"CONF",	"conf/conf.err",
+	"PROXY","proxy/proxy.err",
+	"PKCS7","pkcs7/pkcs7.err",
+	"RSAREF","../rsaref/rsaref.err",
+	"SSL",	"../ssl/ssl.err",
+	"SSL2",	"../ssl/ssl2.err",
+	"SSL3",	"../ssl/ssl3.err",
+	"SSL23","../ssl/ssl23.err",
+	);
+
+$function{'RSAREF_F_RSA_BN2BIN'}=1;
+$function{'RSAREF_F_RSA_PRIVATE_DECRYPT'}=1;
+$function{'RSAREF_F_RSA_PRIVATE_ENCRYPT'}=1;
+$function{'RSAREF_F_RSA_PUBLIC_DECRYPT'}=1;
+$function{'RSAREF_F_RSA_PUBLIC_ENCRYPT'}=1;
+$function{'SSL_F_CLIENT_CERTIFICATE'}=1;
+
+$r_value{'SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE'}=	1010;
+$r_value{'SSL_R_SSLV3_ALERT_BAD_RECORD_MAC'}=	1020;
+$r_value{'SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE'}=1030;
+$r_value{'SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE'}=	1040;
+$r_value{'SSL_R_SSLV3_ALERT_NO_CERTIFICATE'}=	1041;
+$r_value{'SSL_R_SSLV3_ALERT_BAD_CERTIFICATE'}=	1042;
+$r_value{'SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE'}=1043;
+$r_value{'SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED'}=	1044;
+$r_value{'SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED'}=	1045;
+$r_value{'SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN'}=	1046;
+$r_value{'SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER'}=	1047;
+
+$r_value{'RSAREF_R_CONTENT_ENCODING'}=	0x0400;
+$r_value{'RSAREF_R_DATA'}=		0x0401;
+$r_value{'RSAREF_R_DIGEST_ALGORITHM'}=	0x0402;
+$r_value{'RSAREF_R_ENCODING'}=		0x0403;
+$r_value{'RSAREF_R_KEY'}=		0x0404;
+$r_value{'RSAREF_R_KEY_ENCODING'}=	0x0405;
+$r_value{'RSAREF_R_LEN'}=		0x0406;
+$r_value{'RSAREF_R_MODULUS_LEN'}=	0x0407;
+$r_value{'RSAREF_R_NEED_RANDOM'}=	0x0408;
+$r_value{'RSAREF_R_PRIVATE_KEY'}=	0x0409;
+$r_value{'RSAREF_R_PUBLIC_KEY'}=	0x040a;
+$r_value{'RSAREF_R_SIGNATURE'}=		0x040b;
+$r_value{'RSAREF_R_SIGNATURE_ENCODING'}=0x040c;
+$r_value{'RSAREF_R_ENCRYPTION_ALGORITHM'}=0x040d;
+
+$last="";
+while (<>)
+	{
+	if (/err\(([A-Z0-9]+_F_[0-9A-Z_]+)\s*,\s*([0-9A-Z]+_R_[0-9A-Z_]+)\s*\)/)
+		{
+		if ($1 != $last)
+			{
+			if ($function{$1} == 0)
+				{
+				printf STDERR "$. $1 is bad\n";
+				}
+			}
+		$function{$1}++;
+		$last=$1;
+		$reason{$2}++;
+		}
+	}
+
+foreach (keys %function,keys %reason)
+	{
+	/^([A-Z0-9]+)_/;
+	$prefix{$1}++;
+	}
+
+@F=sort keys %function;
+@R=sort keys %reason;
+foreach $j (sort keys %prefix)
+	{
+	next if $errfile{$j} eq "NONE";
+	printf STDERR "doing %-6s - ",$j;
+	open(OUT,">$errfile{$j}") || die "unable to open '$errfile{$j}':$!\n";
+	@f=grep(/^${j}_/,@F);
+	@r=grep(/^${j}_/,@R);
+	$num=100;
+	print OUT "/* Error codes for the $j functions. */\n\n";
+	print OUT "/* Function codes. */\n";
+	$f_count=0;
+	foreach $i (@f)
+		{
+		$z=6-int(length($i)/8);
+		printf OUT "#define $i%s $num\n","\t" x $z;
+		$num++;
+		$f_count++;
+		}
+	$num=100;
+	print OUT "\n/* Reason codes. */\n";
+	$r_count=0;
+	foreach $i (@r)
+		{
+		$z=6-int(length($i)/8);
+		if (defined($r_value{$i}))
+			{
+			printf OUT "#define $i%s $r_value{$i}\n","\t" x $z;
+			}
+		else
+			{
+			printf OUT "#define $i%s $num\n","\t" x $z;
+			$num++;
+			}
+		$r_count++;
+		}
+	close(OUT);
+
+	printf STDERR "%3d functions, %3d reasons\n",$f_count,$r_count;
+	}
+
diff --git a/crypto/err/err_genc.pl b/crypto/err/err_genc.pl
new file mode 100644
index 0000000000000000000000000000000000000000..6733cfe574a41a7266bb55711f313760962ffba7
--- /dev/null
+++ b/crypto/err/err_genc.pl
@@ -0,0 +1,147 @@
+#!/usr/local/bin/perl
+
+($#ARGV == 1) || die "usage: $0 
\n"; +open(IN,"<$ARGV[0]") || die "unable to open $ARGV[0]:$!\n"; +open(STDOUT,">$ARGV[1]") || die "unable to open $ARGV[1]:$!\n"; + +$Func=0; +$Reas=0; +$fuction{'FOPEN'}='fopen'; +while () + { + if (/(\S+)\s*\(\);/) + { + $t=$1; + $t =~ s/\*//; + ($upper=$t) =~ tr/a-z/A-Z/; + $fuction{$upper}=$t; + } + next unless (/^#define\s+(\S+)\s/); + + $o=$1; + if ($o =~ /^([^_]+)_F_(.*)/) + { + $type=$1; + $Func++; + $n=$2; + $n=$fuction{$n} if (defined($fuction{$n})); + $out{$1."_str_functs"}.= + sprintf("{ERR_PACK(0,%s,0),\t\"$n\"},\n",$o); + } + elsif ($o =~ /^([^_]+)_R_(.*)/) + { + $type=$1; + $Reas++; + $r=$2; + $r =~ tr/A-Z_/a-z /; + $pkg{$type."_str_reasons"}=$type; + $out{$type."_str_reasons"}.=sprintf("{%-40s,\"$r\"},\n",$o); + } + elsif ($ARGV[0] =~ /rsaref/ && $o =~ /^RE_(.*)/) + { + $type="RSAREF"; + $Reas++; + $r=$1; + $r =~ tr/A-Z_/a-z /; + $pkg{$type."_str_reasons"}=$type; + $out{$type."_str_reasons"}.=sprintf("{%-40s,\"$r\"},\n",$o); + } + } +close(IN); + +&header($type,$ARGV[0]); + +foreach (sort keys %out) + { + print "static ERR_STRING_DATA ${_}[]=\n\t{\n"; + print $out{$_}; + print "{0,NULL},\n"; + print "\t};\n\n"; + } + +print "void ERR_load_${type}_strings()\n"; +print "\t{\n"; +print "\tstatic int init=1;\n\n"; +print "\tif (init)\n"; +print "\t\t{\n"; +print "\t\tinit=0;\n"; +print "\t\tERR_load_strings(ERR_LIB_$type,${type}_str_functs);\n" + if $Func; +print "\t\tERR_load_strings(ERR_LIB_$type,${type}_str_reasons);\n" + if $Reas; +print "\t\t}\n"; +print "\t}\n"; + +sub header + { + ($type,$header)=@_; + + ($lc=$type) =~ tr/A-Z/a-z/; + $header =~ s/^.*\///; + + print "/* lib/$lc/${lc}\_err.c */\n"; + print <<'EOF'; +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +EOF + + print "#include \n"; + print "#include \"err.h\"\n"; + print "#include \"$header\"\n"; + print "\n/* BEGIN ERROR CODES */\n"; + } + diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c new file mode 100644 index 0000000000000000000000000000000000000000..16e313879d63aeef3f8da85c660e2fd6ab9ae788 --- /dev/null +++ b/crypto/err/err_prn.c @@ -0,0 +1,102 @@ +/* crypto/err/err_prn.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "lhash.h" +#include "crypto.h" +#include "cryptlib.h" +#include "buffer.h" +#include "err.h" +#include "crypto.h" + +#ifndef WIN16 +void ERR_print_errors_fp(fp) +FILE *fp; + { + unsigned long l; + char buf[200]; + char *file; + int line; + unsigned long es; + + es=CRYPTO_thread_id(); + while ((l=ERR_get_error_line(&file,&line)) != 0) + fprintf(fp,"%lu:%s:%s:%d\n",es,ERR_error_string(l,buf), + file,line); + } +#endif + +void ERR_print_errors(bp) +BIO *bp; + { + unsigned long l; + char buf[256]; + char buf2[256]; + char *file; + int line; + unsigned long es; + + es=CRYPTO_thread_id(); + while ((l=ERR_get_error_line(&file,&line)) != 0) + { + sprintf(buf2,"%lu:%s:%s:%d\n",es,ERR_error_string(l,buf), + file,line); + BIO_write(bp,buf2,strlen(buf2)); + } + } + diff --git a/crypto/err/error.err b/crypto/err/error.err new file mode 100644 index 0000000000000000000000000000000000000000..f09557d8d940f27b973a673a65c4a01744881763 --- /dev/null +++ b/crypto/err/error.err @@ -0,0 +1,13 @@ +/* Error codes for the ERR functions. */ + +/* Function codes. */ + +/* Reason codes. */ +#define ERR_R_BN_LIB 100 +#define ERR_R_DER_LIB 101 +#define ERR_R_MALLOC_FAILURE 102 +#define ERR_R_PEM_LIB 103 +#define ERR_R_RSA_LIB 104 +#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED 105 +#define ERR_R_SYS_LIB 106 +#define ERR_R_X509_LIB 107 diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..20338119ef44681415d559c38c216c03c7b2cb94 --- /dev/null +++ b/crypto/evp/Makefile.ssl @@ -0,0 +1,105 @@ +# +# SSLeay/crypto/evp/Makefile +# + +DIR= evp +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=evp +ERRC=evp_err +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ + e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c \ + e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c \ + e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c \ + e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \ + e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \ + e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \ + m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \ + p_open.c p_seal.c p_sign.c p_verify.c p_lib.c \ + bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \ + c_all.c + +LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ + e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \ + e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o \ + e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o \ + e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \ + e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \ + e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \ + m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \ + p_open.o p_seal.o p_sign.o p_verify.o p_lib.o \ + bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \ + c_all.o + +SRC= $(LIBSRC) + +EXHEADER= evp.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c new file mode 100644 index 0000000000000000000000000000000000000000..e362dc3bfeb9174a492db54ef357689641c216ec --- /dev/null +++ b/crypto/evp/bio_b64.c @@ -0,0 +1,452 @@ +/* crypto/evp/bio_b64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "cryptlib.h" +#include "buffer.h" +#include "evp.h" + +#ifndef NOPROTO +static int b64_write(BIO *h,char *buf,int num); +static int b64_read(BIO *h,char *buf,int size); +/*static int b64_puts(BIO *h,char *str); */ +/*static int b64_gets(BIO *h,char *str,int size); */ +static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int b64_new(BIO *h); +static int b64_free(BIO *data); +#else +static int b64_write(); +static int b64_read(); +/*static int b64_puts(); */ +/*static int b64_gets(); */ +static long b64_ctrl(); +static int b64_new(); +static int b64_free(); +#endif + +#define B64_BLOCK_SIZE 1024 +#define B64_NONE 0 +#define B64_ENCODE 1 +#define B64_DECODE 2 + +typedef struct b64_struct + { + /*BIO *bio; moved to the BIO structure */ + int buf_len; + int buf_off; + int tmp_len; /* used to find the start when decoding */ + int tmp_nl; /* If true, scan until '\n' */ + int encode; + int start; /* have we started decoding yet? */ + int cont; /* <= 0 when finished */ + EVP_ENCODE_CTX base64; + char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10]; + char tmp[B64_BLOCK_SIZE]; + } BIO_B64_CTX; + +static BIO_METHOD methods_b64= + { + BIO_TYPE_BASE64,"base64 encoding", + b64_write, + b64_read, + NULL, /* b64_puts, */ + NULL, /* b64_gets, */ + b64_ctrl, + b64_new, + b64_free, + }; + +BIO_METHOD *BIO_f_base64() + { + return(&methods_b64); + } + +static int b64_new(bi) +BIO *bi; + { + BIO_B64_CTX *ctx; + + ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX)); + if (ctx == NULL) return(0); + + ctx->buf_len=0; + ctx->tmp_len=0; + ctx->tmp_nl=0; + ctx->buf_off=0; + ctx->cont=1; + ctx->start=1; + ctx->encode=0; + + bi->init=1; + bi->ptr=(char *)ctx; + bi->flags=0; + return(1); + } + +static int b64_free(a) +BIO *a; + { + if (a == NULL) return(0); + Free(a->ptr); + a->ptr=NULL; + a->init=0; + a->flags=0; + return(1); + } + +static int b64_read(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret=0,i,ii,j,k,x,n,num; + BIO_B64_CTX *ctx; + unsigned char *p,*q; + + if (out == NULL) return(0); + ctx=(BIO_B64_CTX *)b->ptr; + + if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + + if (ctx->encode != B64_DECODE) + { + ctx->encode=B64_DECODE; + ctx->buf_len=0; + ctx->buf_off=0; + EVP_DecodeInit(&(ctx->base64)); + } + + /* First check if there are bytes decoded/encoded */ + if (ctx->buf_len > 0) + { + i=ctx->buf_len-ctx->buf_off; + if (i > outl) i=outl; + memcpy(out,&(ctx->buf[ctx->buf_off]),i); + ret=i; + out+=i; + outl-=i; + ctx->buf_off+=i; + if (ctx->buf_len == ctx->buf_off) + { + ctx->buf_len=0; + ctx->buf_off=0; + } + } + + /* At this point, we have room of outl bytes and an empty + * buffer, so we should read in some more. */ + + while (outl > 0) + { + if (ctx->cont <= 0) break; + + i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), + B64_BLOCK_SIZE-ctx->tmp_len); + + if (i <= 0) + { + /* Should be continue next time we are called? */ + if (!BIO_should_retry(b->next_bio)) + ctx->cont=i; + break; + } + i+=ctx->tmp_len; + + /* We need to scan, a line at a time until we + * have a valid line if we are starting. */ + if (ctx->start) + { + q=p=(unsigned char *)ctx->tmp; + for (j=0; jtmp_nl) + { + p=q; + ctx->tmp_nl=0; + continue; + } + + k=EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, + &num,p,q-p); + if ((k <= 0) && (num == 0) && (ctx->start)) + EVP_DecodeInit(&ctx->base64); + else + { + if (p != (unsigned char *) + &(ctx->tmp[0])) + { + i-=(p- (unsigned char *) + &(ctx->tmp[0])); + for (x=0; x < i; x++) + ctx->tmp[x]=p[x]; + EVP_DecodeInit(&ctx->base64); + } + ctx->start=0; + break; + } + p=q; + } + + /* we fell off the end without starting */ + if (j == i) + { + /* Is this is one long chunk?, if so, keep on + * reading until a new line. */ + if (p == (unsigned char *)&(ctx->tmp[0])) + { + ctx->tmp_nl=1; + ctx->tmp_len=0; + } + else if (p != q) /* finished on a '\n' */ + { + n=q-p; + for (ii=0; iitmp[ii]=p[ii]; + ctx->tmp_len=n; + } + /* else finished on a '\n' */ + continue; + } + else + ctx->tmp_len=0; + } + i=EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf,&ctx->buf_len, + (unsigned char *)ctx->tmp,i); + ctx->cont=i; + ctx->buf_off=0; + if (i < 0) + { + ctx->buf_len=0; + break; + } + + if (ctx->buf_len <= outl) + i=ctx->buf_len; + else + i=outl; + + memcpy(out,ctx->buf,i); + ret+=i; + ctx->buf_off=i; + if (ctx->buf_off == ctx->buf_len) + { + ctx->buf_len=0; + ctx->buf_off=0; + } + outl-=i; + out+=i; + } + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return((ret == 0)?ctx->cont:ret); + } + +static int b64_write(b,in,inl) +BIO *b; +char *in; +int inl; + { + int ret=inl,n,i; + BIO_B64_CTX *ctx; + + ctx=(BIO_B64_CTX *)b->ptr; + BIO_clear_retry_flags(b); + + if (ctx->encode != B64_ENCODE) + { + ctx->encode=B64_ENCODE; + ctx->buf_len=0; + ctx->buf_off=0; + EVP_EncodeInit(&(ctx->base64)); + } + + n=ctx->buf_len-ctx->buf_off; + while (n > 0) + { + i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); + if (i <= 0) + { + BIO_copy_next_retry(b); + return(i); + } + ctx->buf_off+=i; + n-=i; + } + /* at this point all pending data has been written */ + + if ((in == NULL) || (inl <= 0)) return(0); + + ctx->buf_off=0; + while (inl > 0) + { + n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; + EVP_EncodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf,&ctx->buf_len, + (unsigned char *)in,n); + inl-=n; + in+=n; + + ctx->buf_off=0; + n=ctx->buf_len; + while (n > 0) + { + i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); + if (i <= 0) + { + BIO_copy_next_retry(b); + return((ret == 0)?i:ret); + } + n-=i; + ctx->buf_off+=i; + } + ctx->buf_len=0; + ctx->buf_off=0; + } + return(ret); + } + +static long b64_ctrl(b,cmd,num,ptr) +BIO *b; +int cmd; +long num; +char *ptr; + { + BIO_B64_CTX *ctx; + long ret=1; + int i; + + ctx=(BIO_B64_CTX *)b->ptr; + + switch (cmd) + { + case BIO_CTRL_RESET: + ctx->cont=1; + ctx->start=1; + ctx->encode=B64_NONE; + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret=1; + else + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_WPENDING: /* More to write in buffer */ + ret=ctx->buf_len-ctx->buf_off; + if ((ret == 0) && (ctx->base64.num != 0)) + ret=1; + else if (ret <= 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + ret=ctx->buf_len-ctx->buf_off; + if (ret <= 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ +again: + while (ctx->buf_len != ctx->buf_off) + { + i=b64_write(b,NULL,0); + if (i < 0) + { + ret=i; + break; + } + } + if (ctx->base64.num != 0) + { + ctx->buf_off=0; + EVP_EncodeFinal(&(ctx->base64), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + /* push out the bytes */ + goto again; + } + /* Finally flush the underlying BIO */ + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + BIO_copy_next_retry(b); + break; + + case BIO_CTRL_DUP: + break; + case BIO_CTRL_INFO: + case BIO_CTRL_GET: + case BIO_CTRL_SET: + default: + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + } + return(ret); + } + diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..6020736fd06cefee3acee7f1f86daf60a14db96e --- /dev/null +++ b/crypto/evp/bio_enc.c @@ -0,0 +1,402 @@ +/* crypto/evp/bio_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "cryptlib.h" +#include "buffer.h" +#include "evp.h" + +#ifndef NOPROTO +static int enc_write(BIO *h,char *buf,int num); +static int enc_read(BIO *h,char *buf,int size); +/*static int enc_puts(BIO *h,char *str); */ +/*static int enc_gets(BIO *h,char *str,int size); */ +static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int enc_new(BIO *h); +static int enc_free(BIO *data); +#else +static int enc_write(); +static int enc_read(); +/*static int enc_puts(); */ +/*static int enc_gets(); */ +static long enc_ctrl(); +static int enc_new(); +static int enc_free(); +#endif + +#define ENC_BLOCK_SIZE (1024*4) + +typedef struct enc_struct + { + int buf_len; + int buf_off; + int cont; /* <= 0 when finished */ + int finished; + int ok; /* bad decrypt */ + EVP_CIPHER_CTX cipher; + char buf[ENC_BLOCK_SIZE+10]; + } BIO_ENC_CTX; + +static BIO_METHOD methods_enc= + { + BIO_TYPE_CIPHER,"cipher", + enc_write, + enc_read, + NULL, /* enc_puts, */ + NULL, /* enc_gets, */ + enc_ctrl, + enc_new, + enc_free, + }; + +BIO_METHOD *BIO_f_cipher() + { + return(&methods_enc); + } + +static int enc_new(bi) +BIO *bi; + { + BIO_ENC_CTX *ctx; + + ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX)); + if (ctx == NULL) return(0); + + ctx->buf_len=0; + ctx->buf_off=0; + ctx->cont=1; + ctx->finished=0; + ctx->ok=1; + + bi->init=0; + bi->ptr=(char *)ctx; + bi->flags=0; + return(1); + } + +static int enc_free(a) +BIO *a; + { + BIO_ENC_CTX *b; + + if (a == NULL) return(0); + b=(BIO_ENC_CTX *)a->ptr; + EVP_CIPHER_CTX_cleanup(&(b->cipher)); + memset(a->ptr,0,sizeof(BIO_ENC_CTX)); + Free(a->ptr); + a->ptr=NULL; + a->init=0; + a->flags=0; + return(1); + } + +static int enc_read(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret=0,i; + BIO_ENC_CTX *ctx; + + if (out == NULL) return(0); + ctx=(BIO_ENC_CTX *)b->ptr; + + if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + + /* First check if there are bytes decoded/encoded */ + if (ctx->buf_len > 0) + { + i=ctx->buf_len-ctx->buf_off; + if (i > outl) i=outl; + memcpy(out,&(ctx->buf[ctx->buf_off]),i); + ret=i; + out+=i; + outl-=i; + ctx->buf_off+=i; + if (ctx->buf_len == ctx->buf_off) + { + ctx->buf_len=0; + ctx->buf_off=0; + } + } + + /* At this point, we have room of outl bytes and an empty + * buffer, so we should read in some more. */ + + while (outl > 0) + { + if (ctx->cont <= 0) break; + + /* read in at offset 8, read the EVP_Cipher + * documentation about why */ + i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE); + + if (i <= 0) + { + /* Should be continue next time we are called? */ + if (!BIO_should_retry(b->next_bio)) + { + ctx->cont=i; + i=EVP_CipherFinal(&(ctx->cipher), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + ctx->ok=i; + ctx->buf_off=0; + } + else + ret=(ret == 0)?i:ret; + break; + } + else + { + EVP_CipherUpdate(&(ctx->cipher), + (unsigned char *)ctx->buf,&ctx->buf_len, + (unsigned char *)&(ctx->buf[8]),i); + ctx->cont=1; + } + + if (ctx->buf_len <= outl) + i=ctx->buf_len; + else + i=outl; + + if (i <= 0) break; + memcpy(out,ctx->buf,i); + ret+=i; + ctx->buf_off=i; + outl-=i; + out+=i; + } + + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return((ret == 0)?ctx->cont:ret); + } + +static int enc_write(b,in,inl) +BIO *b; +char *in; +int inl; + { + int ret=0,n,i; + BIO_ENC_CTX *ctx; + + ctx=(BIO_ENC_CTX *)b->ptr; + ret=inl; + + BIO_clear_retry_flags(b); + n=ctx->buf_len-ctx->buf_off; + while (n > 0) + { + i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); + if (i <= 0) + { + BIO_copy_next_retry(b); + return(i); + } + ctx->buf_off+=i; + n-=i; + } + /* at this point all pending data has been written */ + + if ((in == NULL) || (inl <= 0)) return(0); + + ctx->buf_off=0; + while (inl > 0) + { + n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; + EVP_CipherUpdate(&(ctx->cipher), + (unsigned char *)ctx->buf,&ctx->buf_len, + (unsigned char *)in,n); + inl-=n; + in+=n; + + ctx->buf_off=0; + n=ctx->buf_len; + while (n > 0) + { + i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); + if (i <= 0) + { + BIO_copy_next_retry(b); + return(i); + } + n-=i; + ctx->buf_off+=i; + } + ctx->buf_len=0; + ctx->buf_off=0; + } + BIO_copy_next_retry(b); + return(ret); + } + +static long enc_ctrl(b,cmd,num,ptr) +BIO *b; +int cmd; +long num; +char *ptr; + { + BIO *dbio; + BIO_ENC_CTX *ctx,*dctx; + long ret=1; + int i; + + ctx=(BIO_ENC_CTX *)b->ptr; + + switch (cmd) + { + case BIO_CTRL_RESET: + ctx->ok=1; + ctx->finished=0; + EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, + ctx->cipher.encrypt); + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret=1; + else + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_WPENDING: + ret=ctx->buf_len-ctx->buf_off; + if (ret <= 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + ret=ctx->buf_len-ctx->buf_off; + if (ret <= 0) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ +again: + while (ctx->buf_len != ctx->buf_off) + { + i=enc_write(b,NULL,0); + if (i < 0) + { + ret=i; + break; + } + } + + if (!ctx->finished) + { + ctx->finished=1; + ctx->buf_off=0; + ret=EVP_CipherFinal(&(ctx->cipher), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + ctx->ok=(int)ret; + if (ret <= 0) break; + + /* push out the bytes */ + goto again; + } + + /* Finally flush the underlying BIO */ + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_C_GET_CIPHER_STATUS: + ret=(long)ctx->ok; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + BIO_copy_next_retry(b); + break; + + case BIO_CTRL_DUP: + dbio=(BIO *)ptr; + dctx=(BIO_ENC_CTX *)dbio->ptr; + memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); + dbio->init=1; + break; + default: + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + } + return(ret); + } + +void BIO_set_cipher(b,c,k,i,e) +BIO *b; +EVP_CIPHER *c; +unsigned char *k; +unsigned char *i; +int e; + { + BIO_ENC_CTX *ctx; + + if (b == NULL) return; + + if ((b->callback != NULL) && + (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) + return; + + b->init=1; + ctx=(BIO_ENC_CTX *)b->ptr; + EVP_CipherInit(&(ctx->cipher),c,k,i,e); + + if (b->callback != NULL) + b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); + } + diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c new file mode 100644 index 0000000000000000000000000000000000000000..0d6508c988fe26383c6290a293a58600d17ea440 --- /dev/null +++ b/crypto/evp/bio_md.c @@ -0,0 +1,270 @@ +/* crypto/evp/bio_md.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "cryptlib.h" +#include "buffer.h" +#include "evp.h" + +/* BIO_put and BIO_get both add to the digest, + * BIO_gets returns the digest */ + +#ifndef NOPROTO +static int md_write(BIO *h,char *buf,int num); +static int md_read(BIO *h,char *buf,int size); +/*static int md_puts(BIO *h,char *str); */ +static int md_gets(BIO *h,char *str,int size); +static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int md_new(BIO *h); +static int md_free(BIO *data); +#else +static int md_write(); +static int md_read(); +/*static int md_puts(); */ +static int md_gets(); +static long md_ctrl(); +static int md_new(); +static int md_free(); +#endif + +static BIO_METHOD methods_md= + { + BIO_TYPE_MD,"message digest", + md_write, + md_read, + NULL, /* md_puts, */ + md_gets, + md_ctrl, + md_new, + md_free, + }; + +BIO_METHOD *BIO_f_md() + { + return(&methods_md); + } + +static int md_new(bi) +BIO *bi; + { + EVP_MD_CTX *ctx; + + ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX)); + if (ctx == NULL) return(0); + + bi->init=0; + bi->ptr=(char *)ctx; + bi->flags=0; + return(1); + } + +static int md_free(a) +BIO *a; + { + if (a == NULL) return(0); + Free(a->ptr); + a->ptr=NULL; + a->init=0; + a->flags=0; + return(1); + } + +static int md_read(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret=0; + EVP_MD_CTX *ctx; + + if (out == NULL) return(0); + ctx=(EVP_MD_CTX *)b->ptr; + + if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + + ret=BIO_read(b->next_bio,out,outl); + if (b->init) + { + if (ret > 0) + { + EVP_DigestUpdate(ctx,(unsigned char *)out, + (unsigned int)ret); + } + } + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return(ret); + } + +static int md_write(b,in,inl) +BIO *b; +char *in; +int inl; + { + int ret=0; + EVP_MD_CTX *ctx; + + if ((in == NULL) || (inl <= 0)) return(0); + ctx=(EVP_MD_CTX *)b->ptr; + + if ((ctx != NULL) && (b->next_bio != NULL)) + ret=BIO_write(b->next_bio,in,inl); + if (b->init) + { + if (ret > 0) + { + EVP_DigestUpdate(ctx,(unsigned char *)in, + (unsigned int)ret); + } + } + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return(ret); + } + +static long md_ctrl(b,cmd,num,ptr) +BIO *b; +int cmd; +long num; +char *ptr; + { + EVP_MD_CTX *ctx,*dctx,**pctx; + EVP_MD **ppmd; + EVP_MD *md; + long ret=1; + BIO *dbio; + + ctx=(EVP_MD_CTX *)b->ptr; + + switch (cmd) + { + case BIO_CTRL_RESET: + if (b->init) + EVP_DigestInit(ctx,ctx->digest); + else + ret=0; + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + case BIO_C_GET_MD: + if (b->init) + { + ppmd=(EVP_MD **)ptr; + *ppmd=ctx->digest; + } + else + ret=0; + break; + case BIO_C_GET_MD_CTX: + if (b->init) + { + pctx=(EVP_MD_CTX **)ptr; + *pctx=ctx; + } + else + ret=0; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + BIO_copy_next_retry(b); + break; + + case BIO_C_SET_MD: + md=(EVP_MD *)ptr; + EVP_DigestInit(ctx,md); + b->init=1; + break; + case BIO_CTRL_DUP: + dbio=(BIO *)ptr; + dctx=(EVP_MD_CTX *)dbio->ptr; + memcpy(dctx,ctx,sizeof(ctx)); + b->init=1; + break; + default: + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + } + return(ret); + } + +static int md_gets(bp,buf,size) +BIO *bp; +char *buf; +int size; + { + EVP_MD_CTX *ctx; + unsigned int ret; + + + ctx=(EVP_MD_CTX *)bp->ptr; + if (size < ctx->digest->md_size) + return(0); + EVP_DigestFinal(ctx,(unsigned char *)buf,&ret); + return((int)ret); + } + +/* +static int md_puts(bp,str) +BIO *bp; +char *str; + { + return(-1); + } +*/ + diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c new file mode 100644 index 0000000000000000000000000000000000000000..b618d8d259d73a3d2048ce1ab07685466495b201 --- /dev/null +++ b/crypto/evp/c_all.c @@ -0,0 +1,155 @@ +/* crypto/evp/c_all.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +void SSLeay_add_all_algorithms() + { + SSLeay_add_all_ciphers(); + SSLeay_add_all_digests(); + } + +void SSLeay_add_all_ciphers() + { +#ifndef NO_DES + EVP_add_cipher(EVP_des_cfb()); + EVP_add_cipher(EVP_des_ede_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb()); + + EVP_add_cipher(EVP_des_ofb()); + EVP_add_cipher(EVP_des_ede_ofb()); + EVP_add_cipher(EVP_des_ede3_ofb()); + + EVP_add_cipher(EVP_desx_cbc()); + EVP_add_alias(SN_desx_cbc,"DESX"); + EVP_add_alias(SN_desx_cbc,"desx"); + + EVP_add_cipher(EVP_des_cbc()); + EVP_add_alias(SN_des_cbc,"DES"); + EVP_add_alias(SN_des_cbc,"des"); + EVP_add_cipher(EVP_des_ede_cbc()); + EVP_add_cipher(EVP_des_ede3_cbc()); + EVP_add_alias(SN_des_ede3_cbc,"DES3"); + EVP_add_alias(SN_des_ede3_cbc,"des3"); + + EVP_add_cipher(EVP_des_ecb()); + EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); +#endif + +#ifndef NO_RC4 + EVP_add_cipher(EVP_rc4()); +#endif + +#ifndef NO_IDEA + EVP_add_cipher(EVP_idea_ecb()); + EVP_add_cipher(EVP_idea_cfb()); + EVP_add_cipher(EVP_idea_ofb()); + EVP_add_cipher(EVP_idea_cbc()); + EVP_add_alias(SN_idea_cbc,"IDEA"); + EVP_add_alias(SN_idea_cbc,"idea"); +#endif + +#ifndef NO_RC2 + EVP_add_cipher(EVP_rc2_ecb()); + EVP_add_cipher(EVP_rc2_cfb()); + EVP_add_cipher(EVP_rc2_ofb()); + EVP_add_cipher(EVP_rc2_cbc()); + EVP_add_alias(SN_rc2_cbc,"RC2"); + EVP_add_alias(SN_rc2_cbc,"rc2"); +#endif + +#ifndef NO_BLOWFISH + EVP_add_cipher(EVP_bf_ecb()); + EVP_add_cipher(EVP_bf_cfb()); + EVP_add_cipher(EVP_bf_ofb()); + EVP_add_cipher(EVP_bf_cbc()); + EVP_add_alias(SN_bf_cbc,"BF"); + EVP_add_alias(SN_bf_cbc,"bf"); + EVP_add_alias(SN_bf_cbc,"blowfish"); +#endif + } + + +void SSLeay_add_all_digests() + { +#ifndef NO_MD2 + EVP_add_digest(EVP_md2()); +#endif +#ifndef NO_MD2 + EVP_add_digest(EVP_md5()); +#endif +#ifndef NO_SHA + EVP_add_digest(EVP_sha()); +#ifndef NO_DSA + EVP_add_digest(EVP_dss()); +#endif +#endif +#ifndef NO_SHA1 + EVP_add_digest(EVP_sha1()); +#ifndef NO_DSA + EVP_add_digest(EVP_dss1()); +#endif +#endif +#if !defined(NO_MDC2) && !defined(NO_DES) + EVP_add_digest(EVP_mdc2()); +#endif + } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c new file mode 100644 index 0000000000000000000000000000000000000000..035218d4314d2f044cc9fc0301d07231f4447608 --- /dev/null +++ b/crypto/evp/digest.c @@ -0,0 +1,89 @@ +/* crypto/evp/digest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "objects.h" +#include "evp.h" + +void EVP_DigestInit(ctx,type) +EVP_MD_CTX *ctx; +EVP_MD *type; + { + ctx->digest=type; + type->init(&(ctx->md)); + } + +void EVP_DigestUpdate(ctx,data,count) +EVP_MD_CTX *ctx; +unsigned char *data; +unsigned int count; + { + ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count); + } + +void EVP_DigestFinal(ctx,md,size) +EVP_MD_CTX *ctx; +unsigned char *md; +unsigned int *size; + { + ctx->digest->final(md,&(ctx->md.base[0])); + if (size != NULL) + *size=ctx->digest->md_size; + memset(&(ctx->md),0,sizeof(ctx->md)); + } diff --git a/crypto/evp/e_cbc_3d.c b/crypto/evp/e_cbc_3d.c new file mode 100644 index 0000000000000000000000000000000000000000..3749759e2833e1fcb773c95c60d8cdbb24cc1e9b --- /dev/null +++ b/crypto/evp/e_cbc_3d.c @@ -0,0 +1,153 @@ +/* crypto/evp/e_cbc_3d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_cbc_ede_init_key(); +static void des_cbc_ede3_init_key(); +static void des_cbc_ede_cipher(); +#endif + +static EVP_CIPHER d_cbc_ede_cipher2= + { + NID_des_ede_cbc, + 8,16,8, + des_cbc_ede_init_key, + des_cbc_ede_cipher, + }; + +static EVP_CIPHER d_cbc_ede_cipher3= + { + NID_des_ede3_cbc, + 8,24,8, + des_cbc_ede3_init_key, + des_cbc_ede_cipher, + }; + +EVP_CIPHER *EVP_des_ede_cbc() + { + return(&d_cbc_ede_cipher2); + } + +EVP_CIPHER *EVP_des_ede3_cbc() + { + return(&d_cbc_ede_cipher3); + } + +static void des_cbc_ede_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.des_ede.oiv[0]),iv,8); + memcpy(&(ctx->c.des_ede.iv[0]),&(ctx->c.des_ede.oiv[0]),8); + + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_ede.ks1); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2); + memcpy( (char *)ctx->c.des_ede.ks3, + (char *)ctx->c.des_ede.ks1, + sizeof(ctx->c.des_ede.ks1)); + } + } + +static void des_cbc_ede3_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.des_ede.oiv[0]),iv,8); + memcpy(&(ctx->c.des_ede.iv[0]),&(ctx->c.des_ede.oiv[0]),8); + + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_ede.ks1); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2); + des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3); + } + } + +static void des_cbc_ede_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_ede3_cbc_encrypt( + (des_cblock *)in,(des_cblock *)out, + (long)inl, ctx->c.des_ede.ks1, + ctx->c.des_ede.ks2,ctx->c.des_ede.ks3, + (des_cblock *)&(ctx->c.des_ede.iv[0]), + ctx->encrypt); + } diff --git a/crypto/evp/e_cbc_bf.c b/crypto/evp/e_cbc_bf.c new file mode 100644 index 0000000000000000000000000000000000000000..d6278e248849c0a6777fd4c18aafff148e3418d7 --- /dev/null +++ b/crypto/evp/e_cbc_bf.c @@ -0,0 +1,114 @@ +/* crypto/evp/e_cbc_bf.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_BLOWFISH + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void bf_cbc_init_key(); +static void bf_cbc_cipher(); +#endif + +static EVP_CIPHER bfish_cbc_cipher= + { + NID_bf_cbc, + 8,EVP_BLOWFISH_KEY_SIZE,8, + bf_cbc_init_key, + bf_cbc_cipher, + }; + +EVP_CIPHER *EVP_bf_cbc() + { + return(&bfish_cbc_cipher); + } + +static void bf_cbc_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.bf_cbc.oiv[0]),iv,8); + memcpy(&(ctx->c.bf_cbc.iv[0]),&(ctx->c.bf_cbc.oiv[0]),8); + if (key != NULL) + BF_set_key(&(ctx->c.bf_cbc.ks),EVP_BLOWFISH_KEY_SIZE,key); + } + +static void bf_cbc_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + BF_cbc_encrypt( + in,out,(long)inl, + &(ctx->c.bf_cbc.ks),&(ctx->c.bf_cbc.iv[0]), + ctx->encrypt); + } + +#endif diff --git a/crypto/evp/e_cbc_d.c b/crypto/evp/e_cbc_d.c new file mode 100644 index 0000000000000000000000000000000000000000..accc01e95e0e668d82a5f52c1e4accbf9f5181a8 --- /dev/null +++ b/crypto/evp/e_cbc_d.c @@ -0,0 +1,111 @@ +/* crypto/evp/e_cbc_d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_cbc_init_key(); +static void des_cbc_cipher(); +#endif + +static EVP_CIPHER d_cbc_cipher= + { + NID_des_cbc, + 8,8,8, + des_cbc_init_key, + des_cbc_cipher, + }; + +EVP_CIPHER *EVP_des_cbc() + { + return(&d_cbc_cipher); + } + +static void des_cbc_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.des_cbc.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cbc.iv[0]),&(ctx->c.des_cbc.oiv[0]),8); + if (key != NULL) + des_set_key((des_cblock *)key,ctx->c.des_cbc.ks); + } + +static void des_cbc_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_ncbc_encrypt( + (des_cblock *)in,(des_cblock *)out, + (long)inl, ctx->c.des_cbc.ks, + (des_cblock *)&(ctx->c.des_cbc.iv[0]), + ctx->encrypt); + } diff --git a/crypto/evp/e_cbc_i.c b/crypto/evp/e_cbc_i.c new file mode 100644 index 0000000000000000000000000000000000000000..abfb5ed1463cb5354910865ee6798c488c6d7fe5 --- /dev/null +++ b/crypto/evp/e_cbc_i.c @@ -0,0 +1,126 @@ +/* crypto/evp/e_cbc_i.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_IDEA + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void idea_cbc_init_key(); +static void idea_cbc_cipher(); +#endif + +static EVP_CIPHER i_cbc_cipher= + { + NID_idea_cbc, + 8,16,8, + idea_cbc_init_key, + idea_cbc_cipher, + }; + +EVP_CIPHER *EVP_idea_cbc() + { + return(&i_cbc_cipher); + } + +static void idea_cbc_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.idea_cbc.oiv[0]),iv,8); + memcpy(&(ctx->c.idea_cbc.iv[0]),&(ctx->c.idea_cbc.oiv[0]),8); + if (key != NULL) + { + if (enc) + idea_set_encrypt_key(key,&(ctx->c.idea_cbc.ks)); + else + { + IDEA_KEY_SCHEDULE tmp; + + idea_set_encrypt_key(key,&tmp); + idea_set_decrypt_key(&tmp,&(ctx->c.idea_cbc.ks)); + memset((unsigned char *)&tmp,0, + sizeof(IDEA_KEY_SCHEDULE)); + } + } + } + +static void idea_cbc_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + idea_cbc_encrypt( + in,out,(long)inl, + &(ctx->c.idea_cbc.ks),&(ctx->c.idea_cbc.iv[0]), + ctx->encrypt); + } + +#endif diff --git a/crypto/evp/e_cbc_r2.c b/crypto/evp/e_cbc_r2.c new file mode 100644 index 0000000000000000000000000000000000000000..2e3f85598b078d34f102bbab18a66646d319dc7b --- /dev/null +++ b/crypto/evp/e_cbc_r2.c @@ -0,0 +1,115 @@ +/* crypto/evp/e_cbc_r2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RC2 + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void rc2_cbc_init_key(); +static void rc2_cbc_cipher(); +#endif + +static EVP_CIPHER r2_cbc_cipher= + { + NID_rc2_cbc, + 8,EVP_RC2_KEY_SIZE,8, + rc2_cbc_init_key, + rc2_cbc_cipher, + }; + +EVP_CIPHER *EVP_rc2_cbc() + { + return(&r2_cbc_cipher); + } + +static void rc2_cbc_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.rc2_cbc.oiv[0]),iv,8); + memcpy(&(ctx->c.rc2_cbc.iv[0]),&(ctx->c.rc2_cbc.oiv[0]),8); + if (key != NULL) + RC2_set_key(&(ctx->c.rc2_cbc.ks),EVP_RC2_KEY_SIZE,key, + EVP_RC2_KEY_SIZE*8); + } + +static void rc2_cbc_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + RC2_cbc_encrypt( + in,out,(long)inl, + &(ctx->c.rc2_cbc.ks),&(ctx->c.rc2_cbc.iv[0]), + ctx->encrypt); + } + +#endif diff --git a/crypto/evp/e_cfb_3d.c b/crypto/evp/e_cfb_3d.c new file mode 100644 index 0000000000000000000000000000000000000000..3d6577a78cdf4de9daf727e938b5d2e546d3d437 --- /dev/null +++ b/crypto/evp/e_cfb_3d.c @@ -0,0 +1,156 @@ +/* crypto/evp/e_cfb_3d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_ede_cfb_init_key(); +static void des_ede3_cfb_init_key(); +static void des_ede_cfb_cipher(); +#endif + +static EVP_CIPHER d_ede_cfb_cipher2= + { + NID_des_ede_cfb64, + 1,16,8, + des_ede_cfb_init_key, + des_ede_cfb_cipher, + }; + +static EVP_CIPHER d_ede3_cfb_cipher3= + { + NID_des_ede3_cfb64, + 1,24,8, + des_ede3_cfb_init_key, + des_ede_cfb_cipher, + }; + +EVP_CIPHER *EVP_des_ede_cfb() + { + return(&d_ede_cfb_cipher2); + } + +EVP_CIPHER *EVP_des_ede3_cfb() + { + return(&d_ede3_cfb_cipher3); + } + +static void des_ede_cfb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.des_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8); + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_cfb.ks); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2); + memcpy( (char *)ctx->c.des_cfb.ks3, + (char *)ctx->c.des_cfb.ks, + sizeof(ctx->c.des_cfb.ks)); + } + } + +static void des_ede3_cfb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.des_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8); + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_cfb.ks); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2); + des_set_key((des_cblock *)&(key[16]),ctx->c.des_cfb.ks3); + } + } + +static void des_ede_cfb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_ede3_cfb64_encrypt( + in,out,(long)inl, + ctx->c.des_cfb.ks, + ctx->c.des_cfb.ks2, + ctx->c.des_cfb.ks3, + (des_cblock *)&(ctx->c.des_cfb.iv[0]), + &ctx->c.des_cfb.num,ctx->encrypt); + } diff --git a/crypto/evp/e_cfb_bf.c b/crypto/evp/e_cfb_bf.c new file mode 100644 index 0000000000000000000000000000000000000000..be15d14016618f11a66dd4d7786169cdfa699373 --- /dev/null +++ b/crypto/evp/e_cfb_bf.c @@ -0,0 +1,116 @@ +/* crypto/evp/e_cfb_bf.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_BLOWFISH + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void bf_cfb_init_key(); +static void bf_cfb_cipher(); +#endif + +static EVP_CIPHER bfish_cfb_cipher= + { + NID_bf_cfb64, + 1,EVP_BLOWFISH_KEY_SIZE,8, + bf_cfb_init_key, + bf_cfb_cipher, + }; + +EVP_CIPHER *EVP_bf_cfb() + { + return(&bfish_cfb_cipher); + } + +static void bf_cfb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.bf_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.bf_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.bf_cfb.iv[0]),&(ctx->c.bf_cfb.oiv[0]),8); + if (key != NULL) + BF_set_key(&(ctx->c.bf_cfb.ks),EVP_BLOWFISH_KEY_SIZE,key); + } + +static void bf_cfb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + BF_cfb64_encrypt( + in,out, + (long)inl, &(ctx->c.bf_cfb.ks), + &(ctx->c.bf_cfb.iv[0]), + &ctx->c.bf_cfb.num,ctx->encrypt); + } +#endif diff --git a/crypto/evp/e_cfb_d.c b/crypto/evp/e_cfb_d.c new file mode 100644 index 0000000000000000000000000000000000000000..75af87ac0646e526a8b5a85194f246d08c029452 --- /dev/null +++ b/crypto/evp/e_cfb_d.c @@ -0,0 +1,113 @@ +/* crypto/evp/e_cfb_d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_cfb_init_key(); +static void des_cfb_cipher(); +#endif + +static EVP_CIPHER d_cfb_cipher= + { + NID_des_cfb64, + 1,8,8, + des_cfb_init_key, + des_cfb_cipher, + }; + +EVP_CIPHER *EVP_des_cfb() + { + return(&d_cfb_cipher); + } + +static void des_cfb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.des_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8); + if (key != NULL) + des_set_key((des_cblock *)key,ctx->c.des_cfb.ks); + } + +static void des_cfb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_cfb64_encrypt( + in,out, + (long)inl, ctx->c.des_cfb.ks, + (des_cblock *)&(ctx->c.des_cfb.iv[0]), + &ctx->c.des_cfb.num,ctx->encrypt); + } diff --git a/crypto/evp/e_cfb_i.c b/crypto/evp/e_cfb_i.c new file mode 100644 index 0000000000000000000000000000000000000000..7fe2fbf6df2663695c0ae1501cbb3fa57014bc5a --- /dev/null +++ b/crypto/evp/e_cfb_i.c @@ -0,0 +1,116 @@ +/* crypto/evp/e_cfb_i.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_IDEA + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void idea_cfb_init_key(); +static void idea_cfb_cipher(); +#endif + +static EVP_CIPHER i_cfb_cipher= + { + NID_idea_cfb64, + 1,IDEA_KEY_LENGTH,IDEA_BLOCK, + idea_cfb_init_key, + idea_cfb_cipher, + }; + +EVP_CIPHER *EVP_idea_cfb() + { + return(&i_cfb_cipher); + } + +static void idea_cfb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.idea_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.idea_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.idea_cfb.iv[0]),&(ctx->c.idea_cfb.oiv[0]),8); + if (key != NULL) + idea_set_encrypt_key(key,&(ctx->c.idea_cfb.ks)); + } + +static void idea_cfb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + idea_cfb64_encrypt( + in,out,(long)inl, + &(ctx->c.idea_cfb.ks),&(ctx->c.idea_cfb.iv[0]), + &ctx->c.idea_cfb.num,ctx->encrypt); + } + +#endif diff --git a/crypto/evp/e_cfb_r2.c b/crypto/evp/e_cfb_r2.c new file mode 100644 index 0000000000000000000000000000000000000000..a63c0f13f028e8ebe46c9cd01c5493f04b7f4d99 --- /dev/null +++ b/crypto/evp/e_cfb_r2.c @@ -0,0 +1,117 @@ +/* crypto/evp/e_cfb_r2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RC2 + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void rc2_cfb_init_key(); +static void rc2_cfb_cipher(); +#endif + +static EVP_CIPHER r2_cfb_cipher= + { + NID_rc2_cfb64, + 1,EVP_RC2_KEY_SIZE,8, + rc2_cfb_init_key, + rc2_cfb_cipher, + }; + +EVP_CIPHER *EVP_rc2_cfb() + { + return(&r2_cfb_cipher); + } + +static void rc2_cfb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.rc2_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.rc2_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.rc2_cfb.iv[0]),&(ctx->c.rc2_cfb.oiv[0]),8); + if (key != NULL) + RC2_set_key(&(ctx->c.rc2_cfb.ks),EVP_RC2_KEY_SIZE,key, + EVP_RC2_KEY_SIZE*8); + } + +static void rc2_cfb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + RC2_cfb64_encrypt( + in,out, + (long)inl, &(ctx->c.rc2_cfb.ks), + &(ctx->c.rc2_cfb.iv[0]), + &ctx->c.rc2_cfb.num,ctx->encrypt); + } +#endif diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c new file mode 100644 index 0000000000000000000000000000000000000000..f3dc78e06f6c4cb03772ed76cdc0f1e54f0e08ae --- /dev/null +++ b/crypto/evp/e_dsa.c @@ -0,0 +1,71 @@ +/* crypto/evp/e_dsa.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_PKEY_METHOD dss_method= + { + DSA_sign, + DSA_verify, + {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL}, + }; + diff --git a/crypto/evp/e_ecb_3d.c b/crypto/evp/e_ecb_3d.c new file mode 100644 index 0000000000000000000000000000000000000000..0a19805f9f342128e97e652a0da504af02393a26 --- /dev/null +++ b/crypto/evp/e_ecb_3d.c @@ -0,0 +1,152 @@ +/* crypto/evp/e_ecb_3d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_ede_init_key(); +static void des_ede3_init_key(); +static void des_ede_cipher(); +#endif + +static EVP_CIPHER d_ede_cipher2= + { + NID_des_ede, + 8,16,0, + des_ede_init_key, + des_ede_cipher, + }; + +static EVP_CIPHER d_ede3_cipher3= + { + NID_des_ede3, + 8,24,0, + des_ede3_init_key, + des_ede_cipher, + }; + +EVP_CIPHER *EVP_des_ede() + { + return(&d_ede_cipher2); + } + +EVP_CIPHER *EVP_des_ede3() + { + return(&d_ede3_cipher3); + } + +static void des_ede_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_ede.ks1); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2); + memcpy( (char *)ctx->c.des_ede.ks3, + (char *)ctx->c.des_ede.ks1, + sizeof(ctx->c.des_ede.ks1)); + } + } + +static void des_ede3_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_ede.ks1); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2); + des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3); + } + } + +static void des_ede_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + unsigned int i; + + if (inl < 8) return; + inl-=8; + for (i=0; i<=inl; i+=8) + { + des_ecb3_encrypt( + (des_cblock *)&(in[i]),(des_cblock *)&(out[i]), + ctx->c.des_ede.ks1, + ctx->c.des_ede.ks2, + ctx->c.des_ede.ks3, + ctx->encrypt); + } + } diff --git a/crypto/evp/e_ecb_bf.c b/crypto/evp/e_ecb_bf.c new file mode 100644 index 0000000000000000000000000000000000000000..f625862e4783a4b26eedaa5e9511e83b2a353257 --- /dev/null +++ b/crypto/evp/e_ecb_bf.c @@ -0,0 +1,117 @@ +/* crypto/evp/e_ecb_bf.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_BLOWFISH + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void bf_ecb_init_key(); +static void bf_ecb_cipher(); +#endif + +static EVP_CIPHER bfish_ecb_cipher= + { + NID_bf_ecb, + 8,EVP_BLOWFISH_KEY_SIZE,0, + bf_ecb_init_key, + bf_ecb_cipher, + }; + +EVP_CIPHER *EVP_bf_ecb() + { + return(&bfish_ecb_cipher); + } + +static void bf_ecb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + BF_set_key(&(ctx->c.bf_ecb.ks),EVP_BLOWFISH_KEY_SIZE,key); + } + +static void bf_ecb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + unsigned int i; + + if (inl < 8) return; + inl-=8; + for (i=0; i<=inl; i+=8) + { + BF_ecb_encrypt( + &(in[i]),&(out[i]), + &(ctx->c.bf_ecb.ks),ctx->encrypt); + } + } + +#endif diff --git a/crypto/evp/e_ecb_d.c b/crypto/evp/e_ecb_d.c new file mode 100644 index 0000000000000000000000000000000000000000..b1b80e61dd02749360303f060d3c4c6cc31ab0ae --- /dev/null +++ b/crypto/evp/e_ecb_d.c @@ -0,0 +1,113 @@ +/* crypto/evp/e_ecb_d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_ecb_init_key(); +static void des_ecb_cipher(); +#endif + +static EVP_CIPHER d_ecb_cipher= + { + NID_des_ecb, + 8,8,0, + des_ecb_init_key, + des_ecb_cipher, + }; + +EVP_CIPHER *EVP_des_ecb() + { + return(&d_ecb_cipher); + } + +static void des_ecb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + des_set_key((des_cblock *)key,ctx->c.des_ecb.ks); + } + +static void des_ecb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + unsigned int i; + + if (inl < 8) return; + inl-=8; + for (i=0; i<=inl; i+=8) + { + des_ecb_encrypt( + (des_cblock *)&(in[i]),(des_cblock *)&(out[i]), + ctx->c.des_ecb.ks,ctx->encrypt); + } + } diff --git a/crypto/evp/e_ecb_i.c b/crypto/evp/e_ecb_i.c new file mode 100644 index 0000000000000000000000000000000000000000..318c4c3afd540dee9b47337b08156c89e4a1fed4 --- /dev/null +++ b/crypto/evp/e_ecb_i.c @@ -0,0 +1,128 @@ +/* crypto/evp/e_ecb_i.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_IDEA + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void idea_ecb_init_key(); +static void idea_ecb_cipher(); +#endif + +static EVP_CIPHER i_ecb_cipher= + { + NID_idea_ecb, + 8,16,0, + idea_ecb_init_key, + idea_ecb_cipher, + }; + +EVP_CIPHER *EVP_idea_ecb() + { + return(&i_ecb_cipher); + } + +static void idea_ecb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + { + if (enc) + idea_set_encrypt_key(key,&(ctx->c.idea_ecb.ks)); + else + { + IDEA_KEY_SCHEDULE tmp; + + idea_set_encrypt_key(key,&tmp); + idea_set_decrypt_key(&tmp, &(ctx->c.idea_ecb.ks)); + memset((unsigned char *)&tmp,0, + sizeof(IDEA_KEY_SCHEDULE)); + } + } + } + +static void idea_ecb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + unsigned int i; + + if (inl < 8) return; + inl-=8; + for (i=0; i<=inl; i+=8) + { + idea_ecb_encrypt( + &(in[i]),&(out[i]),&(ctx->c.idea_ecb.ks)); + } + } + +#endif diff --git a/crypto/evp/e_ecb_r2.c b/crypto/evp/e_ecb_r2.c new file mode 100644 index 0000000000000000000000000000000000000000..66d25f6b5c36c62c09b2ecfa98ec55157eac04e4 --- /dev/null +++ b/crypto/evp/e_ecb_r2.c @@ -0,0 +1,118 @@ +/* crypto/evp/e_ecb_r2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RC2 + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void rc2_ecb_init_key(); +static void rc2_ecb_cipher(); +#endif + +static EVP_CIPHER r2_ecb_cipher= + { + NID_rc2_ecb, + 8,EVP_RC2_KEY_SIZE,0, + rc2_ecb_init_key, + rc2_ecb_cipher, + }; + +EVP_CIPHER *EVP_rc2_ecb() + { + return(&r2_ecb_cipher); + } + +static void rc2_ecb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + RC2_set_key(&(ctx->c.rc2_ecb.ks),EVP_RC2_KEY_SIZE,key, + EVP_RC2_KEY_SIZE*8); + } + +static void rc2_ecb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + unsigned int i; + + if (inl < 8) return; + inl-=8; + for (i=0; i<=inl; i+=8) + { + RC2_ecb_encrypt( + &(in[i]),&(out[i]), + &(ctx->c.rc2_ecb.ks),ctx->encrypt); + } + } + +#endif diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c new file mode 100644 index 0000000000000000000000000000000000000000..c30e2736f257de80dcae9c242390756b7c6ef0e0 --- /dev/null +++ b/crypto/evp/e_null.c @@ -0,0 +1,105 @@ +/* crypto/evp/e_null.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void null_init_key(); +static void null_cipher(); +#endif + +static EVP_CIPHER n_cipher= + { + NID_undef, + 1,0,0, + null_init_key, + null_cipher, + }; + +EVP_CIPHER *EVP_enc_null() + { + return(&n_cipher); + } + +static void null_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + memset(&(ctx->c),0,sizeof(ctx->c)); + } + +static void null_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + if (in != out) + memcpy((char *)out,(char *)in,(int)inl); + } + diff --git a/crypto/evp/e_ofb_3d.c b/crypto/evp/e_ofb_3d.c new file mode 100644 index 0000000000000000000000000000000000000000..7dbe50f3d2f97c94e38e3fad6ea1da2adf7bfbb2 --- /dev/null +++ b/crypto/evp/e_ofb_3d.c @@ -0,0 +1,155 @@ +/* crypto/evp/e_ofb_3d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_ede_ofb_init_key(); +static void des_ede3_ofb_init_key(); +static void des_ede_ofb_cipher(); +#endif + +static EVP_CIPHER d_ede_ofb_cipher2= + { + NID_des_ede_ofb64, + 1,16,8, + des_ede_ofb_init_key, + des_ede_ofb_cipher, + }; + +static EVP_CIPHER d_ede3_ofb_cipher3= + { + NID_des_ede3_ofb64, + 1,24,8, + des_ede3_ofb_init_key, + des_ede_ofb_cipher, + }; + +EVP_CIPHER *EVP_des_ede_ofb() + { + return(&d_ede_ofb_cipher2); + } + +EVP_CIPHER *EVP_des_ede3_ofb() + { + return(&d_ede3_ofb_cipher3); + } + +static void des_ede_ofb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.des_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8); + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_cfb.ks); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2); + memcpy( (char *)ctx->c.des_cfb.ks3, + (char *)ctx->c.des_cfb.ks, + sizeof(ctx->c.des_cfb.ks)); + } + } + +static void des_ede3_ofb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.des_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8); + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.des_cfb.ks); + des_set_key((des_cblock *)&(key[8]),ctx->c.des_cfb.ks2); + des_set_key((des_cblock *)&(key[16]),ctx->c.des_cfb.ks3); + } + } + +static void des_ede_ofb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_ede3_ofb64_encrypt( + in,out, + (long)inl, + ctx->c.des_cfb.ks, ctx->c.des_cfb.ks2, ctx->c.des_cfb.ks3, + (des_cblock *)&(ctx->c.des_cfb.iv[0]), + &ctx->c.des_cfb.num); + } diff --git a/crypto/evp/e_ofb_bf.c b/crypto/evp/e_ofb_bf.c new file mode 100644 index 0000000000000000000000000000000000000000..078f17106287a0057ca00f7e8ccc61fd497cf09b --- /dev/null +++ b/crypto/evp/e_ofb_bf.c @@ -0,0 +1,117 @@ +/* crypto/evp/e_ofb_bf.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_BLOWFISH + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void bf_ofb_init_key(); +static void bf_ofb_cipher(); +#endif + +static EVP_CIPHER bfish_ofb_cipher= + { + NID_bf_ofb64, + 1,EVP_BLOWFISH_KEY_SIZE,8, + bf_ofb_init_key, + bf_ofb_cipher, + }; + +EVP_CIPHER *EVP_bf_ofb() + { + return(&bfish_ofb_cipher); + } + +static void bf_ofb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.bf_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.bf_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.bf_cfb.iv[0]),&(ctx->c.bf_cfb.oiv[0]),8); + if (key != NULL) + BF_set_key(&(ctx->c.bf_cfb.ks),EVP_BLOWFISH_KEY_SIZE,key); + } + +static void bf_ofb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + BF_ofb64_encrypt( + in,out, + (long)inl, &(ctx->c.bf_cfb.ks), + &(ctx->c.bf_cfb.iv[0]), + &ctx->c.bf_cfb.num); + } + +#endif diff --git a/crypto/evp/e_ofb_d.c b/crypto/evp/e_ofb_d.c new file mode 100644 index 0000000000000000000000000000000000000000..a48af2e51b4cc5b58db3cb245bcffeae843bda0d --- /dev/null +++ b/crypto/evp/e_ofb_d.c @@ -0,0 +1,113 @@ +/* crypto/evp/e_ofb_d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void des_ofb_init_key(); +static void des_ofb_cipher(); +#endif + +static EVP_CIPHER d_ofb_cipher= + { + NID_des_ofb64, + 1,8,8, + des_ofb_init_key, + des_ofb_cipher, + }; + +EVP_CIPHER *EVP_des_ofb() + { + return(&d_ofb_cipher); + } + +static void des_ofb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.des_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.des_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.des_cfb.iv[0]),&(ctx->c.des_cfb.oiv[0]),8); + if (key != NULL) + des_set_key((des_cblock *)key,ctx->c.des_cfb.ks); + } + +static void des_ofb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_ofb64_encrypt( + in,out, + (long)inl, ctx->c.des_cfb.ks, + (des_cblock *)&(ctx->c.des_cfb.iv[0]), + &ctx->c.des_cfb.num); + } diff --git a/crypto/evp/e_ofb_i.c b/crypto/evp/e_ofb_i.c new file mode 100644 index 0000000000000000000000000000000000000000..dbf370b7b6a07c57b5ef91226d9a4a9bf4af02f3 --- /dev/null +++ b/crypto/evp/e_ofb_i.c @@ -0,0 +1,116 @@ +/* crypto/evp/e_ofb_i.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_IDEA + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void idea_ofb_init_key(); +static void idea_ofb_cipher(); +#endif + +static EVP_CIPHER i_ofb_cipher= + { + NID_idea_ofb64, + 1,IDEA_KEY_LENGTH,IDEA_BLOCK, + idea_ofb_init_key, + idea_ofb_cipher, + }; + +EVP_CIPHER *EVP_idea_ofb() + { + return(&i_ofb_cipher); + } + +static void idea_ofb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.idea_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.idea_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.idea_cfb.iv[0]),&(ctx->c.idea_cfb.oiv[0]),8); + if (key != NULL) + idea_set_encrypt_key(key,&(ctx->c.idea_cfb.ks)); + } + +static void idea_ofb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + idea_ofb64_encrypt( + in,out,(long)inl, + &(ctx->c.idea_cfb.ks),&(ctx->c.idea_cfb.iv[0]), + &ctx->c.idea_cfb.num); + } + +#endif diff --git a/crypto/evp/e_ofb_r2.c b/crypto/evp/e_ofb_r2.c new file mode 100644 index 0000000000000000000000000000000000000000..04e13b3592193e253688b3e6717bf0a1bf681f19 --- /dev/null +++ b/crypto/evp/e_ofb_r2.c @@ -0,0 +1,118 @@ +/* crypto/evp/e_ofb_r2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RC2 + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void rc2_ofb_init_key(); +static void rc2_ofb_cipher(); +#endif + +static EVP_CIPHER r2_ofb_cipher= + { + NID_rc2_ofb64, + 1,EVP_RC2_KEY_SIZE,8, + rc2_ofb_init_key, + rc2_ofb_cipher, + }; + +EVP_CIPHER *EVP_rc2_ofb() + { + return(&r2_ofb_cipher); + } + +static void rc2_ofb_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + ctx->c.rc2_cfb.num=0; + + if (iv != NULL) + memcpy(&(ctx->c.rc2_cfb.oiv[0]),iv,8); + memcpy(&(ctx->c.rc2_cfb.iv[0]),&(ctx->c.rc2_cfb.oiv[0]),8); + if (key != NULL) + RC2_set_key(&(ctx->c.rc2_cfb.ks),EVP_RC2_KEY_SIZE,key, + EVP_RC2_KEY_SIZE*8); + } + +static void rc2_ofb_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + RC2_ofb64_encrypt( + in,out, + (long)inl, &(ctx->c.rc2_cfb.ks), + &(ctx->c.rc2_cfb.iv[0]), + &ctx->c.rc2_cfb.num); + } + +#endif diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c new file mode 100644 index 0000000000000000000000000000000000000000..e1ffb5d95a6c475e388c8607db80a502f32e8aa5 --- /dev/null +++ b/crypto/evp/e_rc4.c @@ -0,0 +1,109 @@ +/* crypto/evp/e_rc4.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RC4 + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void rc4_init_key(); +static void rc4_cipher(); +#endif + +static EVP_CIPHER r4_cipher= + { + NID_rc4, + 1,EVP_RC4_KEY_SIZE,0, + rc4_init_key, + rc4_cipher, + }; + +EVP_CIPHER *EVP_rc4() + { + return(&r4_cipher); + } + +static void rc4_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (key != NULL) + memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx)); + RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx), + ctx->c.rc4.key); + } + +static void rc4_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + RC4(&(ctx->c.rc4.ks),inl,in,out); + } +#endif diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c new file mode 100644 index 0000000000000000000000000000000000000000..55fe0869d37462909d7efca3ac7072433dff3eca --- /dev/null +++ b/crypto/evp/e_xcbc_d.c @@ -0,0 +1,117 @@ +/* crypto/evp/e_xcbc_d.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +#ifndef NOPROTO +static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, + unsigned char *iv,int enc); +static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned char *in, unsigned int inl); +#else +static void desx_cbc_init_key(); +static void desx_cbc_cipher(); +#endif + +static EVP_CIPHER d_xcbc_cipher= + { + NID_desx_cbc, + 8,24,8, + desx_cbc_init_key, + desx_cbc_cipher, + }; + +EVP_CIPHER *EVP_desx_cbc() + { + return(&d_xcbc_cipher); + } + +static void desx_cbc_init_key(ctx,key,iv,enc) +EVP_CIPHER_CTX *ctx; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (iv != NULL) + memcpy(&(ctx->c.desx_cbc.oiv[0]),iv,8); + memcpy(&(ctx->c.desx_cbc.iv[0]),&(ctx->c.desx_cbc.oiv[0]),8); + if (key != NULL) + { + des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks); + memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8); + memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8); + } + } + +static void desx_cbc_cipher(ctx,out,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +unsigned char *in; +unsigned int inl; + { + des_xcbc_encrypt( + (des_cblock *)in,(des_cblock *)out, + (long)inl, ctx->c.desx_cbc.ks, + (des_cblock *)&(ctx->c.desx_cbc.iv[0]), + (des_cblock *)&(ctx->c.desx_cbc.inw[0]), + (des_cblock *)&(ctx->c.desx_cbc.outw[0]), + ctx->encrypt); + } diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c new file mode 100644 index 0000000000000000000000000000000000000000..7cd65244e652fc7a5aefea12950f8a3be6d384c7 --- /dev/null +++ b/crypto/evp/encode.c @@ -0,0 +1,422 @@ +/* crypto/evp/encode.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" + +#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) + +/* 64 char lines + * pad input with 0 + * left over chars are set to = + * 1 byte => xx== + * 2 bytes => xxx= + * 3 bytes => xxxx + */ +#define BIN_PER_LINE (64/4*3) +#define CHUNKS_PER_LINE (64/4) +#define CHAR_PER_LINE (64+1) + +static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ +abcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* 0xF0 is a EOLN + * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). + * 0xF2 is EOF + * 0xE0 is ignore at start of line. + * 0xFF is error + */ + +#define B64_EOLN 0xF0 +#define B64_CR 0xF1 +#define B64_EOF 0xF2 +#define B64_WS 0xE0 +#define B64_ERROR 0xFF +#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) + +static unsigned char data_ascii2bin[128]={ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F, + 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B, + 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF, + 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06, + 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E, + 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16, + 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, + 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, + 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, + 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + +void EVP_EncodeInit(ctx) +EVP_ENCODE_CTX *ctx; + { + ctx->length=48; + ctx->num=0; + ctx->line_num=0; + } + +void EVP_EncodeUpdate(ctx,out,outl,in,inl) +EVP_ENCODE_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + int i,j; + unsigned int total=0; + + *outl=0; + if (inl == 0) return; + if ((ctx->num+inl) < ctx->length) + { + memcpy(&(ctx->enc_data[ctx->num]),in,inl); + ctx->num+=inl; + return; + } + if (ctx->num != 0) + { + i=ctx->length-ctx->num; + memcpy(&(ctx->enc_data[ctx->num]),in,i); + in+=i; + inl-=i; + j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length); + ctx->num=0; + out+=j; + *(out++)='\n'; + *out='\0'; + total=j+1; + } + while (inl >= ctx->length) + { + j=EVP_EncodeBlock(out,in,ctx->length); + in+=ctx->length; + inl-=ctx->length; + out+=j; + *(out++)='\n'; + *out='\0'; + total+=j+1; + } + if (inl != 0) + memcpy(&(ctx->enc_data[0]),in,inl); + ctx->num=inl; + *outl=total; + } + +void EVP_EncodeFinal(ctx,out,outl) +EVP_ENCODE_CTX *ctx; +unsigned char *out; +int *outl; + { + unsigned int ret=0; + + if (ctx->num != 0) + { + ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num); + out[ret++]='\n'; + out[ret]='\0'; + ctx->num=0; + } + *outl=ret; + } + +int EVP_EncodeBlock(t,f,dlen) +unsigned char *t,*f; +int dlen; + { + int i,ret=0; + unsigned long l; + + for (i=dlen; i > 0; i-=3) + { + if (i >= 3) + { + l= (((unsigned long)f[0])<<16L)| + (((unsigned long)f[1])<< 8L)|f[2]; + *(t++)=conv_bin2ascii(l>>18L); + *(t++)=conv_bin2ascii(l>>12L); + *(t++)=conv_bin2ascii(l>> 6L); + *(t++)=conv_bin2ascii(l ); + } + else + { + l=((unsigned long)f[0])<<16L; + if (i == 2) l|=((unsigned long)f[1]<<8L); + + *(t++)=conv_bin2ascii(l>>18L); + *(t++)=conv_bin2ascii(l>>12L); + *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L); + *(t++)='='; + } + ret+=4; + f+=3; + } + + *t='\0'; + return(ret); + } + +void EVP_DecodeInit(ctx) +EVP_ENCODE_CTX *ctx; + { + ctx->length=30; + ctx->num=0; + ctx->line_num=0; + } + +/* -1 for error + * 0 for last line + * 1 for full line + */ +int EVP_DecodeUpdate(ctx,out,outl,in,inl) +EVP_ENCODE_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2; + unsigned char *d; + + n=ctx->num; + d=ctx->enc_data; + ln=ctx->line_num; + + /* last line of input. */ + if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) + { rv=0; goto end; } + + /* We parse the input data */ + for (i=0; i 80 characters, scream alot */ + if (ln >= 80) { rv= -1; goto end; } + + /* Get char and put it into the buffer */ + tmp= *(in++); + v=conv_ascii2bin(tmp); + /* only save the good data :-) */ + if (!B64_NOT_BASE64(v)) + { + d[n++]=tmp; + ln++; + } + else if (v == B64_ERROR) + { + rv= -1; + goto end; + } + + /* have we seen a '=' which is 'definitly' the last + * input line. seof will point to the character that + * holds it. and eof will hold how many characters to + * chop off. */ + if (tmp == '=') + { + if (seof == -1) seof=n; + eof++; + } + + /* eoln */ + if (v == B64_EOLN) ln=0; + + /* If we are at the end of input and it looks like a + * line, process it. */ + if (((i+1) == inl) && (((n&3) == 0) || eof)) + v=B64_EOF; + + if ((v == B64_EOF) || (n >= 64)) + { + tmp2=v; + if (n > 0) + { + v=EVP_DecodeBlock(out,d,n); + if (v < 0) { rv=0; goto end; } + n=0; + ret+=(v-eof); + } + else + { + eof=1; + v=0; + } + + /* This is the case where we have had a short + * but valid input line */ + if ((v < ctx->length) && eof) + { + rv=0; + goto end; + } + else + ctx->length=v; + + if (seof >= 0) { rv=0; goto end; } + out+=v; + } + } + rv=1; +end: + *outl=ret; + ctx->num=n; + ctx->line_num=ln; + return(rv); + } + +int EVP_DecodeBlock(t,f,n) +unsigned char *t,*f; +int n; + { + int i,ret=0,a,b,c,d; + unsigned long l; + + /* trim white space from the start of the line. */ + while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) + { + f++; + n--; + } + + /* strip off stuff at the end of the line + * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ + while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1])))) + n--; + + if (n%4 != 0) return(-1); + + for (i=0; i>16L)&0xff; + *(t++)=(unsigned char)(l>> 8L)&0xff; + *(t++)=(unsigned char)(l )&0xff; + ret+=3; + } + return(ret); + } + +int EVP_DecodeFinal(ctx,out,outl) +EVP_ENCODE_CTX *ctx; +unsigned char *out; +int *outl; + { + int i; + + *outl=0; + if (ctx->num != 0) + { + i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num); + if (i < 0) return(-1); + ctx->num=0; + *outl=i; + return(1); + } + else + return(1); + } + +#ifdef undef +int EVP_DecodeValid(buf,len) +unsigned char *buf; +int len; + { + int i,num=0,bad=0; + + if (len == 0) return(-1); + while (conv_ascii2bin(*buf) == B64_WS) + { + buf++; + len--; + if (len == 0) return(-1); + } + + for (i=len; i >= 4; i-=4) + { + if ( (conv_ascii2bin(buf[0]) >= 0x40) || + (conv_ascii2bin(buf[1]) >= 0x40) || + (conv_ascii2bin(buf[2]) >= 0x40) || + (conv_ascii2bin(buf[3]) >= 0x40)) + return(-1); + buf+=4; + num+=1+(buf[2] != '=')+(buf[3] != '='); + } + if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) + return(num); + if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && + (conv_ascii2bin(buf[0]) == B64_EOLN)) + return(num); + return(1); + } +#endif diff --git a/crypto/evp/evp.err b/crypto/evp/evp.err new file mode 100644 index 0000000000000000000000000000000000000000..0630b993a5773638453e2882c4a3c6e208239231 --- /dev/null +++ b/crypto/evp/evp.err @@ -0,0 +1,23 @@ +/* Error codes for the EVP functions. */ + +/* Function codes. */ +#define EVP_F_D2I_PKEY 100 +#define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_NEW 104 +#define EVP_F_EVP_SEALINIT 105 +#define EVP_F_EVP_SIGNFINAL 106 +#define EVP_F_EVP_VERIFYFINAL 107 + +/* Reason codes. */ +#define EVP_R_BAD_DECRYPT 100 +#define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_MISSING_PARMATERS 103 +#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNSUPPORTED_CIPHER 107 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 108 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 109 diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h new file mode 100644 index 0000000000000000000000000000000000000000..3ece7fbd4ffd7512070c6bc5a5453ed58743ad22 --- /dev/null +++ b/crypto/evp/evp.h @@ -0,0 +1,704 @@ +/* crypto/evp/evp.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ENVELOPE_H +#define HEADER_ENVELOPE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef NO_MD2 +#include "md2.h" +#endif +#ifndef NO_MD5 +#include "md5.h" +#endif +#if !defined(NO_SHA) || !defined(NO_SHA1) +#include "sha.h" +#endif +#ifndef NO_DES +#include "des.h" +#endif +#ifndef NO_RC4 +#include "rc4.h" +#endif +#ifndef NO_RC2 +#include "rc2.h" +#endif +#ifndef NO_BLOWFISH +#include "blowfish.h" +#endif +#ifndef NO_IDEA +#include "idea.h" +#endif +#ifndef NO_MDC2 +#include "mdc2.h" +#endif + +#define EVP_RC2_KEY_SIZE 16 +#define EVP_RC4_KEY_SIZE 16 +#define EVP_BLOWFISH_KEY_SIZE 16 +#define EVP_MAX_MD_SIZE 20 +#define EVP_MAX_KEY_LENGTH 24 +#define EVP_MAX_IV_LENGTH 8 + +#ifndef NO_RSA +#include "rsa.h" +#else +#define RSA long +#endif + +#ifndef NO_DSA +#include "dsa.h" +#else +#define DSA long +#endif + +#ifndef NO_DH +#include "dh.h" +#else +#define DH long +#endif + +#include "objects.h" + +#define EVP_PK_RSA 0x0001 +#define EVP_PK_DSA 0x0002 +#define EVP_PK_DH 0x0004 +#define EVP_PKT_SIGN 0x0010 +#define EVP_PKT_ENC 0x0020 +#define EVP_PKT_EXCH 0x0040 +#define EVP_PKS_RSA 0x0100 +#define EVP_PKS_DSA 0x0200 +#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA NID_rsaEncryption +#define EVP_PKEY_RSA2 NID_rsa +#define EVP_PKEY_DSA NID_dsa +#define EVP_PKEY_DSA2 NID_dsaWithSHA +#define EVP_PKEY_DSA3 NID_dsaWithSHA1 +#define EVP_PKEY_DH NID_dhKeyAgreement + +typedef struct evp_pkey_st + { + int type; + int save_type; + int references; + union { + char *ptr; + struct rsa_st *rsa; /* RSA */ + struct dsa_st *dsa; /* DSA */ + struct dh_st *dh; /* DH */ + } pkey; + int save_parameters; +#ifdef HEADER_STACK_H + STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ +#else + char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ +#endif + } EVP_PKEY; + +#ifndef EVP_MD +typedef struct env_md_st + { + int type; + int pkey_type; + int md_size; + void (*init)(); + void (*update)(); + void (*final)(); + + int (*sign)(); + int (*verify)(); + int required_pkey_type[4]; /*EVP_PKEY_xxx */ + } EVP_MD; + +#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} + +#ifndef NO_DSA +#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ + {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,0} +#else +#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method +#endif + +#ifndef NO_RSA +#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ + RSA_sign_ASN1_OCTET_STRING, \ + RSA_verify_ASN1_OCTET_STRING, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +#else +#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method +#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method +#endif + +#endif /* !EVP_MD */ + +typedef struct env_md_ctx_st + { + EVP_MD *digest; + union { + unsigned char base[4]; +#ifndef NO_MD2 + MD2_CTX md2; +#endif +#ifndef NO_MD5 + MD5_CTX md5; +#endif +#if !defined(NO_SHA) || !defined(NO_SHA1) + SHA_CTX sha; +#endif +#ifndef NO_MDC2 + MDC2_CTX mdc2; +#endif + } md; + } EVP_MD_CTX; + +typedef struct evp_cipher_st + { + int nid; + int block_size; + int key_len; + int iv_len; + void (*init)(); /* init for encryption */ + void (*do_cipher)(); /* encrypt data */ + void (*cleanup)(); /* used by cipher method */ + } EVP_CIPHER; + +typedef struct evp_cipher_info_st + { + EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; + } EVP_CIPHER_INFO; + +typedef struct evp_cipher_ctx_st + { + EVP_CIPHER *cipher; + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + unsigned char buf[8]; + char *app_data; /* aplication stuff */ + union { +#ifndef NO_RC4 + struct + { + unsigned char key[EVP_RC4_KEY_SIZE]; + RC4_KEY ks; /* working key */ + } rc4; +#endif +#ifndef NO_DES + struct + { + des_key_schedule ks;/* key schedule */ + } des_ecb; + + struct + { + C_Block oiv; /* original iv */ + C_Block iv; /* working iv */ + des_key_schedule ks;/* key schedule */ + } des_cbc; + + struct + { + C_Block oiv; /* original iv */ + C_Block iv; /* working iv */ + C_Block inw; + C_Block outw; + des_key_schedule ks;/* key schedule */ + } desx_cbc; + + struct + { + C_Block oiv; /* original iv */ + C_Block iv; /* working iv */ + des_key_schedule ks;/* key schedule */ + des_key_schedule ks2;/* key schedule (for ede) */ + des_key_schedule ks3;/* key schedule (for ede3) */ + int num; /* used by cfb mode */ + } des_cfb; + + struct + { + C_Block oiv; /* original iv */ + C_Block iv; /* working iv */ + des_key_schedule ks1;/* ksched 1 */ + des_key_schedule ks2;/* ksched 2 */ + des_key_schedule ks3;/* ksched 3 */ + } des_ede; +#endif +#ifndef NO_IDEA + struct + { + IDEA_KEY_SCHEDULE ks;/* key schedule */ + } idea_ecb; + struct + { + unsigned char oiv[8];/* original iv */ + unsigned char iv[8]; /* working iv */ + IDEA_KEY_SCHEDULE ks;/* key schedule */ + } idea_cbc; + struct + { + unsigned char oiv[8];/* original iv */ + unsigned char iv[8]; /* working iv */ + IDEA_KEY_SCHEDULE ks;/* key schedule */ + int num; /* used by cfb mode */ + } idea_cfb; +#endif +#ifndef NO_RC2 + struct + { + RC2_KEY ks;/* key schedule */ + } rc2_ecb; + struct + { + unsigned char oiv[8];/* original iv */ + unsigned char iv[8]; /* working iv */ + RC2_KEY ks;/* key schedule */ + } rc2_cbc; + struct + { + unsigned char oiv[8];/* original iv */ + unsigned char iv[8]; /* working iv */ + RC2_KEY ks;/* key schedule */ + int num; /* used by cfb mode */ + } rc2_cfb; +#endif +#ifndef NO_BLOWFISH + struct + { + BF_KEY ks;/* key schedule */ + } bf_ecb; + struct + { + unsigned char oiv[8];/* original iv */ + unsigned char iv[8]; /* working iv */ + BF_KEY ks;/* key schedule */ + } bf_cbc; + struct + { + unsigned char oiv[8];/* original iv */ + unsigned char iv[8]; /* working iv */ + BF_KEY ks;/* key schedule */ + int num; /* used by cfb mode */ + } bf_cfb; +#endif + } c; + } EVP_CIPHER_CTX; + +typedef struct evp_Encode_Ctx_st + { + int num; /* number saved in a partial encode/decode */ + int length; /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded */ + unsigned char enc_data[80]; /* data to encode */ + int line_num; /* number read on current line */ + } EVP_ENCODE_CTX; + +#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) + +/* Add some extra combinations */ +#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +#define EVP_MD_type(e) ((e)->type) +#define EVP_MD_pkey_type(e) ((e)->pkey_type) +#define EVP_MD_size(e) ((e)->md_size) +#define EVP_MD_CTX_size(e) ((e)->digest->md_size) +#define EVP_MD_CTX_type(e) ((e)->digest) + +#define EVP_CIPHER_nid(e) ((e)->nid) +#define EVP_CIPHER_block_size(e) ((e)->block_size) +#define EVP_CIPHER_key_length(e) ((e)->key_len) +#define EVP_CIPHER_iv_length(e) ((e)->iv_len) + +#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) +#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) +#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +#define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) +#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) + +#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) + +#define EVP_SignInit(a,b) EVP_DigestInit(a,b) +#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) + +#define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) +#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) + +#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) + +#ifndef NOPROTO + +void EVP_DigestInit(EVP_MD_CTX *ctx, EVP_MD *type); +void EVP_DigestUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); +void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); + +int EVP_read_pw_string(char *buf,int length,char *prompt,int verify); +void EVP_set_pw_prompt(char *prompt); +char * EVP_get_pw_prompt(void); + +int EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, + unsigned char *data, int datal, int count, + unsigned char *key,unsigned char *iv); + +EVP_CIPHER *EVP_get_cipherbyname(char *name); + +void EVP_EncryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); +void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); +void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +void EVP_DecryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); +void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +void EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key, + unsigned char *iv,int enc); +void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, + EVP_PKEY *pkey); + +int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, + unsigned int siglen,EVP_PKEY *pkey); + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, + int ekl,unsigned char *iv,EVP_PKEY *priv); +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, + int *outl,unsigned char *in,int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); +int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, unsigned + char *f, int n); + +void ERR_load_EVP_strings(void ); + +void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); + +#ifdef HEADER_BIO_H +BIO_METHOD *BIO_f_md(void); +BIO_METHOD *BIO_f_base64(void); +BIO_METHOD *BIO_f_cipher(void); +void BIO_set_cipher(BIO *b,EVP_CIPHER *c,unsigned char *k, + unsigned char *i, int enc); +#endif + +EVP_MD *EVP_md_null(void); +EVP_MD *EVP_md2(void); +EVP_MD *EVP_md5(void); +EVP_MD *EVP_sha(void); +EVP_MD *EVP_sha1(void); +EVP_MD *EVP_dss(void); +EVP_MD *EVP_dss1(void); +EVP_MD *EVP_mdc2(void); + +EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +EVP_CIPHER *EVP_des_ecb(void); +EVP_CIPHER *EVP_des_ede(void); +EVP_CIPHER *EVP_des_ede3(void); +EVP_CIPHER *EVP_des_cfb(void); +EVP_CIPHER *EVP_des_ede_cfb(void); +EVP_CIPHER *EVP_des_ede3_cfb(void); +EVP_CIPHER *EVP_des_ofb(void); +EVP_CIPHER *EVP_des_ede_ofb(void); +EVP_CIPHER *EVP_des_ede3_ofb(void); +EVP_CIPHER *EVP_des_cbc(void); +EVP_CIPHER *EVP_des_ede_cbc(void); +EVP_CIPHER *EVP_des_ede3_cbc(void); +EVP_CIPHER *EVP_desx_cbc(void); +EVP_CIPHER *EVP_rc4(void); +EVP_CIPHER *EVP_idea_ecb(void); +EVP_CIPHER *EVP_idea_cfb(void); +EVP_CIPHER *EVP_idea_ofb(void); +EVP_CIPHER *EVP_idea_cbc(void); +EVP_CIPHER *EVP_rc2_ecb(void); +EVP_CIPHER *EVP_rc2_cbc(void); +EVP_CIPHER *EVP_rc2_cfb(void); +EVP_CIPHER *EVP_rc2_ofb(void); +EVP_CIPHER *EVP_bf_ecb(void); +EVP_CIPHER *EVP_bf_cbc(void); +EVP_CIPHER *EVP_bf_cfb(void); +EVP_CIPHER *EVP_bf_ofb(void); + +void SSLeay_add_all_algorithms(void); +void SSLeay_add_all_ciphers(void); +void SSLeay_add_all_digests(void); + +int EVP_add_cipher(EVP_CIPHER *cipher); +int EVP_add_digest(EVP_MD *digest); +int EVP_add_alias(char *name,char *alias); +int EVP_delete_alias(char *name); + +EVP_CIPHER *EVP_get_cipherbyname(char *name); +EVP_MD *EVP_get_digestbyname(char *name); +void EVP_cleanup(void); + +int EVP_PKEY_type(int type); +int EVP_PKEY_size(EVP_PKEY *pkey); +int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); +EVP_PKEY * EVP_PKEY_new(void); +void EVP_PKEY_free(EVP_PKEY *pkey); +EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); +int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); + +#else + +void EVP_DigestInit(); +void EVP_DigestUpdate(); +void EVP_DigestFinal(); + +int EVP_read_pw_string(); +void EVP_set_pw_prompt(); +char * EVP_get_pw_prompt(); + +int EVP_BytesToKey(); + +EVP_CIPHER *EVP_get_cipherbyname(); + +void EVP_EncryptInit(); +void EVP_EncryptUpdate(); +void EVP_EncryptFinal(); + +void EVP_DecryptInit(); +void EVP_DecryptUpdate(); +int EVP_DecryptFinal(); + +void EVP_CipherInit(); +void EVP_CipherUpdate(); +int EVP_CipherFinal(); + +int EVP_SignFinal(); + +int EVP_VerifyFinal(); + +int EVP_OpenInit(); +int EVP_OpenFinal(); + +int EVP_SealInit(); +void EVP_SealFinal(); + +void EVP_EncodeInit(); +void EVP_EncodeUpdate(); +void EVP_EncodeFinal(); +int EVP_EncodeBlock(); + +void EVP_DecodeInit(); +int EVP_DecodeUpdate(); +int EVP_DecodeFinal(); +int EVP_DecodeBlock(); + +void ERR_load_EVP_strings(); + +void EVP_CIPHER_CTX_cleanup(); + +#ifdef HEADER_BIO_H +BIO_METHOD *BIO_f_md(); +BIO_METHOD *BIO_f_base64(); +BIO_METHOD *BIO_f_cipher(); +void BIO_set_cipher(); +#endif + +EVP_MD *EVP_md_null(); +EVP_MD *EVP_md2(); +EVP_MD *EVP_md5(); +EVP_MD *EVP_sha(); +EVP_MD *EVP_sha1(); +EVP_MD *EVP_dss(); +EVP_MD *EVP_dss1(); +EVP_MD *EVP_mdc2(); + +EVP_CIPHER *EVP_enc_null(); +EVP_CIPHER *EVP_des_ecb(); +EVP_CIPHER *EVP_des_ede(); +EVP_CIPHER *EVP_des_ede3(); +EVP_CIPHER *EVP_des_cfb(); +EVP_CIPHER *EVP_des_ede_cfb(); +EVP_CIPHER *EVP_des_ede3_cfb(); +EVP_CIPHER *EVP_des_ofb(); +EVP_CIPHER *EVP_des_ede_ofb(); +EVP_CIPHER *EVP_des_ede3_ofb(); +EVP_CIPHER *EVP_des_cbc(); +EVP_CIPHER *EVP_des_ede_cbc(); +EVP_CIPHER *EVP_des_ede3_cbc(); +EVP_CIPHER *EVP_desx_cbc(); +EVP_CIPHER *EVP_rc4(); +EVP_CIPHER *EVP_idea_ecb(); +EVP_CIPHER *EVP_idea_cfb(); +EVP_CIPHER *EVP_idea_ofb(); +EVP_CIPHER *EVP_idea_cbc(); +EVP_CIPHER *EVP_rc2_ecb(); +EVP_CIPHER *EVP_rc2_cbc(); +EVP_CIPHER *EVP_rc2_cfb(); +EVP_CIPHER *EVP_rc2_ofb(); +EVP_CIPHER *EVP_bf_ecb(); +EVP_CIPHER *EVP_bf_cbc(); +EVP_CIPHER *EVP_bf_cfb(); +EVP_CIPHER *EVP_bf_ofb(); + +void SSLeay_add_all_algorithms(); +void SSLeay_add_all_ciphers(); +void SSLeay_add_all_digests(); + +int EVP_add_cipher(); +int EVP_add_digest(); +int EVP_add_alias(); +int EVP_delete_alias(); + +EVP_CIPHER *EVP_get_cipherbyname(); +EVP_MD *EVP_get_digestbyname(); +void EVP_cleanup(); + +int EVP_PKEY_type(); +int EVP_PKEY_size(); +int EVP_PKEY_assign(); +EVP_PKEY * EVP_PKEY_new(); +void EVP_PKEY_free(); +EVP_PKEY * d2i_PublicKey(); +int i2d_PublicKey(); + +EVP_PKEY * d2i_PrivateKey(); +int i2d_PrivateKey(); + +int EVP_PKEY_copy_parameters(); +int EVP_PKEY_missing_parameters(); +int EVP_PKEY_save_parameters(); + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the EVP functions. */ + +/* Function codes. */ +#define EVP_F_D2I_PKEY 100 +#define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_NEW 104 +#define EVP_F_EVP_SEALINIT 105 +#define EVP_F_EVP_SIGNFINAL 106 +#define EVP_F_EVP_VERIFYFINAL 107 + +/* Reason codes. */ +#define EVP_R_BAD_DECRYPT 100 +#define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_MISSING_PARMATERS 103 +#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNSUPPORTED_CIPHER 107 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 108 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 109 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..2015b5f8927f2b81fb76dc001b9546b8bb5cf803 --- /dev/null +++ b/crypto/evp/evp_enc.c @@ -0,0 +1,296 @@ +/* crypto/evp/evp_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" + +char *EVP_version="EVP part of SSLeay 0.8.1b 29-Jun-1998"; + +void EVP_CipherInit(ctx,data,key,iv,enc) +EVP_CIPHER_CTX *ctx; +EVP_CIPHER *data; +unsigned char *key; +unsigned char *iv; +int enc; + { + if (enc) + EVP_EncryptInit(ctx,data,key,iv); + else + EVP_DecryptInit(ctx,data,key,iv); + } + +void EVP_CipherUpdate(ctx,out,outl,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + if (ctx->encrypt) + EVP_EncryptUpdate(ctx,out,outl,in,inl); + else EVP_DecryptUpdate(ctx,out,outl,in,inl); + } + +int EVP_CipherFinal(ctx,out,outl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; + { + if (ctx->encrypt) + { + EVP_EncryptFinal(ctx,out,outl); + return(1); + } + else return(EVP_DecryptFinal(ctx,out,outl)); + } + +void EVP_EncryptInit(ctx,cipher,key,iv) +EVP_CIPHER_CTX *ctx; +EVP_CIPHER *cipher; +unsigned char *key; +unsigned char *iv; + { + if (cipher != NULL) + ctx->cipher=cipher; + ctx->cipher->init(ctx,key,iv,1); + ctx->encrypt=1; + ctx->buf_len=0; + } + +void EVP_DecryptInit(ctx,cipher,key,iv) +EVP_CIPHER_CTX *ctx; +EVP_CIPHER *cipher; +unsigned char *key; +unsigned char *iv; + { + if (cipher != NULL) + ctx->cipher=cipher; + ctx->cipher->init(ctx,key,iv,0); + ctx->encrypt=0; + ctx->buf_len=0; + } + + +void EVP_EncryptUpdate(ctx,out,outl,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + int i,j,bl; + + i=ctx->buf_len; + bl=ctx->cipher->block_size; + *outl=0; + if ((inl == 0) && (i != bl)) return; + if (i != 0) + { + if (i+inl < bl) + { + memcpy(&(ctx->buf[i]),in,inl); + ctx->buf_len+=inl; + return; + } + else + { + j=bl-i; + if (j != 0) memcpy(&(ctx->buf[i]),in,j); + ctx->cipher->do_cipher(ctx,out,ctx->buf,bl); + inl-=j; + in+=j; + out+=bl; + *outl+=bl; + } + } + i=inl%bl; /* how much is left */ + inl-=i; + if (inl > 0) + { + ctx->cipher->do_cipher(ctx,out,in,inl); + *outl+=inl; + } + + if (i != 0) + memcpy(ctx->buf,&(in[inl]),i); + ctx->buf_len=i; + } + +void EVP_EncryptFinal(ctx,out,outl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; + { + int i,n,b,bl; + + b=ctx->cipher->block_size; + if (b == 1) + { + *outl=0; + return; + } + bl=ctx->buf_len; + n=b-bl; + for (i=bl; ibuf[i]=n; + ctx->cipher->do_cipher(ctx,out,ctx->buf,b); + *outl=b; + } + +void EVP_DecryptUpdate(ctx,out,outl,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + int b,bl,n; + int keep_last=0; + + *outl=0; + if (inl == 0) return; + + b=ctx->cipher->block_size; + if (b > 1) + { + /* Is the input a multiple of the block size? */ + bl=ctx->buf_len; + n=inl+bl; + if (n%b == 0) + { + if (inl < b) /* must be 'just one' buff */ + { + memcpy(&(ctx->buf[bl]),in,inl); + ctx->buf_len=b; + *outl=0; + return; + } + keep_last=1; + inl-=b; /* don't do the last block */ + } + } + EVP_EncryptUpdate(ctx,out,outl,in,inl); + + /* if we have 'decrypted' a multiple of block size, make sure + * we have a copy of this last block */ + if (keep_last) + { + memcpy(&(ctx->buf[0]),&(in[inl]),b); +#ifdef DEBUG + if (ctx->buf_len != 0) + { + abort(); + } +#endif + ctx->buf_len=b; + } + } + +int EVP_DecryptFinal(ctx,out,outl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; + { + int i,b; + int n; + + *outl=0; + b=ctx->cipher->block_size; + if (b > 1) + { + if (ctx->buf_len != b) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); + return(0); + } + EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0); + if (n != b) + return(0); + n=ctx->buf[b-1]; + if (n > b) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + return(0); + } + for (i=0; ibuf[--b] != n) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); + return(0); + } + } + n=ctx->cipher->block_size-n; + for (i=0; ibuf[i]; + *outl=n; + } + else + *outl=0; + return(1); + } + +void EVP_CIPHER_CTX_cleanup(c) +EVP_CIPHER_CTX *c; + { + if ((c->cipher != NULL) && (c->cipher->cleanup != NULL)) + c->cipher->cleanup(c); + memset(c,0,sizeof(EVP_CIPHER_CTX)); + } + diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c new file mode 100644 index 0000000000000000000000000000000000000000..326da1177e2693af74aaee7c1dee48afc9ed32e9 --- /dev/null +++ b/crypto/evp/evp_err.c @@ -0,0 +1,101 @@ +/* lib/evp/evp_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "evp.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA EVP_str_functs[]= + { +{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, +{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, +{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, +{ERR_PACK(0,EVP_F_EVP_SEALINIT,0), "EVP_SealInit"}, +{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, +{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, +{0,NULL}, + }; + +static ERR_STRING_DATA EVP_str_reasons[]= + { +{EVP_R_BAD_DECRYPT ,"bad decrypt"}, +{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, +{EVP_R_IV_TOO_LARGE ,"iv too large"}, +{EVP_R_MISSING_PARMATERS ,"missing parmaters"}, +{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, +{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, +{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, +{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, +{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, +{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, +{0,NULL}, + }; + +void ERR_load_EVP_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); + ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); + } + } diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c new file mode 100644 index 0000000000000000000000000000000000000000..0aa1dbb65a78db96441fe4e62c28495e4e329765 --- /dev/null +++ b/crypto/evp/evp_key.c @@ -0,0 +1,163 @@ +/* crypto/evp/evp_key.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "x509.h" +#include "objects.h" +#include "evp.h" + +/* should be init to zeros. */ +static char prompt_string[80]; + +void EVP_set_pw_prompt(prompt) +char *prompt; + { + if (prompt == NULL) + prompt_string[0]='\0'; + else + strncpy(prompt_string,prompt,79); + } + +char *EVP_get_pw_prompt() + { + if (prompt_string[0] == '\0') + return(NULL); + else + return(prompt_string); + } + +int EVP_read_pw_string(buf,len,prompt,verify) +char *buf; +int len; +char *prompt; +int verify; + { + if ((prompt == NULL) && (prompt_string[0] != '\0')) + prompt=prompt_string; + return(des_read_pw_string(buf,len,prompt,verify)); + } + +int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv) +EVP_CIPHER *type; +EVP_MD *md; +unsigned char *salt; +unsigned char *data; +int datal; +int count; +unsigned char *key; +unsigned char *iv; + { + EVP_MD_CTX c; + unsigned char md_buf[EVP_MAX_MD_SIZE]; + int niv,nkey,addmd=0; + unsigned int mds=0,i; + + nkey=type->key_len; + niv=type->iv_len; + + if (data == NULL) return(nkey); + + for (;;) + { + EVP_DigestInit(&c,md); + if (addmd++) + EVP_DigestUpdate(&c,&(md_buf[0]),mds); + EVP_DigestUpdate(&c,data,datal); + if (salt != NULL) + EVP_DigestUpdate(&c,salt,8); + EVP_DigestFinal(&c,&(md_buf[0]),&mds); + + for (i=1; i<(unsigned int)count; i++) + { + EVP_DigestInit(&c,md); + EVP_DigestUpdate(&c,&(md_buf[0]),mds); + EVP_DigestFinal(&c,&(md_buf[0]),&mds); + } + i=0; + if (nkey) + { + for (;;) + { + if (nkey == 0) break; + if (i == mds) break; + if (key != NULL) + *(key++)=md_buf[i]; + nkey--; + i++; + } + } + if (niv && (i != mds)) + { + for (;;) + { + if (niv == 0) break; + if (i == mds) break; + if (iv != NULL) + *(iv++)=md_buf[i]; + niv--; + i++; + } + } + if ((nkey == 0) && (niv == 0)) break; + } + memset(&c,0,sizeof(c)); + memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); + return(nkey); + } + diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c new file mode 100644 index 0000000000000000000000000000000000000000..743beacc5bf68de46789d56f04d438de7dba1e80 --- /dev/null +++ b/crypto/evp/m_dss.c @@ -0,0 +1,80 @@ +/* crypto/evp/m_dss.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD dsa_md= + { + NID_dsaWithSHA, + NID_dsaWithSHA, + SHA_DIGEST_LENGTH, + SHA_Init, + SHA_Update, + SHA_Final, + EVP_PKEY_DSA_method, + }; + +EVP_MD *EVP_dss() + { + return(&dsa_md); + } + diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c new file mode 100644 index 0000000000000000000000000000000000000000..a14e8590b10f4e08851052f90488a90220803da7 --- /dev/null +++ b/crypto/evp/m_dss1.c @@ -0,0 +1,79 @@ +/* crypto/evp/m_dss1.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD dss1_md= + { + NID_dsa, + NID_dsaWithSHA1, + SHA_DIGEST_LENGTH, + SHA1_Init, + SHA1_Update, + SHA1_Final, + EVP_PKEY_DSA_method, + }; + +EVP_MD *EVP_dss1() + { + return(&dss1_md); + } diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c new file mode 100644 index 0000000000000000000000000000000000000000..17360c100e55136401717bc7ddc17b686bd3ff7c --- /dev/null +++ b/crypto/evp/m_md2.c @@ -0,0 +1,80 @@ +/* crypto/evp/m_md2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD md2_md= + { + NID_md2, + NID_md2WithRSAEncryption, + MD2_DIGEST_LENGTH, + MD2_Init, + MD2_Update, + MD2_Final, + EVP_PKEY_RSA_method, + }; + +EVP_MD *EVP_md2() + { + return(&md2_md); + } + diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c new file mode 100644 index 0000000000000000000000000000000000000000..f7b4eb1eae9a7bb1c5b8cc17291a7e02cc29e9f9 --- /dev/null +++ b/crypto/evp/m_md5.c @@ -0,0 +1,79 @@ +/* crypto/evp/m_md5.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD md5_md= + { + NID_md5, + NID_md5WithRSAEncryption, + MD5_DIGEST_LENGTH, + MD5_Init, + MD5_Update, + MD5_Final, + EVP_PKEY_RSA_method, + }; + +EVP_MD *EVP_md5() + { + return(&md5_md); + } diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c new file mode 100644 index 0000000000000000000000000000000000000000..da70f689b85e4a3535f19020e14f0ff2dc17d7f1 --- /dev/null +++ b/crypto/evp/m_mdc2.c @@ -0,0 +1,79 @@ +/* crypto/evp/m_mdc2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD mdc2_md= + { + NID_mdc2, + NID_mdc2WithRSA, + MDC2_DIGEST_LENGTH, + MDC2_Init, + MDC2_Update, + MDC2_Final, + EVP_PKEY_RSA_ASN1_OCTET_STRING_method, + }; + +EVP_MD *EVP_mdc2() + { + return(&mdc2_md); + } diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c new file mode 100644 index 0000000000000000000000000000000000000000..47db2c5258072eb91550ce18da20a4d2237cbcc4 --- /dev/null +++ b/crypto/evp/m_null.c @@ -0,0 +1,86 @@ +/* crypto/evp/m_null.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static void function() + { + } + +static EVP_MD null_md= + { + NID_undef, + NID_undef, + 0, + function, + function, + function, + + EVP_PKEY_NULL_method + }; + +EVP_MD *EVP_md_null() + { + return(&null_md); + } + + diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c new file mode 100644 index 0000000000000000000000000000000000000000..d723ac76a39bfa63a73a8ff8c5fc78c1627ec2dd --- /dev/null +++ b/crypto/evp/m_sha.c @@ -0,0 +1,80 @@ +/* crypto/evp/m_sha.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD sha_md= + { + NID_sha, + NID_shaWithRSAEncryption, + SHA_DIGEST_LENGTH, + SHA_Init, + SHA_Update, + SHA_Final, + EVP_PKEY_RSA_method, + }; + +EVP_MD *EVP_sha() + { + return(&sha_md); + } + diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c new file mode 100644 index 0000000000000000000000000000000000000000..30037ffcd81712861794f00ceaa17e7648436b8b --- /dev/null +++ b/crypto/evp/m_sha1.c @@ -0,0 +1,79 @@ +/* crypto/evp/m_sha1.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +static EVP_MD sha1_md= + { + NID_sha1, + NID_sha1WithRSAEncryption, + SHA_DIGEST_LENGTH, + SHA1_Init, + SHA1_Update, + SHA1_Final, + EVP_PKEY_RSA_method, + }; + +EVP_MD *EVP_sha1() + { + return(&sha1_md); + } diff --git a/crypto/evp/names.c b/crypto/evp/names.c new file mode 100644 index 0000000000000000000000000000000000000000..49fd34f27fd500ef271fe816d98b3f6589506863 --- /dev/null +++ b/crypto/evp/names.c @@ -0,0 +1,281 @@ +/* crypto/evp/names.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" + +typedef struct aliases_st { + char *alias; + /* This must be the last field becaue I will allocate things + * so they go off the end of it */ + char name[4]; + } ALIASES; + +static STACK /* ALIASES */ *aliases=NULL; +static STACK /* EVP_CIPHERS */ *ciphers=NULL; +static STACK /* EVP_MD */ *digests=NULL; + +static int cipher_nid_cmp(a,b) +EVP_CIPHER **a,**b; + { return((*a)->nid - (*b)->nid); } + +static int digest_type_cmp(a,b) +EVP_MD **a,**b; + { return((*a)->pkey_type - (*b)->pkey_type); } + +int EVP_add_cipher(c) +EVP_CIPHER *c; + { + int i; + + if (ciphers == NULL) + { + ciphers=sk_new(cipher_nid_cmp); + if (ciphers == NULL) return(0); + } + if ((i=sk_find(ciphers,(char *)c)) >= 0) + { + if (sk_value(ciphers,i) == (char *)c) + return(1); + sk_delete(ciphers,i); + } + return(sk_push(ciphers,(char *)c)); + } + +int EVP_add_digest(md) +EVP_MD *md; + { + int i; + char *n; + + if (digests == NULL) + { + digests=sk_new(digest_type_cmp); + if (digests == NULL) return(0); + } + if ((i=sk_find(digests,(char *)md)) >= 0) + { + if (sk_value(digests,i) == (char *)md) + return(1); + sk_delete(digests,i); + } + if (md->type != md->pkey_type) + { + n=OBJ_nid2sn(md->pkey_type); + EVP_add_alias(n,OBJ_nid2sn(md->type)); + EVP_add_alias(n,OBJ_nid2ln(md->type)); + } + sk_push(digests,(char *)md); + return(1); + } + +static int alias_cmp(a,b) +ALIASES **a,**b; + { + return(strcmp((*a)->alias,(*b)->alias)); + } + +int EVP_add_alias(name,aname) +char *name; +char *aname; + { + int l1,l2,i; + ALIASES *a; + char *p; + + if ((name == NULL) || (aname == NULL)) return(0); + l1=strlen(name)+1; + l2=strlen(aname)+1; + i=sizeof(ALIASES)+l1+l2; + if ((a=(ALIASES *)Malloc(i)) == NULL) + return(0); + strcpy(a->name,name); + p= &(a->name[l1]); + strcpy(p,aname); + a->alias=p; + + if (aliases == NULL) + { + aliases=sk_new(alias_cmp); + if (aliases == NULL) goto err; + } + + if ((i=sk_find(aliases,(char *)a)) >= 0) + Free(sk_delete(aliases,i)); + if (!sk_push(aliases,(char *)a)) goto err; + return(1); +err: + return(0); + } + +int EVP_delete_alias(name) +char *name; + { + ALIASES a; + int i; + + if (aliases != NULL) + { + a.alias=name; + if ((i=sk_find(aliases,(char *)&a)) >= 0) + { + Free(sk_delete(aliases,i)); + return(1); + } + } + return(0); + } + +EVP_CIPHER *EVP_get_cipherbyname(name) +char *name; + { + int nid,num=6,i; + EVP_CIPHER c,*cp; + ALIASES a,*ap; + + if (ciphers == NULL) return(NULL); + for (;;) + { + if (num-- <= 0) return(NULL); + if (aliases != NULL) + { + a.alias=name; + i=sk_find(aliases,(char *)&a); + if (i >= 0) + { + ap=(ALIASES *)sk_value(aliases,i); + name=ap->name; + continue; + } + } + + nid=OBJ_txt2nid(name); + c.nid=nid; + i=sk_find(ciphers,(char *)&c); + if (i >= 0) + { + cp=(EVP_CIPHER *)sk_value(ciphers,i); + return(cp); + } + else + return(NULL); + } + } + +EVP_MD *EVP_get_digestbyname(name) +char *name; + { + int nid,num=6,i; + EVP_MD c,*cp; + ALIASES a,*ap; + + if (digests == NULL) return(NULL); + + for (;;) + { + if (num-- <= 0) return(NULL); + + if (aliases != NULL) + { + a.alias=name; + i=sk_find(aliases,(char *)&a); + if (i >= 0) + { + ap=(ALIASES *)sk_value(aliases,i); + name=ap->name; + continue; + } + } + + nid=OBJ_txt2nid(name); + c.pkey_type=nid; + i=sk_find(digests,(char *)&c); + if (i >= 0) + { + cp=(EVP_MD *)sk_value(digests,i); + return(cp); + } + else + return(NULL); + } + } + +void EVP_cleanup() + { + int i; + + if (aliases != NULL) + { + for (i=0; i +#include "cryptlib.h" +#include "objects.h" +#include "evp.h" +#include "asn1_mac.h" +#include "x509.h" + +/* EVPerr(EVP_F_D2I_PKEY,EVP_R_UNSUPPORTED_CIPHER); */ +/* EVPerr(EVP_F_D2I_PKEY,EVP_R_IV_TOO_LARGE); */ + +#ifndef NOPROTO +static void EVP_PKEY_free_it(EVP_PKEY *x); +#else +static void EVP_PKEY_free_it(); +#endif + +int EVP_PKEY_size(pkey) +EVP_PKEY *pkey; + { +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + return(RSA_size(pkey->pkey.rsa)); + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + return(DSA_size(pkey->pkey.dsa)); +#endif + return(0); + } + +int EVP_PKEY_save_parameters(pkey,mode) +EVP_PKEY *pkey; +int mode; + { +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + int ret=pkey->save_parameters=mode; + + if (mode >= 0) + pkey->save_parameters=mode; + return(ret); + } +#endif + return(0); + } + +int EVP_PKEY_copy_parameters(to,from) +EVP_PKEY *to,*from; + { + if (to->type != from->type) + { + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES); + return(0); + } + + if (EVP_PKEY_missing_parameters(from)) + { + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS); + return(0); + } +#ifndef NO_DSA + if (to->type == EVP_PKEY_DSA) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err; + if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); + to->pkey.dsa->p=a; + + if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err; + if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); + to->pkey.dsa->q=a; + + if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err; + if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); + to->pkey.dsa->g=a; + } +#endif + return(1); +err: + return(0); + } + +int EVP_PKEY_missing_parameters(pkey) +EVP_PKEY *pkey; + { +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + DSA *dsa; + + dsa=pkey->pkey.dsa; + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + return(1); + } +#endif + return(0); + } + +EVP_PKEY *EVP_PKEY_new() + { + EVP_PKEY *ret; + + ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY)); + if (ret == NULL) + { + EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + ret->type=EVP_PKEY_NONE; + ret->references=1; + ret->pkey.ptr=NULL; + ret->attributes=NULL; + ret->save_parameters=1; + return(ret); + } + +int EVP_PKEY_assign(pkey,type,key) +EVP_PKEY *pkey; +int type; +char *key; + { + if (pkey == NULL) return(0); + if (pkey->pkey.ptr != NULL) + EVP_PKEY_free_it(pkey); + pkey->type=EVP_PKEY_type(type); + pkey->save_type=type; + pkey->pkey.ptr=key; + return(1); + } + +int EVP_PKEY_type(type) +int type; + { + switch (type) + { + case EVP_PKEY_RSA: + case EVP_PKEY_RSA2: + return(EVP_PKEY_RSA); + case EVP_PKEY_DSA: + case EVP_PKEY_DSA2: + case EVP_PKEY_DSA3: + return(EVP_PKEY_DSA); + case EVP_PKEY_DH: + return(EVP_PKEY_DH); + default: + return(NID_undef); + } + } + +void EVP_PKEY_free(x) +EVP_PKEY *x; + { + int i; + + if (x == NULL) return; + + i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY); + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"EVP_PKEY_free, bad reference count\n"); + abort(); + } +#endif + EVP_PKEY_free_it(x); + Free((char *)x); + } + +static void EVP_PKEY_free_it(x) +EVP_PKEY *x; + { + switch (x->type) + { +#ifndef NO_RSA + case EVP_PKEY_RSA: + case EVP_PKEY_RSA2: + RSA_free(x->pkey.rsa); + break; +#endif +#ifndef NO_DSA + case EVP_PKEY_DSA: + case EVP_PKEY_DSA2: + case EVP_PKEY_DSA3: + DSA_free(x->pkey.dsa); + break; +#endif +#ifndef NO_DH + case EVP_PKEY_DH: + DH_free(x->pkey.dh); + break; +#endif + } + } + diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c new file mode 100644 index 0000000000000000000000000000000000000000..46434051ae930ba21fb0086f9c96bfea8b8bc132 --- /dev/null +++ b/crypto/evp/p_open.c @@ -0,0 +1,118 @@ +/* crypto/evp/p_open.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +int EVP_OpenInit(ctx,type,ek,ekl,iv,priv) +EVP_CIPHER_CTX *ctx; +EVP_CIPHER *type; +unsigned char *ek; +int ekl; +unsigned char *iv; +EVP_PKEY *priv; + { + unsigned char *key=NULL; + int i,size=0,ret=0; + + if (priv->type != EVP_PKEY_RSA) + { + EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); + ret= -1; + goto err; + } + + size=RSA_size(priv->pkey.rsa); + key=(unsigned char *)Malloc(size+2); + if (key == NULL) + { + /* ERROR */ + EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); + ret= -1; + goto err; + } + + i=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); + if (i != type->key_len) + { + /* ERROR */ + goto err; + } + + EVP_DecryptInit(ctx,type,key,iv); + ret=1; +err: + if (key != NULL) memset(key,0,size); + Free(key); + return(ret); + } + +int EVP_OpenFinal(ctx,out,outl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; + { + int i; + + i=EVP_DecryptFinal(ctx,out,outl); + EVP_DecryptInit(ctx,NULL,NULL,NULL); + return(i); + } diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c new file mode 100644 index 0000000000000000000000000000000000000000..b059c59e8ad5d9bba36638b5e919d5a74c4de38f --- /dev/null +++ b/crypto/evp/p_seal.c @@ -0,0 +1,122 @@ +/* crypto/evp/p_seal.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "rand.h" +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +int EVP_SealInit(ctx,type,ek,ekl,iv,pubk,npubk) +EVP_CIPHER_CTX *ctx; +EVP_CIPHER *type; +unsigned char **ek; +int *ekl; +unsigned char *iv; +EVP_PKEY **pubk; +int npubk; + { + unsigned char key[EVP_MAX_KEY_LENGTH]; + int i,ret=0,n; + + if (npubk <= 0) return(0); + RAND_bytes(key,EVP_MAX_KEY_LENGTH); + if (type->iv_len > 0) + RAND_bytes(iv,type->iv_len); + + EVP_EncryptInit(ctx,type,key,iv); + for (i=0; itype != EVP_PKEY_RSA) + { + EVPerr(EVP_F_EVP_SEALINIT,EVP_R_PUBLIC_KEY_NOT_RSA); + goto err; + } + n=RSA_public_encrypt(type->key_len,key,ek[i],pubk[i]->pkey.rsa, + RSA_PKCS1_PADDING); + if (n <= 0) goto err; + ekl[i]=n; + } + ret=npubk; +err: + memset(key,0,EVP_MAX_KEY_LENGTH); + return(ret); + } + +/* MACRO +void EVP_SealUpdate(ctx,out,outl,in,inl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + EVP_EncryptUpdate(ctx,out,outl,in,inl); + } +*/ + +void EVP_SealFinal(ctx,out,outl) +EVP_CIPHER_CTX *ctx; +unsigned char *out; +int *outl; + { + EVP_EncryptFinal(ctx,out,outl); + EVP_EncryptInit(ctx,NULL,NULL,NULL); + } diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c new file mode 100644 index 0000000000000000000000000000000000000000..ad5bcd8ba861186daf26e24f1f5f00ee2377d818 --- /dev/null +++ b/crypto/evp/p_sign.c @@ -0,0 +1,117 @@ +/* crypto/evp/p_sign.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +#ifdef undef +void EVP_SignInit(ctx,type) +EVP_MD_CTX *ctx; +EVP_MD *type; + { + EVP_DigestInit(ctx,type); + } + +void EVP_SignUpdate(ctx,data,count) +EVP_MD_CTX *ctx; +unsigned char *data; +unsigned int count; + { + EVP_DigestUpdate(ctx,data,count); + } +#endif + +int EVP_SignFinal(ctx,sigret,siglen,pkey) +EVP_MD_CTX *ctx; +unsigned char *sigret; +unsigned int *siglen; +EVP_PKEY *pkey; + { + unsigned char m[EVP_MAX_MD_SIZE]; + unsigned int m_len; + int i,ok=0,v; + + *siglen=0; + EVP_DigestFinal(ctx,&(m[0]),&m_len); + for (i=0; i<4; i++) + { + v=ctx->digest->required_pkey_type[i]; + if (v == 0) break; + if (pkey->type == v) + { + ok=1; + break; + } + } + if (!ok) + { + EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); + return(0); + } + if (ctx->digest->sign == NULL) + { + EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); + return(0); + } + return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, + pkey->pkey.ptr)); + } + diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c new file mode 100644 index 0000000000000000000000000000000000000000..4dbaf1ea269def41073cc301fd2f90c7303b1f1f --- /dev/null +++ b/crypto/evp/p_verify.c @@ -0,0 +1,99 @@ +/* crypto/evp/p_verify.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +int EVP_VerifyFinal(ctx,sigbuf,siglen,pkey) +EVP_MD_CTX *ctx; +unsigned char *sigbuf; +unsigned int siglen; +EVP_PKEY *pkey; + { + unsigned char m[EVP_MAX_MD_SIZE]; + unsigned int m_len; + int i,ok=0,v; + + for (i=0; i<4; i++) + { + v=ctx->digest->required_pkey_type[i]; + if (v == 0) break; + if (pkey->type == v) + { + ok=1; + break; + } + } + if (!ok) + { + EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); + return(-1); + } + EVP_DigestFinal(ctx,&(m[0]),&m_len); + if (ctx->digest->verify == NULL) + { + EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); + return(0); + } + + return(ctx->digest->verify(ctx->digest->type,m,m_len, + sigbuf,siglen,pkey->pkey.ptr)); + } diff --git a/crypto/idea/Makefile.ssl b/crypto/idea/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..41b42ce03b11b2d72d341b8b066798213fdb7608 --- /dev/null +++ b/crypto/idea/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/idea/Makefile +# + +DIR= idea +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=ideatest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c +LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o + +SRC= $(LIBSRC) + +EXHEADER= idea.h +HEADER= idea_lcl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c new file mode 100644 index 0000000000000000000000000000000000000000..d17e9f29e069d0146d441fccf26705f88b239868 --- /dev/null +++ b/crypto/idea/i_cbc.c @@ -0,0 +1,140 @@ +/* crypto/idea/i_cbc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "idea.h" +#include "idea_lcl.h" + +void idea_cbc_encrypt(in, out, length, ks, iv, encrypt) +unsigned char *in; +unsigned char *out; +long length; +IDEA_KEY_SCHEDULE *ks; +unsigned char *iv; +int encrypt; + { + register unsigned long tin0,tin1; + register unsigned long tout0,tout1,xor0,xor1; + register long l=length; + unsigned long tin[2]; + + if (encrypt) + { + n2l(iv,tout0); + n2l(iv,tout1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + n2l(in,tin0); + n2l(in,tin1); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]; l2n(tout0,out); + tout1=tin[1]; l2n(tout1,out); + } + if (l != -8) + { + n2ln(in,tin0,tin1,l+8); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]; l2n(tout0,out); + tout1=tin[1]; l2n(tout1,out); + } + l2n(tout0,iv); + l2n(tout1,iv); + } + else + { + n2l(iv,xor0); + n2l(iv,xor1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + n2l(in,tin0); tin[0]=tin0; + n2l(in,tin1); tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2n(tout0,out); + l2n(tout1,out); + xor0=tin0; + xor1=tin1; + } + if (l != -8) + { + n2l(in,tin0); tin[0]=tin0; + n2l(in,tin1); tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2nn(tout0,tout1,out,l+8); + xor0=tin0; + xor1=tin1; + } + l2n(xor0,iv); + l2n(xor1,iv); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + tin[0]=tin[1]=0; + } + diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c new file mode 100644 index 0000000000000000000000000000000000000000..366f2d19cf915a4b3e00b28af5df3810f6650380 --- /dev/null +++ b/crypto/idea/i_cfb64.c @@ -0,0 +1,127 @@ +/* crypto/idea/i_cfb64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "idea.h" +#include "idea_lcl.h" + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void idea_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) +unsigned char *in; +unsigned char *out; +long length; +IDEA_KEY_SCHEDULE *schedule; +unsigned char *ivec; +int *num; +int encrypt; + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned long ti[2]; + unsigned char *iv,c,cc; + + iv=(unsigned char *)ivec; + if (encrypt) + { + while (l--) + { + if (n == 0) + { + n2l(iv,v0); ti[0]=v0; + n2l(iv,v1); ti[1]=v1; + idea_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2n(t,iv); + t=ti[1]; l2n(t,iv); + iv=(unsigned char *)ivec; + } + c= *(in++)^iv[n]; + *(out++)=c; + iv[n]=c; + n=(n+1)&0x07; + } + } + else + { + while (l--) + { + if (n == 0) + { + n2l(iv,v0); ti[0]=v0; + n2l(iv,v1); ti[1]=v1; + idea_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2n(t,iv); + t=ti[1]; l2n(t,iv); + iv=(unsigned char *)ivec; + } + cc= *(in++); + c=iv[n]; + iv[n]=cc; + *(out++)=c^cc; + n=(n+1)&0x07; + } + } + v0=v1=ti[0]=ti[1]=t=c=cc=0; + *num=n; + } + diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c new file mode 100644 index 0000000000000000000000000000000000000000..b3b694b0c6acddd1c624061c7a85ceee54ba5f2b --- /dev/null +++ b/crypto/idea/i_ecb.c @@ -0,0 +1,138 @@ +/* crypto/idea/i_ecb.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "idea.h" +#include "idea_lcl.h" + +char *IDEA_version="IDEA part of SSLeay 0.8.1b 29-Jun-1998"; + +char *idea_options() + { + if (sizeof(short) != sizeof(IDEA_INT)) + return("idea(int)"); + else + return("idea(short)"); + } + +void idea_ecb_encrypt(in, out, ks) +unsigned char *in; +unsigned char *out; +IDEA_KEY_SCHEDULE *ks; + { + unsigned long l0,l1,d[2]; + + n2l(in,l0); d[0]=l0; + n2l(in,l1); d[1]=l1; + idea_encrypt(d,ks); + l0=d[0]; l2n(l0,out); + l1=d[1]; l2n(l1,out); + l0=l1=d[0]=d[1]=0; + } + +void idea_encrypt(d,key) +unsigned long *d; +IDEA_KEY_SCHEDULE *key; + { + int i; + register IDEA_INT *p; + register unsigned long x1,x2,x3,x4,t0,t1,ul; + + x2=d[0]; + x1=(x2>>16); + x4=d[1]; + x3=(x4>>16); + + p= &(key->data[0][0]); + for (i=0; i<8; i++) + { + x1&=0xffff; + idea_mul(x1,x1,*p,ul); p++; + + x2+= *(p++); + x3+= *(p++); + + x4&=0xffff; + idea_mul(x4,x4,*p,ul); p++; + + t0=(x1^x3)&0xffff; + idea_mul(t0,t0,*p,ul); p++; + + t1=(t0+(x2^x4))&0xffff; + idea_mul(t1,t1,*p,ul); p++; + + t0+=t1; + + x1^=t1; + x4^=t0; + ul=x2^t0; /* do the swap to x3 */ + x2=x3^t1; + x3=ul; + } + + x1&=0xffff; + idea_mul(x1,x1,*p,ul); p++; + + t0= x3+ *(p++); + t1= x2+ *(p++); + + x4&=0xffff; + idea_mul(x4,x4,*p,ul); + + d[0]=(t0&0xffff)|((x1&0xffff)<<16); + d[1]=(x4&0xffff)|((t1&0xffff)<<16); + } diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c new file mode 100644 index 0000000000000000000000000000000000000000..43a9584a370ef86aadbe1051aec7d1d9138bd00b --- /dev/null +++ b/crypto/idea/i_ofb64.c @@ -0,0 +1,115 @@ +/* crypto/idea/i_ofb64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "idea.h" +#include "idea_lcl.h" + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void idea_ofb64_encrypt(in, out, length, schedule, ivec, num) +unsigned char *in; +unsigned char *out; +long length; +IDEA_KEY_SCHEDULE *schedule; +unsigned char *ivec; +int *num; + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned char d[8]; + register char *dp; + unsigned long ti[2]; + unsigned char *iv; + int save=0; + + iv=(unsigned char *)ivec; + n2l(iv,v0); + n2l(iv,v1); + ti[0]=v0; + ti[1]=v1; + dp=(char *)d; + l2n(v0,dp); + l2n(v1,dp); + while (l--) + { + if (n == 0) + { + idea_encrypt((unsigned long *)ti,schedule); + dp=(char *)d; + t=ti[0]; l2n(t,dp); + t=ti[1]; l2n(t,dp); + save++; + } + *(out++)= *(in++)^d[n]; + n=(n+1)&0x07; + } + if (save) + { + v0=ti[0]; + v1=ti[1]; + iv=(unsigned char *)ivec; + l2n(v0,iv); + l2n(v1,iv); + } + t=v0=v1=ti[0]=ti[1]=0; + *num=n; + } + diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c new file mode 100644 index 0000000000000000000000000000000000000000..fcbdb691e23d4f32e9540be499ab2b6074da1b53 --- /dev/null +++ b/crypto/idea/i_skey.c @@ -0,0 +1,166 @@ +/* crypto/idea/i_skey.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "idea.h" +#include "idea_lcl.h" + +#ifndef NOPROTO +static IDEA_INT inverse(unsigned int xin); +#else +static IDEA_INT inverse(); +#endif + +void idea_set_encrypt_key(key, ks) +unsigned char *key; +IDEA_KEY_SCHEDULE *ks; + { + int i; + register IDEA_INT *kt,*kf,r0,r1,r2; + + kt= &(ks->data[0][0]); + n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]); + n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]); + + kf=kt; + kt+=8; + for (i=0; i<6; i++) + { + r2= kf[1]; + r1= kf[2]; + *(kt++)= ((r2<<9) | (r1>>7))&0xffff; + r0= kf[3]; + *(kt++)= ((r1<<9) | (r0>>7))&0xffff; + r1= kf[4]; + *(kt++)= ((r0<<9) | (r1>>7))&0xffff; + r0= kf[5]; + *(kt++)= ((r1<<9) | (r0>>7))&0xffff; + r1= kf[6]; + *(kt++)= ((r0<<9) | (r1>>7))&0xffff; + r0= kf[7]; + *(kt++)= ((r1<<9) | (r0>>7))&0xffff; + r1= kf[0]; + if (i >= 5) break; + *(kt++)= ((r0<<9) | (r1>>7))&0xffff; + *(kt++)= ((r1<<9) | (r2>>7))&0xffff; + kf+=8; + } + } + +void idea_set_decrypt_key(ek, dk) +IDEA_KEY_SCHEDULE *ek; +IDEA_KEY_SCHEDULE *dk; + { + int r; + register IDEA_INT *fp,*tp,t; + + tp= &(dk->data[0][0]); + fp= &(ek->data[8][0]); + for (r=0; r<9; r++) + { + *(tp++)=inverse(fp[0]); + *(tp++)=((int)(0x10000L-fp[2])&0xffff); + *(tp++)=((int)(0x10000L-fp[1])&0xffff); + *(tp++)=inverse(fp[3]); + if (r == 8) break; + fp-=6; + *(tp++)=fp[4]; + *(tp++)=fp[5]; + } + + tp= &(dk->data[0][0]); + t=tp[1]; + tp[1]=tp[2]; + tp[2]=t; + + t=tp[49]; + tp[49]=tp[50]; + tp[50]=t; + } + +/* taken directly from the 'paper' I'll have a look at it later */ +static IDEA_INT inverse(xin) +unsigned int xin; + { + long n1,n2,q,r,b1,b2,t; + + if (xin == 0) + b2=0; + else + { + n1=0x10001; + n2=xin; + b2=1; + b1=0; + + do { + r=(n1%n2); + q=(n1-r)/n2; + if (r == 0) + { if (b2 < 0) b2=0x10001+b2; } + else + { + n1=n2; + n2=r; + t=b2; + b2=b1-q*b2; + b1=t; + } + } while (r != 0); + } + return((IDEA_INT)b2); + } diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h new file mode 100644 index 0000000000000000000000000000000000000000..e0eb4e0d6335c759066e8688631ec7ade5afe6c7 --- /dev/null +++ b/crypto/idea/idea.h @@ -0,0 +1,116 @@ +/* crypto/idea/idea.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify idea.org since idea.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + + +#ifndef HEADER_IDEA_H +#define HEADER_IDEA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define IDEA_ENCRYPT 1 +#define IDEA_DECRYPT 0 + +#define IDEA_INT unsigned int +#define IDEA_BLOCK 8 +#define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st + { + IDEA_INT data[9][6]; + } IDEA_KEY_SCHEDULE; + +#ifndef NOPROTO +char *idea_options(void); +void idea_ecb_encrypt(unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_cbc_encrypt(unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); +void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num,int enc); +void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); +void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); +#else +char *idea_options(); +void idea_ecb_encrypt(); +void idea_set_encrypt_key(); +void idea_set_decrypt_key(); +void idea_cbc_encrypt(); +void idea_cfb64_encrypt(); +void idea_ofb64_encrypt(); +void idea_encrypt(); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/idea/idea.org b/crypto/idea/idea.org new file mode 100644 index 0000000000000000000000000000000000000000..e0eb4e0d6335c759066e8688631ec7ade5afe6c7 --- /dev/null +++ b/crypto/idea/idea.org @@ -0,0 +1,116 @@ +/* crypto/idea/idea.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify idea.org since idea.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + + +#ifndef HEADER_IDEA_H +#define HEADER_IDEA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define IDEA_ENCRYPT 1 +#define IDEA_DECRYPT 0 + +#define IDEA_INT unsigned int +#define IDEA_BLOCK 8 +#define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st + { + IDEA_INT data[9][6]; + } IDEA_KEY_SCHEDULE; + +#ifndef NOPROTO +char *idea_options(void); +void idea_ecb_encrypt(unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_cbc_encrypt(unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); +void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num,int enc); +void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); +void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); +#else +char *idea_options(); +void idea_ecb_encrypt(); +void idea_set_encrypt_key(); +void idea_set_decrypt_key(); +void idea_cbc_encrypt(); +void idea_cfb64_encrypt(); +void idea_ofb64_encrypt(); +void idea_encrypt(); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h new file mode 100644 index 0000000000000000000000000000000000000000..fcd007f2b44f30d532b9a43901f0f38b0d64f286 --- /dev/null +++ b/crypto/idea/idea_lcl.h @@ -0,0 +1,197 @@ +/* crypto/idea/idea_lcl.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* The new form of this macro (check if the a*b == 0) was sugested by + * Colin Plumb */ +/* Removal of the inner if from from Wei Dai 24/4/96 */ +#define idea_mul(r,a,b,ul) \ +ul=(unsigned long)a*b; \ +if (ul != 0) \ + { \ + r=(ul&0xffff)-(ul>>16); \ + r-=((r)>>16); \ +/* if (r&0xffff0000L) r=(r+0x10001); */ \ + } \ +else \ + r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ \ + +#ifdef undef +#define idea_mul(r,a,b,ul,sl) \ +if (a == 0) r=(0x10001-b)&0xffff; \ +else if (b == 0) r=(0x10001-a)&0xffff; \ +else { \ + ul=(unsigned long)a*b; \ + sl=(ul&0xffff)-(ul>>16); \ + if (sl <= 0) sl+=0x10001; \ + r=sl; \ + } +#endif + +/* 7/12/95 - Many thanks to Rhys Weatherley + * for pointing out that I was assuming little endian + * byte order for all quantities what idea + * actually used bigendian. No where in the spec does it mention + * this, it is all in terms of 16 bit numbers and even the example + * does not use byte streams for the input example :-(. + * If you byte swap each pair of input, keys and iv, the functions + * would produce the output as the old version :-(. + */ + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +#undef s2n +#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) + +#undef n2s +#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ + l|=((IDEA_INT)(*((c)++))) ) + +#ifdef undef +/* NOTE - c is not incremented as per c2l */ +#define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +/* NOTE - c is not incremented as per l2c */ +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +#undef c2s +#define c2s(c,l) (l =((unsigned long)(*((c)++))) , \ + l|=((unsigned long)(*((c)++)))<< 8L) + +#undef s2c +#define s2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) + +#undef c2l +#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<<24L) + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +#endif diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c new file mode 100644 index 0000000000000000000000000000000000000000..ee01ba5b2cece650311b73fd15933f694d0a0db1 --- /dev/null +++ b/crypto/idea/ideatest.c @@ -0,0 +1,232 @@ +/* crypto/idea/ideatest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "idea.h" + +unsigned char k[16]={ + 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04, + 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08}; + +unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03}; +unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5}; +unsigned char out[80]; + +char *text="Hello to all people out there"; + +static unsigned char cfb_key[16]={ + 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96, + 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e, + }; +static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd}; +static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; +#define CFB_TEST_SIZE 24 +static unsigned char plain[CFB_TEST_SIZE]= + { + 0x4e,0x6f,0x77,0x20,0x69,0x73, + 0x20,0x74,0x68,0x65,0x20,0x74, + 0x69,0x6d,0x65,0x20,0x66,0x6f, + 0x72,0x20,0x61,0x6c,0x6c,0x20 + }; +static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ + 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F, + 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, + 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 + +/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ + }; + +#ifndef NOPROTO +static int cfb64_test(unsigned char *cfb_cipher); +static char *pt(unsigned char *p); +#else +static int cfb64_test(); +static char *pt(); +#endif + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,err=0; + IDEA_KEY_SCHEDULE key,dkey; + unsigned char iv[8]; + + idea_set_encrypt_key(k,&key); + idea_ecb_encrypt(in,out,&key); + if (memcmp(out,c,8) != 0) + { + printf("ecb idea error encrypting\n"); + printf("got :"); + for (i=0; i<8; i++) + printf("%02X ",out[i]); + printf("\n"); + printf("expected:"); + for (i=0; i<8; i++) + printf("%02X ",c[i]); + err=20; + printf("\n"); + } + + idea_set_decrypt_key(&key,&dkey); + idea_ecb_encrypt(c,out,&dkey); + if (memcmp(out,in,8) != 0) + { + printf("ecb idea error decrypting\n"); + printf("got :"); + for (i=0; i<8; i++) + printf("%02X ",out[i]); + printf("\n"); + printf("expected:"); + for (i=0; i<8; i++) + printf("%02X ",in[i]); + printf("\n"); + err=3; + } + + if (err == 0) printf("ecb idea ok\n"); + + memcpy(iv,k,8); + idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1); + memcpy(iv,k,8); + idea_cbc_encrypt(out,out,8,&dkey,iv,0); + idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0); + if (memcmp(text,out,strlen(text)+1) != 0) + { + printf("cbc idea bad\n"); + err=4; + } + else + printf("cbc idea ok\n"); + + printf("cfb64 idea "); + if (cfb64_test(cfb_cipher64)) + { + printf("bad\n"); + err=5; + } + else + printf("ok\n"); + + exit(err); + return(err); + } + +static int cfb64_test(cfb_cipher) +unsigned char *cfb_cipher; + { + IDEA_KEY_SCHEDULE eks,dks; + int err=0,i,n; + + idea_set_encrypt_key(cfb_key,&eks); + idea_set_decrypt_key(&eks,&dks); + memcpy(cfb_tmp,cfb_iv,8); + n=0; + idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks, + cfb_tmp,&n,IDEA_ENCRYPT); + idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), + (long)CFB_TEST_SIZE-12,&eks, + cfb_tmp,&n,IDEA_ENCRYPT); + if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0) + { + err=1; + printf("idea_cfb64_encrypt encrypt error\n"); + for (i=0; i>4)&0xf]; + ret[i*2+1]=f[p[i]&0xf]; + } + ret[16]='\0'; + return(ret); + } + diff --git a/crypto/idea/version b/crypto/idea/version new file mode 100644 index 0000000000000000000000000000000000000000..3f22293795490e168921c91d77c57ac092b0d5b6 --- /dev/null +++ b/crypto/idea/version @@ -0,0 +1,12 @@ +1.1 07/12/95 - eay + Many thanks to Rhys Weatherley + for pointing out that I was assuming little endian byte + order for all quantities what idea actually used + bigendian. No where in the spec does it mention + this, it is all in terms of 16 bit numbers and even the example + does not use byte streams for the input example :-(. + If you byte swap each pair of input, keys and iv, the functions + would produce the output as the old version :-(. + +1.0 ??/??/95 - eay + First version. diff --git a/crypto/lhash/Makefile.ssl b/crypto/lhash/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..cb08547b4fc18c98ad5fabb9b97a01c3d63080bd --- /dev/null +++ b/crypto/lhash/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/lhash/Makefile +# + +DIR= lhash +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=lhash.c lh_stats.c +LIBOBJ=lhash.o lh_stats.o + +SRC= $(LIBSRC) + +EXHEADER= lhash.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c new file mode 100644 index 0000000000000000000000000000000000000000..824eb6215c1216f76970b634f153eaf35ed27711 --- /dev/null +++ b/crypto/lhash/lh_stats.c @@ -0,0 +1,289 @@ +/* crypto/lhash/lh_stats.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +/* If you wish to build this outside of SSLeay, remove the following line + * and things should work as expected */ +#include "bio.h" + +#include "lhash.h" + +#ifndef HEADER_BIO_H + +void lh_stats(lh, out) +LHASH *lh; +FILE *out; + { + fprintf(out,"num_items = %lu\n",lh->num_items); + fprintf(out,"num_nodes = %u\n",lh->num_nodes); + fprintf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); + fprintf(out,"num_expands = %lu\n",lh->num_expands); + fprintf(out,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); + fprintf(out,"num_contracts = %lu\n",lh->num_contracts); + fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); + fprintf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); + fprintf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); + fprintf(out,"num_insert = %lu\n",lh->num_insert); + fprintf(out,"num_replace = %lu\n",lh->num_replace); + fprintf(out,"num_delete = %lu\n",lh->num_delete); + fprintf(out,"num_no_delete = %lu\n",lh->num_no_delete); + fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); + fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); + fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); +#ifdef DEBUG + fprintf(out,"p = %u\n",lh->p); + fprintf(out,"pmax = %u\n",lh->pmax); + fprintf(out,"up_load = %lu\n",lh->up_load); + fprintf(out,"down_load = %lu\n",lh->down_load); +#endif + } + +void lh_node_stats(lh, out) +LHASH *lh; +FILE *out; + { + LHASH_NODE *n; + unsigned int i,num; + + for (i=0; inum_nodes; i++) + { + for (n=lh->b[i],num=0; n != NULL; n=n->next) + num++; + fprintf(out,"node %6u -> %3u\n",i,num); + } + } + +void lh_node_usage_stats(lh, out) +LHASH *lh; +FILE *out; + { + LHASH_NODE *n; + unsigned long num; + unsigned int i; + unsigned long total=0,n_used=0; + + for (i=0; inum_nodes; i++) + { + for (n=lh->b[i],num=0; n != NULL; n=n->next) + num++; + if (num != 0) + { + n_used++; + total+=num; + } + } + fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); + fprintf(out,"%lu items\n",total); + if (n_used == 0) return; + fprintf(out,"load %d.%02d actual load %d.%02d\n", + (int)(total/lh->num_nodes), + (int)((total%lh->num_nodes)*100/lh->num_nodes), + (int)(total/n_used), + (int)((total%n_used)*100/n_used)); + } + +#else + +#ifndef WIN16 +void lh_stats(lh,fp) +LHASH *lh; +FILE *fp; + { + BIO *bp; + + bp=BIO_new(BIO_s_file()); + if (bp == NULL) goto end; + BIO_set_fp(bp,fp,BIO_NOCLOSE); + lh_stats_bio(lh,bp); + BIO_free(bp); +end:; + } + +void lh_node_stats(lh,fp) +LHASH *lh; +FILE *fp; + { + BIO *bp; + + bp=BIO_new(BIO_s_file()); + if (bp == NULL) goto end; + BIO_set_fp(bp,fp,BIO_NOCLOSE); + lh_node_stats_bio(lh,bp); + BIO_free(bp); +end:; + } + +void lh_node_usage_stats(lh,fp) +LHASH *lh; +FILE *fp; + { + BIO *bp; + + bp=BIO_new(BIO_s_file()); + if (bp == NULL) goto end; + BIO_set_fp(bp,fp,BIO_NOCLOSE); + lh_node_usage_stats_bio(lh,bp); + BIO_free(bp); +end:; + } + +#endif + +void lh_stats_bio(lh, out) +LHASH *lh; +BIO *out; + { + char buf[128]; + + sprintf(buf,"num_items = %lu\n",lh->num_items); + BIO_puts(out,buf); + sprintf(buf,"num_nodes = %u\n",lh->num_nodes); + BIO_puts(out,buf); + sprintf(buf,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); + BIO_puts(out,buf); + sprintf(buf,"num_expands = %lu\n",lh->num_expands); + BIO_puts(out,buf); + sprintf(buf,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); + BIO_puts(out,buf); + sprintf(buf,"num_contracts = %lu\n",lh->num_contracts); + BIO_puts(out,buf); + sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); + BIO_puts(out,buf); + sprintf(buf,"num_hash_calls = %lu\n",lh->num_hash_calls); + BIO_puts(out,buf); + sprintf(buf,"num_comp_calls = %lu\n",lh->num_comp_calls); + BIO_puts(out,buf); + sprintf(buf,"num_insert = %lu\n",lh->num_insert); + BIO_puts(out,buf); + sprintf(buf,"num_replace = %lu\n",lh->num_replace); + BIO_puts(out,buf); + sprintf(buf,"num_delete = %lu\n",lh->num_delete); + BIO_puts(out,buf); + sprintf(buf,"num_no_delete = %lu\n",lh->num_no_delete); + BIO_puts(out,buf); + sprintf(buf,"num_retrieve = %lu\n",lh->num_retrieve); + BIO_puts(out,buf); + sprintf(buf,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); + BIO_puts(out,buf); + sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); + BIO_puts(out,buf); +#ifdef DEBUG + sprintf(buf,"p = %u\n",lh->p); + BIO_puts(out,buf); + sprintf(buf,"pmax = %u\n",lh->pmax); + BIO_puts(out,buf); + sprintf(buf,"up_load = %lu\n",lh->up_load); + BIO_puts(out,buf); + sprintf(buf,"down_load = %lu\n",lh->down_load); + BIO_puts(out,buf); +#endif + } + +void lh_node_stats_bio(lh, out) +LHASH *lh; +BIO *out; + { + LHASH_NODE *n; + unsigned int i,num; + char buf[128]; + + for (i=0; inum_nodes; i++) + { + for (n=lh->b[i],num=0; n != NULL; n=n->next) + num++; + sprintf(buf,"node %6u -> %3u\n",i,num); + BIO_puts(out,buf); + } + } + +void lh_node_usage_stats_bio(lh, out) +LHASH *lh; +BIO *out; + { + LHASH_NODE *n; + unsigned long num; + unsigned int i; + unsigned long total=0,n_used=0; + char buf[128]; + + for (i=0; inum_nodes; i++) + { + for (n=lh->b[i],num=0; n != NULL; n=n->next) + num++; + if (num != 0) + { + n_used++; + total+=num; + } + } + sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes); + BIO_puts(out,buf); + sprintf(buf,"%lu items\n",total); + BIO_puts(out,buf); + if (n_used == 0) return; + sprintf(buf,"load %d.%02d actual load %d.%02d\n", + (int)(total/lh->num_nodes), + (int)((total%lh->num_nodes)*100/lh->num_nodes), + (int)(total/n_used), + (int)((total%n_used)*100/n_used)); + BIO_puts(out,buf); + } + +#endif diff --git a/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c new file mode 100644 index 0000000000000000000000000000000000000000..f90b3bbd24ae699104898ca302494baf0daa5f4b --- /dev/null +++ b/crypto/lhash/lh_test.c @@ -0,0 +1,89 @@ +/* crypto/lhash/lh_test.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "lhash.h" + +main() + { + LHASH *conf; + char buf[256]; + int i; + + conf=lh_new(lh_strhash,strcmp); + for (;;) + { + char *p; + + buf[0]='\0'; + fgets(buf,256,stdin); + if (buf[0] == '\0') break; + buf[256]='\0'; + i=strlen(buf); + p=Malloc(i+1); + memcpy(p,buf,i+1); + lh_insert(conf,p); + } + + lh_node_stats(conf,stdout); + lh_stats(conf,stdout); + lh_node_usage_stats(conf,stdout); + exit(0); + } diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c new file mode 100644 index 0000000000000000000000000000000000000000..3e6124894626f6c898f2b520a4f1d24950158978 --- /dev/null +++ b/crypto/lhash/lhash.c @@ -0,0 +1,489 @@ +/* crypto/lhash/lhash.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +char *lh_version="lhash part of SSLeay 0.8.1b 29-Jun-1998"; + +/* Code for dynamic hash table routines + * Author - Eric Young v 2.0 + * + * 2.0 eay - Fixed a bug that occured when using lh_delete + * from inside lh_doall(). As entries were deleted, + * the 'table' was 'contract()ed', making some entries + * jump from the end of the table to the start, there by + * skiping the lh_doall() processing. eay - 4/12/95 + * + * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs + * were not being free()ed. 21/11/95 + * + * 1.8 eay - Put the stats routines into a separate file, lh_stats.c + * 19/09/95 + * + * 1.7 eay - Removed the fputs() for realloc failures - the code + * should silently tolerate them. I have also fixed things + * lint complained about 04/05/95 + * + * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92 + * + * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992 + * + * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91 + * + * 1.3 eay - Fixed a few lint problems 19/3/1991 + * + * 1.2 eay - Fixed lh_doall problem 13/3/1991 + * + * 1.1 eay - Added lh_doall + * + * 1.0 eay - First version + */ +#include +#include +#include +#include "lhash.h" + +#undef MIN_NODES +#define MIN_NODES 16 +#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ +#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ + +#ifndef NOPROTO + +#define P_CP char * +#define P_CPP char *,char * +static void expand(LHASH *lh); +static void contract(LHASH *lh); +static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash); + +#else + +#define P_CP +#define P_CPP +static void expand(); +static void contract(); +static LHASH_NODE **getrn(); + +#endif + +LHASH *lh_new(h, c) +unsigned long (*h)(); +int (*c)(); + { + LHASH *ret; + int i; + + if ((ret=(LHASH *)malloc(sizeof(LHASH))) == NULL) + goto err0; + if ((ret->b=(LHASH_NODE **)malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) + goto err1; + for (i=0; ib[i]=NULL; + ret->comp=((c == NULL)?(int (*)())strcmp:c); + ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h); + ret->num_nodes=MIN_NODES/2; + ret->num_alloc_nodes=MIN_NODES; + ret->p=0; + ret->pmax=MIN_NODES/2; + ret->up_load=UP_LOAD; + ret->down_load=DOWN_LOAD; + ret->num_items=0; + + ret->num_expands=0; + ret->num_expand_reallocs=0; + ret->num_contracts=0; + ret->num_contract_reallocs=0; + ret->num_hash_calls=0; + ret->num_comp_calls=0; + ret->num_insert=0; + ret->num_replace=0; + ret->num_delete=0; + ret->num_no_delete=0; + ret->num_retrieve=0; + ret->num_retrieve_miss=0; + ret->num_hash_comps=0; + + return(ret); +err1: + free((char *)ret); +err0: + return(NULL); + } + +void lh_free(lh) +LHASH *lh; + { + unsigned int i; + LHASH_NODE *n,*nn; + + for (i=0; inum_nodes; i++) + { + n=lh->b[i]; + while (n != NULL) + { + nn=n->next; + free(n); + n=nn; + } + } + free((char *)lh->b); + free((char *)lh); + } + +char *lh_insert(lh, data) +LHASH *lh; +char *data; + { + unsigned long hash; + LHASH_NODE *nn,**rn; + char *ret; + + if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) + expand(lh); + + rn=getrn(lh,data,&hash); + + if (*rn == NULL) + { + if ((nn=(LHASH_NODE *)malloc(sizeof(LHASH_NODE))) == NULL) + return(NULL); + nn->data=data; + nn->next=NULL; +#ifndef NO_HASH_COMP + nn->hash=hash; +#endif + *rn=nn; + ret=NULL; + lh->num_insert++; + lh->num_items++; + } + else /* replace same key */ + { + ret= (*rn)->data; + (*rn)->data=data; + lh->num_replace++; + } + return(ret); + } + +char *lh_delete(lh, data) +LHASH *lh; +char *data; + { + unsigned long hash; + LHASH_NODE *nn,**rn; + char *ret; + + rn=getrn(lh,data,&hash); + + if (*rn == NULL) + { + lh->num_no_delete++; + return(NULL); + } + else + { + nn= *rn; + *rn=nn->next; + ret=nn->data; + free((char *)nn); + lh->num_delete++; + } + + lh->num_items--; + if ((lh->num_nodes > MIN_NODES) && + (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) + contract(lh); + + return(ret); + } + +char *lh_retrieve(lh, data) +LHASH *lh; +char *data; + { + unsigned long hash; + LHASH_NODE **rn; + char *ret; + + rn=getrn(lh,data,&hash); + + if (*rn == NULL) + { + lh->num_retrieve_miss++; + return(NULL); + } + else + { + ret= (*rn)->data; + lh->num_retrieve++; + } + return(ret); + } + +void lh_doall(lh, func) +LHASH *lh; +void (*func)(); + { + lh_doall_arg(lh,func,NULL); + } + +void lh_doall_arg(lh, func, arg) +LHASH *lh; +void (*func)(); +char *arg; + { + int i; + LHASH_NODE *a,*n; + + /* reverse the order so we search from 'top to bottom' + * We were having memory leaks otherwise */ + for (i=lh->num_nodes-1; i>=0; i--) + { + a=lh->b[i]; + while (a != NULL) + { + /* 28/05/91 - eay - n added so items can be deleted + * via lh_doall */ + n=a->next; + func(a->data,arg); + a=n; + } + } + } + +static void expand(lh) +LHASH *lh; + { + LHASH_NODE **n,**n1,**n2,*np; + unsigned int p,i,j; + unsigned long hash,nni; + + lh->num_nodes++; + lh->num_expands++; + p=(int)lh->p++; + n1= &(lh->b[p]); + n2= &(lh->b[p+(int)lh->pmax]); + *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */ + nni=lh->num_alloc_nodes; + + for (np= *n1; np != NULL; ) + { +#ifndef NO_HASH_COMP + hash=np->hash; +#else + hash=(*(lh->hash))(np->data); + lh->num_hash_calls++; +#endif + if ((hash%nni) != p) + { /* move it */ + *n1= (*n1)->next; + np->next= *n2; + *n2=np; + } + else + n1= &((*n1)->next); + np= *n1; + } + + if ((lh->p) >= lh->pmax) + { + j=(int)lh->num_alloc_nodes*2; + n=(LHASH_NODE **)realloc((char *)lh->b, + (unsigned int)sizeof(LHASH_NODE *)*j); + if (n == NULL) + { +/* fputs("realloc error in lhash",stderr); */ + lh->p=0; + return; + } + /* else */ + for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; + lh->num_alloc_nodes=j; + lh->num_expand_reallocs++; + lh->p=0; + lh->b=n; + } + } + +static void contract(lh) +LHASH *lh; + { + LHASH_NODE **n,*n1,*np; + + np=lh->b[lh->p+lh->pmax-1]; + lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */ + if (lh->p == 0) + { + n=(LHASH_NODE **)realloc((char *)lh->b, + (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); + if (n == NULL) + { +/* fputs("realloc error in lhash",stderr); */ + return; + } + lh->num_contract_reallocs++; + lh->num_alloc_nodes/=2; + lh->pmax/=2; + lh->p=lh->pmax-1; + lh->b=n; + } + else + lh->p--; + + lh->num_nodes--; + lh->num_contracts++; + + n1=lh->b[(int)lh->p]; + if (n1 == NULL) + lh->b[(int)lh->p]=np; + else + { + while (n1->next != NULL) + n1=n1->next; + n1->next=np; + } + } + +static LHASH_NODE **getrn(lh, data, rhash) +LHASH *lh; +char *data; +unsigned long *rhash; + { + LHASH_NODE **ret,*n1; + unsigned long hash,nn; + int (*cf)(); + + hash=(*(lh->hash))(data); + lh->num_hash_calls++; + *rhash=hash; + + nn=hash%lh->pmax; + if (nn < lh->p) + nn=hash%lh->num_alloc_nodes; + + cf=lh->comp; + ret= &(lh->b[(int)nn]); + for (n1= *ret; n1 != NULL; n1=n1->next) + { +#ifndef NO_HASH_COMP + lh->num_hash_comps++; + if (n1->hash != hash) + { + ret= &(n1->next); + continue; + } +#endif + lh->num_comp_calls++; + if ((*cf)(n1->data,data) == 0) + break; + ret= &(n1->next); + } + return(ret); + } + +/* +static unsigned long lh_strhash(str) +char *str; + { + int i,l; + unsigned long ret=0; + unsigned short *s; + + if (str == NULL) return(0); + l=(strlen(str)+1)/2; + s=(unsigned short *)str; + for (i=0; i>2)^v)&0x0f; + ret=(ret<>(32-r)); + ret&=0xFFFFFFFFL; + ret^=v*v; + c++; + } + return((ret>>16)^ret); + } + diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h new file mode 100644 index 0000000000000000000000000000000000000000..66678cf3938615ab29d9363384cf6c292c36b821 --- /dev/null +++ b/crypto/lhash/lhash.h @@ -0,0 +1,155 @@ +/* crypto/lhash/lhash.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Header for dynamic hash table routines + * Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +#define HEADER_LHASH_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st + { + char *data; + struct lhash_node_st *next; +#ifndef NO_HASH_COMP + unsigned long hash; +#endif + } LHASH_NODE; + +typedef struct lhash_st + { + LHASH_NODE **b; + int (*comp)(); + unsigned long (*hash)(); + unsigned int num_nodes; + unsigned int num_alloc_nodes; + unsigned int p; + unsigned int pmax; + unsigned long up_load; /* load times 256 */ + unsigned long down_load; /* load times 256 */ + unsigned long num_items; + + unsigned long num_expands; + unsigned long num_expand_reallocs; + unsigned long num_contracts; + unsigned long num_contract_reallocs; + unsigned long num_hash_calls; + unsigned long num_comp_calls; + unsigned long num_insert; + unsigned long num_replace; + unsigned long num_delete; + unsigned long num_no_delete; + unsigned long num_retrieve; + unsigned long num_retrieve_miss; + unsigned long num_hash_comps; + } LHASH; + +#define LH_LOAD_MULT 256 + +#ifndef NOPROTO +LHASH *lh_new(unsigned long (*h)(), int (*c)()); +void lh_free(LHASH *lh); +char *lh_insert(LHASH *lh, char *data); +char *lh_delete(LHASH *lh, char *data); +char *lh_retrieve(LHASH *lh, char *data); +void lh_doall(LHASH *lh, void (*func)(/* char *b */)); +void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg); +unsigned long lh_strhash(char *c); + +#ifndef WIN16 +void lh_stats(LHASH *lh, FILE *out); +void lh_node_stats(LHASH *lh, FILE *out); +void lh_node_usage_stats(LHASH *lh, FILE *out); +#endif + +#ifdef HEADER_BIO_H +void lh_stats_bio(LHASH *lh, BIO *out); +void lh_node_stats_bio(LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(LHASH *lh, BIO *out); +#endif +#else +LHASH *lh_new(); +void lh_free(); +char *lh_insert(); +char *lh_delete(); +char *lh_retrieve(); +void lh_doall(); +void lh_doall_arg(); +unsigned long lh_strhash(); + +#ifndef WIN16 +void lh_stats(); +void lh_node_stats(); +void lh_node_usage_stats(); +#endif +void lh_stats_bio(); +void lh_node_stats_bio(); +void lh_node_usage_stats_bio(); +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/crypto/lhash/num.pl b/crypto/lhash/num.pl new file mode 100644 index 0000000000000000000000000000000000000000..30fedf9cd5ad8ae6e83fb290d572041bb7129fa9 --- /dev/null +++ b/crypto/lhash/num.pl @@ -0,0 +1,17 @@ +#!/usr/local/bin/perl + +#node 10 -> 4 + +while (<>) + { + next unless /^node/; + chop; + @a=split; + $num{$a[3]}++; + } + +@a=sort {$a <=> $b } keys %num; +foreach (0 .. $a[$#a]) + { + printf "%4d:%4d\n",$_,$num{$_}; + } diff --git a/crypto/libvms.com b/crypto/libvms.com new file mode 100755 index 0000000000000000000000000000000000000000..44f90c65b050401d2fff196dfd81618012c9fb49 --- /dev/null +++ b/crypto/libvms.com @@ -0,0 +1,31 @@ +$! +$! Compile crypto.c as several subset modules and insert in crypto-xxx.olb. +$! If P1 is specifed, it specifies alternate list of subsets to compile. +$! +$ libname = "CRYPTO-AXP.OLB" +$ subset_list = "LIB,ASN1,BN,BUFFER,CONF,DES,DH,DSA,ERROR,EVP,IDEA,LHASH,MD," + - + "METH,OBJECTS,PEM,RAND,RC,RSA,SHA,STACK,TXT_DB,X509" +$ if p1 .nes. "" then subset_list = p1 +$! +$ if f$getsyi("CPU") .lt. 128 then libname = "CRYPTO-VAX.OLB" +$ if f$search(libname) .eqs. "" then library/create/object/log 'libname' +$! +$ cc = "cc/include=[-.include]/prefix=all" + P2 +$! +$ i = 0 +$ next_subset: +$ subset = f$element(i,",",subset_list) +$ if subset .eqs. "," then goto done +$ i = i + 1 +$ create crypto_'subset'.subset +#include "crypto.c" +$ ofile = "sys$disk:[]crypto_" + subset + ".obj" +$ on warning then goto next_subset +$ write sys$output "Compiling ", ofile +$ cc /object='ofile' crypto_'subset'.subset - + /define=(CRYPTO_SUBSET,CRYPTO_'subset'_SUBSET) +$ library/replace/log 'libname'/module=CRYPTO_'subset' 'ofile' +$ goto next_subset +$! +$ done: +$ exit diff --git a/crypto/md/Makefile.ssl b/crypto/md/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..3e9dda703495fc66fe46556828553f57b8278774 --- /dev/null +++ b/crypto/md/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/md/Makefile +# + +DIR= md +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=md2test.c md5test.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c +LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o + +SRC= $(LIBSRC) + +EXHEADER= md2.h md5.h +HEADER= md5_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/md/md2.c b/crypto/md/md2.c new file mode 100644 index 0000000000000000000000000000000000000000..f3a65b914fe01ba109e43264022502a7c3f6df96 --- /dev/null +++ b/crypto/md/md2.c @@ -0,0 +1,137 @@ +/* crypto/md/md2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "md2.h" + +#define BUFSIZE 1024*16 + +#ifndef NOPROTO +void do_fp(FILE *f); +void pt(unsigned char *md); +int read(int, void *, unsigned int); +void exit(int); +void perror(const char *); +#else +void do_fp(); +void pt(); +int read(); +void exit(); +void perror(); +#endif + +int main(argc, argv) +int argc; +char *argv[]; + { + int i,err=0; + FILE *IN; + + if (argc == 1) + { + do_fp(stdin); + } + else + { + for (i=1; i +#include +#include +#include "md2.h" + +char *MD2_version="MD2 part of SSLeay 0.8.1b 29-Jun-1998"; + +/* Implemented from RFC1319 The MD2 Message-Digest Algorithm + */ + +#define UCHAR unsigned char + +#ifndef NOPROTO +static void md2_block(MD2_CTX *c, unsigned char *d); +#else +static void md2_block(); +#endif + +/* The magic S table - I have converted it to hex since it is + * basicaly just a random byte string. */ +static MD2_INT S[256]={ + 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, + 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, + 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, + 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, + 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, + 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, + 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, + 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, + 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, + 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, + 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, + 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, + 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, + 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, + 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, + 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, + 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, + 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, + 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, + 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, + 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, + 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, + 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, + 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, + 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, + 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, + 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, + 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, + 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, + 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, + 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, + 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, + }; + +char *MD2_options() + { + if (sizeof(MD2_INT) == 1) + return("md2(char)"); + else + return("md2(int)"); + } + +void MD2_Init(c) +MD2_CTX *c; + { + c->num=0; + memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); + memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); + memset(c->data,0,MD2_BLOCK); + } + +void MD2_Update(c, data, len) +MD2_CTX *c; +register unsigned char *data; +unsigned long len; + { + register UCHAR *p; + + if (len == 0) return; + + p=c->data; + if (c->num != 0) + { + if ((c->num+len) >= MD2_BLOCK) + { + memcpy(&(p[c->num]),data,MD2_BLOCK-c->num); + md2_block(c,c->data); + data+=(MD2_BLOCK - c->num); + len-=(MD2_BLOCK - c->num); + c->num=0; + /* drop through and do the rest */ + } + else + { + memcpy(&(p[c->num]),data,(int)len); + /* data+=len; */ + c->num+=(int)len; + return; + } + } + /* we now can process the input data in blocks of MD2_BLOCK + * chars and save the leftovers to c->data. */ + while (len >= MD2_BLOCK) + { + md2_block(c,data); + data+=MD2_BLOCK; + len-=MD2_BLOCK; + } + memcpy(p,data,(int)len); + c->num=(int)len; + } + +static void md2_block(c, d) +MD2_CTX *c; +unsigned char *d; + { + register MD2_INT t,*sp1,*sp2; + register int i,j; + MD2_INT state[48]; + + sp1=c->state; + sp2=c->cksm; + j=sp2[MD2_BLOCK-1]; + for (i=0; i<16; i++) + { + state[i]=sp1[i]; + state[i+16]=t=d[i]; + state[i+32]=(t^sp1[i]); + j=sp2[i]^=S[t^j]; + } + t=0; + for (i=0; i<18; i++) + { + for (j=0; j<48; j+=8) + { + t= state[j+ 0]^=S[t]; + t= state[j+ 1]^=S[t]; + t= state[j+ 2]^=S[t]; + t= state[j+ 3]^=S[t]; + t= state[j+ 4]^=S[t]; + t= state[j+ 5]^=S[t]; + t= state[j+ 6]^=S[t]; + t= state[j+ 7]^=S[t]; + } + t=(t+i)&0xff; + } + memcpy(sp1,state,16*sizeof(MD2_INT)); + memset(state,0,48*sizeof(MD2_INT)); + } + +void MD2_Final(md, c) +unsigned char *md; +MD2_CTX *c; + { + int i,v; + register UCHAR *cp; + register MD2_INT *p1,*p2; + + cp=c->data; + p1=c->state; + p2=c->cksm; + v=MD2_BLOCK-c->num; + for (i=c->num; i +#include "cryptlib.h" +#include "md2.h" + +/* This is a separate file so that #defines in cryptlib.h can + * map my MD functions to different names */ + +unsigned char *MD2(d, n, md) +unsigned char *d; +unsigned long n; +unsigned char *md; + { + MD2_CTX c; + static unsigned char m[MD2_DIGEST_LENGTH]; + + if (md == NULL) md=m; + MD2_Init(&c); + MD2_Update(&c,d,n); + MD2_Final(md,&c); + memset(&c,0,sizeof(c)); /* Security consideration */ + return(md); + } diff --git a/crypto/md/md2test.c b/crypto/md/md2test.c new file mode 100644 index 0000000000000000000000000000000000000000..6e51245b2a4dae2fdb524d2bfef5cd4fda1120aa --- /dev/null +++ b/crypto/md/md2test.c @@ -0,0 +1,130 @@ +/* crypto/md/md2test.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "md2.h" + +char *test[]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, + }; + +char *ret[]={ + "8350e5a3e24c153df2275c9f80692773", + "32ec01ec4a6dac72c0ab96fb34c0b5d1", + "da853b0d3f88d99b30283a69e6ded6bb", + "ab4f496bfb2a530b219ff33031fe06b0", + "4e8ddff3650292ab5a4108c3aa47940b", + "da33def2a42df13975352846c30338cd", + "d5976f79d83d3a0dc9806c3c66f3efd8", + }; + +#ifndef NOPROTO +static char *pt(unsigned char *md); +#else +static char *pt(); +#endif + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,err=0; + char **P,**R; + char *p; + + P=test; + R=ret; + i=1; + while (*P != NULL) + { + p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL)); + if (strcmp(p,*R) != 0) + { + printf("error calculating MD2 on '%s'\n",*P); + printf("got %s instead of %s\n",p,*R); + err++; + } + else + printf("test %d ok\n",i); + i++; + R++; + P++; + } + exit(err); + return(0); + } + +static char *pt(md) +unsigned char *md; + { + int i; + static char buf[80]; + + for (i=0; i +#include +#include "md5.h" + +#define BUFSIZE 1024*16 + +#ifndef NOPROTO +void do_fp(FILE *f); +void pt(unsigned char *md); +int read(int, void *, unsigned int); +#else +void do_fp(); +void pt(); +int read(); +#endif + +int main(argc, argv) +int argc; +char **argv; + { + int i,err=0; + FILE *IN; + + if (argc == 1) + { + do_fp(stdin); + } + else + { + for (i=1; i +#include "md5_locl.h" + +char *MD5_version="MD5 part of SSLeay 0.8.1b 29-Jun-1998"; + +/* Implemented from RFC1321 The MD5 Message-Digest Algorithm + */ + +#define INIT_DATA_A (unsigned long)0x67452301L +#define INIT_DATA_B (unsigned long)0xefcdab89L +#define INIT_DATA_C (unsigned long)0x98badcfeL +#define INIT_DATA_D (unsigned long)0x10325476L + +#ifndef NOPROTO +static void md5_block(MD5_CTX *c, unsigned long *p); +#else +static void md5_block(); +#endif + +void MD5_Init(c) +MD5_CTX *c; + { + c->A=INIT_DATA_A; + c->B=INIT_DATA_B; + c->C=INIT_DATA_C; + c->D=INIT_DATA_D; + c->Nl=0; + c->Nh=0; + c->num=0; + } + +void MD5_Update(c, data, len) +MD5_CTX *c; +register unsigned char *data; +unsigned long len; + { + register ULONG *p; + int sw,sc; + ULONG l; + + if (len == 0) return; + + l=(c->Nl+(len<<3))&0xffffffffL; + /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to + * Wei Dai for pointing it out. */ + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh+=(len>>29); + c->Nl=l; + + if (c->num != 0) + { + p=c->data; + sw=c->num>>2; + sc=c->num&0x03; + + if ((c->num+len) >= MD5_CBLOCK) + { + l= p[sw]; + p_c2l(data,l,sc); + p[sw++]=l; + for (; swnum); + + md5_block(c,p); + c->num=0; + /* drop through and do the rest */ + } + else + { + int ew,ec; + + c->num+=(int)len; + if ((sc+len) < 4) /* ugly, add char's to a word */ + { + l= p[sw]; + p_c2l_p(data,l,sc,len); + p[sw]=l; + } + else + { + ew=(c->num>>2); + ec=(c->num&0x03); + l= p[sw]; + p_c2l(data,l,sc); + p[sw++]=l; + for (; sw < ew; sw++) + { c2l(data,l); p[sw]=l; } + if (ec) + { + c2l_p(data,l,ec); + p[sw]=l; + } + } + return; + } + } + /* we now can process the input data in blocks of MD5_CBLOCK + * chars and save the leftovers to c->data. */ + p=c->data; + while (len >= MD5_CBLOCK) + { +#if defined(L_ENDIAN) || defined(B_ENDIAN) + memcpy(p,data,MD5_CBLOCK); + data+=MD5_CBLOCK; +#ifdef B_ENDIAN + for (sw=(MD5_LBLOCK/4); sw; sw--) + { + Endian_Reverse32(p[0]); + Endian_Reverse32(p[1]); + Endian_Reverse32(p[2]); + Endian_Reverse32(p[3]); + p+=4; + } +#endif +#else + for (sw=(MD5_LBLOCK/4); sw; sw--) + { + c2l(data,l); *(p++)=l; + c2l(data,l); *(p++)=l; + c2l(data,l); *(p++)=l; + c2l(data,l); *(p++)=l; + } +#endif + p=c->data; + md5_block(c,p); + len-=MD5_CBLOCK; + } + sc=(int)len; + c->num=sc; + if (sc) + { + sw=sc>>2; /* words to copy */ +#ifdef L_ENDIAN + p[sw]=0; + memcpy(p,data,sc); +#else + sc&=0x03; + for ( ; sw; sw--) + { c2l(data,l); *(p++)=l; } + c2l_p(data,l,sc); + *p=l; +#endif + } + } + +static void md5_block(c, X) +MD5_CTX *c; +register ULONG *X; + { + register ULONG A,B,C,D; + + A=c->A; + B=c->B; + C=c->C; + D=c->D; + + /* Round 0 */ + R0(A,B,C,D,X[ 0], 7,0xd76aa478L); + R0(D,A,B,C,X[ 1],12,0xe8c7b756L); + R0(C,D,A,B,X[ 2],17,0x242070dbL); + R0(B,C,D,A,X[ 3],22,0xc1bdceeeL); + R0(A,B,C,D,X[ 4], 7,0xf57c0fafL); + R0(D,A,B,C,X[ 5],12,0x4787c62aL); + R0(C,D,A,B,X[ 6],17,0xa8304613L); + R0(B,C,D,A,X[ 7],22,0xfd469501L); + R0(A,B,C,D,X[ 8], 7,0x698098d8L); + R0(D,A,B,C,X[ 9],12,0x8b44f7afL); + R0(C,D,A,B,X[10],17,0xffff5bb1L); + R0(B,C,D,A,X[11],22,0x895cd7beL); + R0(A,B,C,D,X[12], 7,0x6b901122L); + R0(D,A,B,C,X[13],12,0xfd987193L); + R0(C,D,A,B,X[14],17,0xa679438eL); + R0(B,C,D,A,X[15],22,0x49b40821L); + /* Round 1 */ + R1(A,B,C,D,X[ 1], 5,0xf61e2562L); + R1(D,A,B,C,X[ 6], 9,0xc040b340L); + R1(C,D,A,B,X[11],14,0x265e5a51L); + R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL); + R1(A,B,C,D,X[ 5], 5,0xd62f105dL); + R1(D,A,B,C,X[10], 9,0x02441453L); + R1(C,D,A,B,X[15],14,0xd8a1e681L); + R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L); + R1(A,B,C,D,X[ 9], 5,0x21e1cde6L); + R1(D,A,B,C,X[14], 9,0xc33707d6L); + R1(C,D,A,B,X[ 3],14,0xf4d50d87L); + R1(B,C,D,A,X[ 8],20,0x455a14edL); + R1(A,B,C,D,X[13], 5,0xa9e3e905L); + R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L); + R1(C,D,A,B,X[ 7],14,0x676f02d9L); + R1(B,C,D,A,X[12],20,0x8d2a4c8aL); + /* Round 2 */ + R2(A,B,C,D,X[ 5], 4,0xfffa3942L); + R2(D,A,B,C,X[ 8],11,0x8771f681L); + R2(C,D,A,B,X[11],16,0x6d9d6122L); + R2(B,C,D,A,X[14],23,0xfde5380cL); + R2(A,B,C,D,X[ 1], 4,0xa4beea44L); + R2(D,A,B,C,X[ 4],11,0x4bdecfa9L); + R2(C,D,A,B,X[ 7],16,0xf6bb4b60L); + R2(B,C,D,A,X[10],23,0xbebfbc70L); + R2(A,B,C,D,X[13], 4,0x289b7ec6L); + R2(D,A,B,C,X[ 0],11,0xeaa127faL); + R2(C,D,A,B,X[ 3],16,0xd4ef3085L); + R2(B,C,D,A,X[ 6],23,0x04881d05L); + R2(A,B,C,D,X[ 9], 4,0xd9d4d039L); + R2(D,A,B,C,X[12],11,0xe6db99e5L); + R2(C,D,A,B,X[15],16,0x1fa27cf8L); + R2(B,C,D,A,X[ 2],23,0xc4ac5665L); + /* Round 3 */ + R3(A,B,C,D,X[ 0], 6,0xf4292244L); + R3(D,A,B,C,X[ 7],10,0x432aff97L); + R3(C,D,A,B,X[14],15,0xab9423a7L); + R3(B,C,D,A,X[ 5],21,0xfc93a039L); + R3(A,B,C,D,X[12], 6,0x655b59c3L); + R3(D,A,B,C,X[ 3],10,0x8f0ccc92L); + R3(C,D,A,B,X[10],15,0xffeff47dL); + R3(B,C,D,A,X[ 1],21,0x85845dd1L); + R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL); + R3(D,A,B,C,X[15],10,0xfe2ce6e0L); + R3(C,D,A,B,X[ 6],15,0xa3014314L); + R3(B,C,D,A,X[13],21,0x4e0811a1L); + R3(A,B,C,D,X[ 4], 6,0xf7537e82L); + R3(D,A,B,C,X[11],10,0xbd3af235L); + R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); + R3(B,C,D,A,X[ 9],21,0xeb86d391L); + + c->A+=A&0xffffffffL; + c->B+=B&0xffffffffL; + c->C+=C&0xffffffffL; + c->D+=D&0xffffffffL; + } + +void MD5_Final(md, c) +unsigned char *md; +MD5_CTX *c; + { + register int i,j; + register ULONG l; + register ULONG *p; + static unsigned char end[4]={0x80,0x00,0x00,0x00}; + unsigned char *cp=end; + + /* c->num should definitly have room for at least one more byte. */ + p=c->data; + j=c->num; + i=j>>2; + + /* purify often complains about the following line as an + * Uninitialized Memory Read. While this can be true, the + * following p_c2l macro will reset l when that case is true. + * This is because j&0x03 contains the number of 'valid' bytes + * already in p[i]. If and only if j&0x03 == 0, the UMR will + * occur but this is also the only time p_c2l will do + * l= *(cp++) instead of l|= *(cp++) + * Many thanks to Alex Tang for pickup this + * 'potential bug' */ +#ifdef PURIFY + if ((j&0x03) == 0) p[i]=0; +#endif + l=p[i]; + p_c2l(cp,l,j&0x03); + p[i]=l; + i++; + /* i is the next 'undefined word' */ + if (c->num >= MD5_LAST_BLOCK) + { + for (; iNl; + p[MD5_LBLOCK-1]=c->Nh; + md5_block(c,p); + cp=md; + l=c->A; l2c(l,cp); + l=c->B; l2c(l,cp); + l=c->C; l2c(l,cp); + l=c->D; l2c(l,cp); + + /* clear stuff, md5_block may be leaving some stuff on the stack + * but I'm not worried :-) */ + c->num=0; +/* memset((char *)&c,0,sizeof(c));*/ + } + +#ifdef undef +int printit(l) +unsigned long *l; + { + int i,ii; + + for (i=0; i<2; i++) + { + for (ii=0; ii<8; ii++) + { + fprintf(stderr,"%08lx ",l[i*8+ii]); + } + fprintf(stderr,"\n"); + } + } +#endif diff --git a/crypto/md/md5_locl.h b/crypto/md/md5_locl.h new file mode 100644 index 0000000000000000000000000000000000000000..b2f0028fbd368bfc147332f861c30ebdc1df4005 --- /dev/null +++ b/crypto/md/md5_locl.h @@ -0,0 +1,190 @@ +/* crypto/md/md5_locl.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "md5.h" + +#define ULONG unsigned long +#define UCHAR unsigned char +#define UINT unsigned int + +#if defined(NOCONST) +#define const +#endif + +#undef c2l +#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24)) + +#undef p_c2l +#define p_c2l(c,l,n) { \ + switch (n) { \ + case 0: l =((unsigned long)(*((c)++))); \ + case 1: l|=((unsigned long)(*((c)++)))<< 8; \ + case 2: l|=((unsigned long)(*((c)++)))<<16; \ + case 3: l|=((unsigned long)(*((c)++)))<<24; \ + } \ + } + +/* NOTE the pointer is not incremented at the end of this */ +#undef c2l_p +#define c2l_p(c,l,n) { \ + l=0; \ + (c)+=n; \ + switch (n) { \ + case 3: l =((unsigned long)(*(--(c))))<<16; \ + case 2: l|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l|=((unsigned long)(*(--(c)))) ; \ + } \ + } + +#undef p_c2l_p +#define p_c2l_p(c,l,sc,len) { \ + switch (sc) \ + { \ + case 0: l =((unsigned long)(*((c)++))); \ + if (--len == 0) break; \ + case 1: l|=((unsigned long)(*((c)++)))<< 8; \ + if (--len == 0) break; \ + case 2: l|=((unsigned long)(*((c)++)))<<16; \ + } \ + } + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff)) + +/* NOTE - c is not incremented as per l2c */ +#undef l2cn +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +/* A nice byte order reversal from Wei Dai */ +#if defined(WIN32) +/* 5 instructions with rotate instruction, else 9 */ +#define Endian_Reverse32(a) \ + { \ + unsigned long l=(a); \ + (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \ + } +#else +/* 6 instructions with rotate instruction, else 8 */ +#define Endian_Reverse32(a) \ + { \ + unsigned long l=(a); \ + l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \ + (a)=ROTATE(l,16L); \ + } +#endif +/* +#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) +*/ + +/* As pointed out by Wei Dai , the above can be + * simplified to the code below. Wei attributes these optimisations + * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. + */ +#define F(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) +#define G(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) +#define H(x,y,z) ((x) ^ (y) ^ (z)) +#define I(x,y,z) (((x) | (~(z))) ^ (y)) + +#undef ROTATE +#if defined(WIN32) +#define ROTATE(a,n) _lrotl(a,n) +#else +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +#endif + + +#define R0(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+F((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; };\ + +#define R1(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+G((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; + +#define R2(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+H((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; + +#define R3(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+I((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; diff --git a/crypto/md/md5_one.c b/crypto/md/md5_one.c new file mode 100644 index 0000000000000000000000000000000000000000..b23cb285eae69883f463042f04f9f70ab9a7d296 --- /dev/null +++ b/crypto/md/md5_one.c @@ -0,0 +1,78 @@ +/* crypto/md/md5_one.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "md5_locl.h" + +unsigned char *MD5(d, n, md) +unsigned char *d; +unsigned long n; +unsigned char *md; + { + MD5_CTX c; + static unsigned char m[MD5_DIGEST_LENGTH]; + + if (md == NULL) md=m; + MD5_Init(&c); + MD5_Update(&c,d,n); + MD5_Final(md,&c); + memset(&c,0,sizeof(c)); /* security consideration */ + return(md); + } + diff --git a/crypto/md/md5test.c b/crypto/md/md5test.c new file mode 100644 index 0000000000000000000000000000000000000000..e5c38cf817d0667ac0914cad163c10b90f0e9754 --- /dev/null +++ b/crypto/md/md5test.c @@ -0,0 +1,130 @@ +/* crypto/md/md5test.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "md5.h" + +char *test[]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, + }; + +char *ret[]={ + "d41d8cd98f00b204e9800998ecf8427e", + "0cc175b9c0f1b6a831c399e269772661", + "900150983cd24fb0d6963f7d28e17f72", + "f96b697d7cb7938d525a2f31aaf161d0", + "c3fcd3d76192e4007dfb496cca67e13b", + "d174ab98d277d9f5a5611c2c9f419d9f", + "57edf4a22be3c955ac49da2e2107b67a", + }; + +#ifndef NOPROTO +static char *pt(unsigned char *md); +#else +static char *pt(); +#endif + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,err=0; + unsigned char **P,**R; + char *p; + + P=(unsigned char **)test; + R=(unsigned char **)ret; + i=1; + while (*P != NULL) + { + p=pt(MD5(*P,(unsigned long)strlen((char *)*P),NULL)); + if (strcmp(p,(char *)*R) != 0) + { + printf("error calculating MD5 on '%s'\n",*P); + printf("got %s instead of %s\n",p,*R); + err++; + } + else + printf("test %d ok\n",i); + i++; + R++; + P++; + } + exit(err); + return(0); + } + +static char *pt(md) +unsigned char *md; + { + int i; + static char buf[80]; + + for (i=0; i> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h new file mode 100644 index 0000000000000000000000000000000000000000..d87ea12ec9b8d36fe62ca673c0589eafcf7fec13 --- /dev/null +++ b/crypto/mdc2/mdc2.h @@ -0,0 +1,100 @@ +/* crypto/mdc2/mdc2.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MDC2_H +#define HEADER_MDC2_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#define MDC2_BLOCK 8 +#define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st + { + int num; + unsigned char data[MDC2_BLOCK]; + des_cblock h,hh; + int pad_type; /* either 1 or 2, default 1 */ + } MDC2_CTX; + +#ifndef NOPROTO + +void MDC2_Init(MDC2_CTX *c); +void MDC2_Update(MDC2_CTX *c, unsigned char *data, unsigned long len); +void MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md); + +#else + +void MDC2_Init(); +void MDC2_Update(); +void MDC2_Final(); +unsigned char *MDC2(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c new file mode 100644 index 0000000000000000000000000000000000000000..488ae39283463563146aacc27292ff2c2075c603 --- /dev/null +++ b/crypto/mdc2/mdc2_one.c @@ -0,0 +1,78 @@ +/* crypto/mdc2/mdc2_one.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "mdc2.h" + +unsigned char *MDC2(d, n, md) +unsigned char *d; +unsigned long n; +unsigned char *md; + { + MDC2_CTX c; + static unsigned char m[MDC2_DIGEST_LENGTH]; + + if (md == NULL) md=m; + MDC2_Init(&c); + MDC2_Update(&c,d,n); + MDC2_Final(md,&c); + memset(&c,0,sizeof(c)); /* security consideration */ + return(md); + } + diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c new file mode 100644 index 0000000000000000000000000000000000000000..f4dfcf9bdccbf7577482fd16cbf257e5de2cdebe --- /dev/null +++ b/crypto/mdc2/mdc2dgst.c @@ -0,0 +1,211 @@ +/* crypto/mdc2/mdc2dgst.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "des.h" +#include "mdc2.h" + +#undef c2l +#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ + l|=((DES_LONG)(*((c)++)))<< 8L, \ + l|=((DES_LONG)(*((c)++)))<<16L, \ + l|=((DES_LONG)(*((c)++)))<<24L) + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +#ifndef NOPROTO +static void mdc2_body(MDC2_CTX *c, unsigned char *in, unsigned int len); +#else +static void mdc2_body(); +#endif + +void MDC2_Init(c) +MDC2_CTX *c; + { + c->num=0; + c->pad_type=1; + memset(&(c->h[0]),0x52,MDC2_BLOCK); + memset(&(c->hh[0]),0x25,MDC2_BLOCK); + } + +void MDC2_Update(c,in,len) +MDC2_CTX *c; +register unsigned char *in; +unsigned long len; + { + int i,j; + + i=c->num; + if (i != 0) + { + if (i+len < MDC2_BLOCK) + { + /* partial block */ + memcpy(&(c->data[i]),in,(int)len); + c->num+=(int)len; + return; + } + else + { + /* filled one */ + j=MDC2_BLOCK-i; + memcpy(&(c->data[i]),in,j); + len-=j; + in+=j; + c->num=0; + mdc2_body(c,&(c->data[0]),MDC2_BLOCK); + } + } + i=(int)(len&(unsigned long)~(MDC2_BLOCK-1)); + if (i > 0) mdc2_body(c,in,i); + j=(int)len-i; + if (j > 0) + { + memcpy(&(c->data[0]),&(in[i]),j); + c->num=j; + } + } + +static void mdc2_body(c,in,len) +MDC2_CTX *c; +unsigned char *in; +unsigned int len; + { + register DES_LONG tin0,tin1; + register DES_LONG ttin0,ttin1; + DES_LONG d[2],dd[2]; + des_cblock *h,*hh; + des_key_schedule k; + unsigned char *p; + unsigned int i; + + h= (des_cblock *)&(c->h[0]); + hh= (des_cblock *)&(c->hh[0]); + + for (i=0; inum; + j=c->pad_type; + if ((i > 0) || (j == 2)) + { + if (j == 2) + c->data[i++]=0x80; + memset(&(c->data[i]),0,MDC2_BLOCK-i); + mdc2_body(c,c->data,MDC2_BLOCK); + } + memcpy(md,(char *)c->h,MDC2_BLOCK); + memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK); + } + +#undef TEST + +#ifdef TEST +main() + { + unsigned char md[MDC2_DIGEST_LENGTH]; + int i; + MDC2_CTX c; + static char *text="Now is the time for all "; + + MDC2_Init(&c); + MDC2_Update(&c,text,strlen(text)); + MDC2_Final(&(md[0]),&c); + + for (i=0; i +#include +#include +#include "mdc2.h" + +static unsigned char pad1[16]={ + 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA, + 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A + }; + +static unsigned char pad2[16]={ + 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75, + 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2 + }; + +int main(argc,argv) +int argc; +char *argv[]; + { + int ret=0; + unsigned char md[MDC2_DIGEST_LENGTH]; + int i; + MDC2_CTX c; + static char *text="Now is the time for all "; + + MDC2_Init(&c); + MDC2_Update(&c,(unsigned char *)text,strlen(text)); + MDC2_Final(&(md[0]),&c); + + if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0) + { + for (i=0; i +#include +#include "buffer.h" +#include "bio.h" +#include "lhash.h" +#include "cryptlib.h" + +static int mh_mode=CRYPTO_MEM_CHECK_OFF; +static unsigned long order=0; + +static LHASH *mh=NULL; + +typedef struct mem_st + { + char *addr; + int num; + char *file; + int line; + unsigned long order; + } MEM; + +int CRYPTO_mem_ctrl(mode) +int mode; + { + int ret=mh_mode; + + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + switch (mode) + { + case CRYPTO_MEM_CHECK_ON: + mh_mode|=CRYPTO_MEM_CHECK_ON; + break; + case CRYPTO_MEM_CHECK_OFF: + mh_mode&= ~CRYPTO_MEM_CHECK_ON; + break; + default: + break; + } + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + return(ret); + } + +static int mem_cmp(a,b) +MEM *a,*b; + { + return(a->addr - b->addr); + } + +static unsigned long mem_hash(a) +MEM *a; + { + unsigned long ret; + + ret=(unsigned long)a->addr; + + ret=ret*17851+(ret>>14)*7+(ret>>4)*251; + return(ret); + } + +static char *(*malloc_func)()= (char *(*)())malloc; +static char *(*realloc_func)()= (char *(*)())realloc; +static void (*free_func)()= (void (*)())free; + +void CRYPTO_set_mem_functions(m,r,f) +char *(*m)(); +char *(*r)(); +void (*f)(); + { + if ((m == NULL) || (r == NULL) || (f == NULL)) return; + malloc_func=m; + realloc_func=r; + free_func=f; + } + +void CRYPTO_get_mem_functions(m,r,f) +char *(**m)(); +char *(**r)(); +void (**f)(); + { + if (m != NULL) *m=malloc_func; + if (r != NULL) *r=realloc_func; + if (f != NULL) *f=free_func; + } + +char *CRYPTO_malloc(num) +int num; + { + return(malloc_func(num)); + } + +char *CRYPTO_realloc(str,num) +char *str; +int num; + { + return(realloc_func(str,num)); + } + +void CRYPTO_free(str) +char *str; + { + free_func(str); + } + +char *CRYPTO_dbg_malloc(num,file,line) +int num; +char *file; +int line; + { + char *ret; + MEM *m; + + if ((ret=malloc_func(num)) == NULL) + return(NULL); + + if (mh_mode & CRYPTO_MEM_CHECK_ON) + { + if ((m=(MEM *)malloc(sizeof(MEM))) == NULL) + { + free(ret); + return(NULL); + } + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + if (mh == NULL) + { + if ((mh=lh_new(mem_hash,mem_cmp)) == NULL) + { + free(ret); + free(m); + return(NULL); + } + } + + m->addr=ret; + m->file=file; + m->line=line; + m->num=num; + m->order=order++; + if (lh_insert(mh,(char *)m) != NULL) + { + free(m); + free(ret); + /* abort(); */ + ret=NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } + return(ret); + } + +void CRYPTO_dbg_free(addr) +char *addr; + { + MEM m,*mp; + + if ((mh_mode & CRYPTO_MEM_CHECK_ON) && (mh != NULL)) + { + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + m.addr=addr; + mp=(MEM *)lh_delete(mh,(char *)&m); + if (mp != NULL) + free(mp); + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } + free_func(addr); + } + +char *CRYPTO_dbg_realloc(addr,num,file,line) +char *addr; +int num; +char *file; +int line; + { + char *ret; + MEM m,*mp; + + ret=realloc_func(addr,num); + if (ret == addr) return(ret); + + if (mh_mode & CRYPTO_MEM_CHECK_ON) + { + if (ret == NULL) return(NULL); + m.addr=addr; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + mp=(MEM *)lh_delete(mh,(char *)&m); + if (mp != NULL) + { + mp->addr=ret; + lh_insert(mh,(char *)mp); + } + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } + return(ret); + } + +char *CRYPTO_remalloc(a,n) +char *a; +int n; + { + if (a != NULL) Free(a); + a=(char *)Malloc(n); + return(a); + } + +char *CRYPTO_dbg_remalloc(a,n,file,line) +char *a; +int n; +char *file; +int line; + { + if (a != NULL) CRYPTO_dbg_free(a); + a=(char *)CRYPTO_dbg_malloc(n,file,line); + return(a); + } + + +typedef struct mem_leak_st + { + BIO *bio; + int chunks; + long bytes; + } MEM_LEAK; + +static void print_leak(m,l) +MEM *m; +MEM_LEAK *l; + { + char buf[128]; + + sprintf(buf,"%5ld file=%s, line=%d, number=%d, address=%08lX\n", + m->order,m->file,m->line,m->num,(long)m->addr); + BIO_puts(l->bio,buf); + l->chunks++; + l->bytes+=m->num; + } + +void CRYPTO_mem_leaks(b) +BIO *b; + { + MEM_LEAK ml; + char buf[80]; + + if (mh == NULL) return; + ml.bio=b; + ml.bytes=0; + ml.chunks=0; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + if (ml.chunks != 0) + { + sprintf(buf,"%ld bytes leaked in %d chunks\n", + ml.bytes,ml.chunks); + BIO_puts(b,buf); + } + /* + lh_stats_bio(mh,b); + lh_node_stats_bio(mh,b); + lh_node_usage_stats_bio(mh,b); + */ + } + +static void (*mem_cb)()=NULL; + +static void cb_leak(m,cb) +MEM *m; +char *cb; + { + void (*mem_callback)()=(void (*)())cb; + mem_callback(m->order,m->file,m->line,m->num,m->addr); + } + +void CRYPTO_mem_leaks_cb(cb) +void (*cb)(); + { + if (mh == NULL) return; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + mem_cb=cb; + lh_doall_arg(mh,(void (*)())cb_leak,(char *)mem_cb); + mem_cb=NULL; + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } + +#ifndef WIN16 +void CRYPTO_mem_leaks_fp(fp) +FILE *fp; + { + BIO *b; + + if (mh == NULL) return; + if ((b=BIO_new(BIO_s_file())) == NULL) + return; + BIO_set_fp(b,fp,BIO_NOCLOSE); + CRYPTO_mem_leaks(b); + BIO_free(b); + } +#endif + diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..148ac3ce4afd3cc09e9394cb5bce09f19c992bc4 --- /dev/null +++ b/crypto/objects/Makefile.ssl @@ -0,0 +1,87 @@ +# +# SSLeay/crypto/objects/Makefile +# + +DIR= objects +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=objects +ERRC=obj_err +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= obj_dat.c obj_lib.c $(ERRC).c +LIBOBJ= obj_dat.o obj_lib.o $(ERRC).o + +SRC= $(LIBSRC) + +EXHEADER= objects.h +HEADER= $(EXHEADER) obj_dat.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: obj_dat.h lib + +obj_dat.h: objects.h obj_dat.pl + perl ./obj_dat.pl < objects.h > obj_dat.h + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c new file mode 100644 index 0000000000000000000000000000000000000000..86c3d38e4b1269df47ee936c7378742563b0de5c --- /dev/null +++ b/crypto/objects/obj_dat.c @@ -0,0 +1,501 @@ +/* crypto/objects/obj_dat.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "lhash.h" +#include "asn1.h" +#include "objects.h" + +/* obj_dat.h is generated from objects.h by obj_dat.pl */ +#include "obj_dat.h" + +#ifndef NOPROTO +static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); +static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); +static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); +#else +static int sn_cmp(); +static int ln_cmp(); +static int obj_cmp(); +#endif + +#define ADDED_DATA 0 +#define ADDED_SNAME 1 +#define ADDED_LNAME 2 +#define ADDED_NID 3 + +typedef struct added_obj_st + { + int type; + ASN1_OBJECT *obj; + } ADDED_OBJ; + +static int new_nid=NUM_NID; +static LHASH *added=NULL; + +static int sn_cmp(ap,bp) +ASN1_OBJECT **ap; +ASN1_OBJECT **bp; + { return(strcmp((*ap)->sn,(*bp)->sn)); } + +static int ln_cmp(ap,bp) +ASN1_OBJECT **ap; +ASN1_OBJECT **bp; + { return(strcmp((*ap)->ln,(*bp)->ln)); } + +static unsigned long add_hash(ca) +ADDED_OBJ *ca; + { + ASN1_OBJECT *a; + int i; + unsigned long ret=0; + unsigned char *p; + + a=ca->obj; + switch (ca->type) + { + case ADDED_DATA: + ret=a->length<<20L; + p=(unsigned char *)a->data; + for (i=0; ilength; i++) + ret^=p[i]<<((i*3)%24); + break; + case ADDED_SNAME: + ret=lh_strhash(a->sn); + break; + case ADDED_LNAME: + ret=lh_strhash(a->ln); + break; + case ADDED_NID: + ret=a->nid; + break; + default: + abort(); + } + ret&=0x3fffffff; + ret|=ca->type<<30L; + return(ret); + } + +static int add_cmp(ca,cb) +ADDED_OBJ *ca,*cb; + { + ASN1_OBJECT *a,*b; + int i; + + i=ca->type-cb->type; + if (i) return(i); + a=ca->obj; + b=cb->obj; + switch (ca->type) + { + case ADDED_DATA: + i=(a->length - b->length); + if (i) return(i); + return(memcmp(a->data,b->data,a->length)); + case ADDED_SNAME: + if (a->sn == NULL) return(-1); + else if (b->sn == NULL) return(1); + else return(strcmp(a->sn,b->sn)); + case ADDED_LNAME: + if (a->ln == NULL) return(-1); + else if (b->ln == NULL) return(1); + else return(strcmp(a->ln,b->ln)); + case ADDED_NID: + return(a->nid-b->nid); + default: + abort(); + } + } + +static int init_added() + { + if (added != NULL) return(1); + added=lh_new(add_hash,add_cmp); + return(added != NULL); + } + +static void cleanup1(a) +ADDED_OBJ *a; + { + a->obj->nid=0; + a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS; + } + +static void cleanup2(a) +ADDED_OBJ *a; + { a->obj->nid++; } + +static void cleanup3(a) +ADDED_OBJ *a; + { + if (--a->obj->nid == 0) + ASN1_OBJECT_free(a->obj); + Free(a); + } + +void OBJ_cleanup() + { + if (added == NULL) return; + added->down_load=0; + lh_doall(added,cleanup1); /* zero counters */ + lh_doall(added,cleanup2); /* set counters */ + lh_doall(added,cleanup3); /* free objects */ + lh_free(added); + } + +int OBJ_new_nid(num) +int num; + { + int i; + + i=new_nid; + new_nid+=num; + return(i); + } + +int OBJ_add_object(obj) +ASN1_OBJECT *obj; + { + ASN1_OBJECT *o; + ADDED_OBJ *ao[4],*aop; + int i; + + if (added == NULL) + if (!init_added()) return(0); + if ((o=OBJ_dup(obj)) == NULL) goto err; + ao[ADDED_DATA]=NULL; + ao[ADDED_SNAME]=NULL; + ao[ADDED_LNAME]=NULL; + ao[ADDED_NID]=NULL; + ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + if ((o->length != 0) && (obj->data != NULL)) + ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + if (o->sn != NULL) + ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + if (o->ln != NULL) + ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + + for (i=ADDED_DATA; i<=ADDED_NID; i++) + { + if (ao[i] != NULL) + { + ao[i]->type=i; + ao[i]->obj=o; + aop=(ADDED_OBJ *)lh_insert(added,(char *)ao[i]); + /* memory leak, buit should not normally matter */ + if (aop != NULL) + Free(aop); + } + } + o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS); + return(o->nid); +err: + for (i=ADDED_DATA; i<=ADDED_NID; i++) + if (ao[i] != NULL) Free(ao[i]); + if (o != NULL) Free(o); + return(0); + } + +ASN1_OBJECT *OBJ_nid2obj(n) +int n; + { + ADDED_OBJ ad,*adp; + ASN1_OBJECT ob; + + if ((n >= 0) && (n < NUM_NID)) + { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) + { + OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); + return(NULL); + } + return((ASN1_OBJECT *)&(nid_objs[n])); + } + else if (added == NULL) + return(NULL); + else + { + ad.type=ADDED_NID; + ad.obj= &ob; + ob.nid=n; + adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); + if (adp != NULL) + return(adp->obj); + else + { + OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); + return(NULL); + } + } + } + +char *OBJ_nid2sn(n) +int n; + { + ADDED_OBJ ad,*adp; + ASN1_OBJECT ob; + + if ((n >= 0) && (n < NUM_NID)) + { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) + { + OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + return(nid_objs[n].sn); + } + else if (added == NULL) + return(NULL); + else + { + ad.type=ADDED_NID; + ad.obj= &ob; + ob.nid=n; + adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); + if (adp != NULL) + return(adp->obj->sn); + else + { + OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + } + } + +char *OBJ_nid2ln(n) +int n; + { + ADDED_OBJ ad,*adp; + ASN1_OBJECT ob; + + if ((n >= 0) && (n < NUM_NID)) + { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) + { + OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + return(nid_objs[n].ln); + } + else if (added == NULL) + return(NULL); + else + { + ad.type=ADDED_NID; + ad.obj= &ob; + ob.nid=n; + adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); + if (adp != NULL) + return(adp->obj->ln); + else + { + OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + } + } + +int OBJ_obj2nid(a) +ASN1_OBJECT *a; + { + ASN1_OBJECT **op; + ADDED_OBJ ad,*adp; + + if (a == NULL) + return(NID_undef); + if (a->nid != 0) + return(a->nid); + + if (added != NULL) + { + ad.type=ADDED_DATA; + ad.obj=a; + adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); + if (adp != NULL) return (adp->obj->nid); + } + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, + sizeof(ASN1_OBJECT *),(int (*)())obj_cmp); + if (op == NULL) + return(NID_undef); + return((*op)->nid); + } + +int OBJ_txt2nid(s) +char *s; + { + int ret; + + ret=OBJ_sn2nid(s); + if (ret == NID_undef) + return(OBJ_ln2nid(s)); + else + return(ret); + } + +int OBJ_ln2nid(s) +char *s; + { + ASN1_OBJECT o,*oo= &o,**op; + ADDED_OBJ ad,*adp; + + o.ln=s; + if (added != NULL) + { + ad.type=ADDED_LNAME; + ad.obj= &o; + adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); + if (adp != NULL) return (adp->obj->nid); + } + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, + sizeof(ASN1_OBJECT *),(int (*)())ln_cmp); + if (op == NULL) return(NID_undef); + return((*op)->nid); + } + +int OBJ_sn2nid(s) +char *s; + { + ASN1_OBJECT o,*oo= &o,**op; + ADDED_OBJ ad,*adp; + + o.sn=s; + if (added != NULL) + { + ad.type=ADDED_SNAME; + ad.obj= &o; + adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); + if (adp != NULL) return (adp->obj->nid); + } + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, + sizeof(ASN1_OBJECT *),(int (*)())sn_cmp); + if (op == NULL) return(NID_undef); + return((*op)->nid); + } + +static int obj_cmp(ap, bp) +ASN1_OBJECT **ap; +ASN1_OBJECT **bp; + { + int j; + ASN1_OBJECT *a= *ap; + ASN1_OBJECT *b= *bp; + + j=(a->length - b->length); + if (j) return(j); + return(memcmp(a->data,b->data,a->length)); + } + +char *OBJ_bsearch(key,base,num,size,cmp) +char *key; +char *base; +int num; +int size; +int (*cmp)(); + { + int l,h,i,c; + char *p; + + if (num == 0) return(NULL); + l=0; + h=num; + while (l < h) + { + i=(l+h)/2; + p= &(base[i*size]); + c=(*cmp)(key,p); + if (c < 0) + h=i; + else if (c > 0) + l=i+1; + else + return(p); + } + return(NULL); + } + +int OBJ_create_and_add_object(oid,sn,ln) +char *oid; +char *sn; +char *ln; + { + int ok=0; + ASN1_OBJECT *op=NULL; + unsigned char *buf; + int i; + + i=a2d_ASN1_OBJECT(NULL,0,oid,-1); + if (i <= 0) return(0); + + if ((buf=(unsigned char *)Malloc(i)) == NULL) + { + OBJerr(OBJ_F_OBJ_CREATE_AND_ADD_OBJECT,OBJ_R_MALLOC_FAILURE); + return(0); + } + i=a2d_ASN1_OBJECT(buf,i,oid,-1); + op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); + if (op == NULL) + goto err; + ok=OBJ_add_object(op); +err: + ASN1_OBJECT_free(op); + Free((char *)buf); + return(ok); + } diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h new file mode 100644 index 0000000000000000000000000000000000000000..4b79abda8ee4f71ba3cda42ab09deb534e24b40b --- /dev/null +++ b/crypto/objects/obj_dat.h @@ -0,0 +1,541 @@ +/* lib/obj/obj_dat.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the + * following command: + * perl obj_dat.pl < objects.h > obj_dat.h + */ + +#define NUM_NID 97 +#define NUM_SN 70 +#define NUM_LN 96 +#define NUM_OBJ 78 + +static unsigned char lvalues[515]={ +0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */ +0x55, /* [ 82] OBJ_X500 */ +0x55,0x04, /* [ 83] OBJ_X509 */ +0x55,0x04,0x03, /* [ 85] OBJ_commonName */ +0x55,0x04,0x06, /* [ 88] OBJ_countryName */ +0x55,0x04,0x07, /* [ 91] OBJ_localityName */ +0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ +0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ +0x55,0x04,0x0B, /* [100] OBJ_organizationalUnitName */ +0x55,0x08,0x01,0x01, /* [103] OBJ_rsa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [107] OBJ_pkcs7 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [169] OBJ_pkcs3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */ +0x2B,0x0E,0x03,0x02,0x06, /* [186] OBJ_des_ecb */ +0x2B,0x0E,0x03,0x02,0x09, /* [191] OBJ_des_cfb64 */ +0x2B,0x0E,0x03,0x02,0x07, /* [196] OBJ_des_cbc */ +0x2B,0x0E,0x03,0x02,0x11, /* [201] OBJ_des_ede */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [206] OBJ_rc2_cbc */ +0x2B,0x0E,0x03,0x02,0x12, /* [214] OBJ_sha */ +0x2B,0x0E,0x03,0x02,0x0F, /* [219] OBJ_shaWithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [224] OBJ_des_ede3_cbc */ +0x2B,0x0E,0x03,0x02,0x08, /* [232] OBJ_des_ofb64 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [237] OBJ_pkcs9 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [245] OBJ_pkcs9_emailAddress */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [254] OBJ_pkcs9_unstructuredName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [263] OBJ_pkcs9_contentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [272] OBJ_pkcs9_messageDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [281] OBJ_pkcs9_signingTime */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [290] OBJ_pkcs9_countersignature */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [299] OBJ_pkcs9_challengePassword */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [308] OBJ_pkcs9_unstructuredAddress */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [317] OBJ_pkcs9_extCertAttributes */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [326] OBJ_netscape */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [333] OBJ_netscape_cert_extension */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [341] OBJ_netscape_data_type */ +0x2B,0x0E,0x03,0x02,0x1A, /* [349] OBJ_sha1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [354] OBJ_sha1WithRSAEncryption */ +0x2B,0x0E,0x03,0x02,0x0D, /* [363] OBJ_dsaWithSHA */ +0x2B,0x0E,0x03,0x02,0x0C, /* [368] OBJ_dsa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [373] OBJ_pbeWithSHA1AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [382] OBJ_pbeWithSHA1AndRC4 */ +0x2B,0x0E,0x03,0x02,0x1B, /* [391] OBJ_dsaWithSHA1 */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [396] OBJ_netscape_cert_type */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [405] OBJ_netscape_base_url */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [414] OBJ_netscape_revocation_url */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [423] OBJ_netscape_ca_revocation_url */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [432] OBJ_netscape_renewal_url */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [441] OBJ_netscape_ca_policy_url */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [450] OBJ_netscape_ssl_server_name */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [459] OBJ_netscape_comment */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [468] OBJ_netscape_cert_sequence */ +0x55,0x1D, /* [477] OBJ_ld_ce */ +0x55,0x1D,0x0E, /* [479] OBJ_subject_key_identifier */ +0x55,0x1D,0x0F, /* [482] OBJ_key_usage */ +0x55,0x1D,0x10, /* [485] OBJ_private_key_usage_period */ +0x55,0x1D,0x11, /* [488] OBJ_subject_alt_name */ +0x55,0x1D,0x12, /* [491] OBJ_issuer_alt_name */ +0x55,0x1D,0x13, /* [494] OBJ_basic_constraints */ +0x55,0x1D,0x14, /* [497] OBJ_crl_number */ +0x55,0x1D,0x20, /* [500] OBJ_certificate_policies */ +0x55,0x1D,0x23, /* [503] OBJ_authority_key_identifier */ +0x55,0x08,0x03,0x65, /* [506] OBJ_mdc2 */ +0x55,0x08,0x03,0x64, /* [510] OBJ_mdc2WithRSA */ +}; + +static ASN1_OBJECT nid_objs[NUM_NID]={ +{"UNDEF","undefined",NID_undef,0,NULL}, +{"rsadsi","rsadsi",NID_rsadsi,6,&(lvalues[0]),0}, +{"pkcs","pkcs",NID_pkcs,7,&(lvalues[6]),0}, +{"MD2","md2",NID_md2,8,&(lvalues[13]),0}, +{"MD5","md5",NID_md5,8,&(lvalues[21]),0}, +{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0}, +{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0}, +{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9, + &(lvalues[46]),0}, +{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9, + &(lvalues[55]),0}, +{"pbeWithMD2AndDES-CBC","pbeWithMD2AndDES-CBC", + NID_pbeWithMD2AndDES_CBC,9,&(lvalues[64]),0}, +{"pbeWithMD5AndDES-CBC","pbeWithMD5AndDES-CBC", + NID_pbeWithMD5AndDES_CBC,9,&(lvalues[73]),0}, +{"X500","X500",NID_X500,1,&(lvalues[82]),0}, +{"X509","X509",NID_X509,2,&(lvalues[83]),0}, +{"CN","commonName",NID_commonName,3,&(lvalues[85]),0}, +{"C","countryName",NID_countryName,3,&(lvalues[88]),0}, +{"L","localityName",NID_localityName,3,&(lvalues[91]),0}, +{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0}, +{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0}, +{"OU","organizationalUnitName",NID_organizationalUnitName,3, + &(lvalues[100]),0}, +{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0}, +{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0}, +{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0}, +{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9, + &(lvalues[124]),0}, +{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9, + &(lvalues[133]),0}, +{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData", + NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0}, +{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9, + &(lvalues[151]),0}, +{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9, + &(lvalues[160]),0}, +{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0}, +{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9, + &(lvalues[177]),0}, +{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0}, +{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0}, +{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0}, +{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[201]),0}, +{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL}, +{"IDEA-CBC","idea-cbc",NID_idea_cbc,0,NULL}, +{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL}, +{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL}, +{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[206]),0}, +{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL}, +{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL}, +{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL}, +{"SHA","sha",NID_sha,5,&(lvalues[214]),0}, +{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, + &(lvalues[219]),0}, +{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL}, +{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[224]),0}, +{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[232]),0}, +{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL}, +{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[237]),0}, +{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[245]),0}, +{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9, + &(lvalues[254]),0}, +{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[263]),0}, +{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9, + &(lvalues[272]),0}, +{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[281]),0}, +{"countersignature","countersignature",NID_pkcs9_countersignature,9, + &(lvalues[290]),0}, +{"challengePassword","challengePassword",NID_pkcs9_challengePassword, + 9,&(lvalues[299]),0}, +{"unstructuredAddress","unstructuredAddress", + NID_pkcs9_unstructuredAddress,9,&(lvalues[308]),0}, +{"extendedCertificateAttributes","extendedCertificateAttributes", + NID_pkcs9_extCertAttributes,9,&(lvalues[317]),0}, +{"Netscape","Netscape Communications Corp.",NID_netscape,7, + &(lvalues[326]),0}, +{"nsCertExt","Netscape Certificate Extension", + NID_netscape_cert_extension,8,&(lvalues[333]),0}, +{"nsDataType","Netscape Data Type",NID_netscape_data_type,8, + &(lvalues[341]),0}, +{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL}, +{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL}, +{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL}, +{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL}, +{"SHA1","sha1",NID_sha1,5,&(lvalues[349]),0}, +{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, + &(lvalues[354]),0}, +{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[363]),0}, +{"DSA","dsaEncryption",NID_dsa,5,&(lvalues[368]),0}, +{"pbeWithSHA1AndRC2-CBC","pbeWithSHA1AndRC2-CBC", + NID_pbeWithSHA1AndRC2_CBC,9,&(lvalues[373]),0}, +{"pbeWithSHA1AndRC4","pbeWithSHA1AndRC4",NID_pbeWithSHA1AndRC4,9, + &(lvalues[382]),0}, +{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,5,&(lvalues[391]),0}, +{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9, + &(lvalues[396]),0}, +{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9, + &(lvalues[405]),0}, +{"nsRevocationUrl","Netscape Revocation Url", + NID_netscape_revocation_url,9,&(lvalues[414]),0}, +{"nsCaRevocationUrl","Netscape CA Revocation Url", + NID_netscape_ca_revocation_url,9,&(lvalues[423]),0}, +{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9, + &(lvalues[432]),0}, +{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url, + 9,&(lvalues[441]),0}, +{"nsSslServerName","Netscape SSL Server Name", + NID_netscape_ssl_server_name,9,&(lvalues[450]),0}, +{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[459]),0}, +{"nsCertSequence","Netscape Certificate Sequence", + NID_netscape_cert_sequence,9,&(lvalues[468]),0}, +{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL}, +{"ld-ce","ld-ce",NID_ld_ce,2,&(lvalues[477]),0}, +{"subjectKeyIdentifier","X509v3 Subject Key Identifier", + NID_subject_key_identifier,3,&(lvalues[479]),0}, +{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[482]),0}, +{"privateKeyUsagePeriod","X509v3 Private Key Usage Period", + NID_private_key_usage_period,3,&(lvalues[485]),0}, +{"subjectAltName","X509v3 Subject Alternative Name", + NID_subject_alt_name,3,&(lvalues[488]),0}, +{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name, + 3,&(lvalues[491]),0}, +{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints, + 3,&(lvalues[494]),0}, +{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[497]),0}, +{"certificatePolicies","X509v3 Certificate Policies", + NID_certificate_policies,3,&(lvalues[500]),0}, +{"authorityKeyIdentifier","X509v3 Authority Key Identifier", + NID_authority_key_identifier,3,&(lvalues[503]),0}, +{"BF-CBC","bf-cbc",NID_bf_cbc,0,NULL}, +{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL}, +{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL}, +{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL}, +{"MDC2","mdc2",NID_mdc2,4,&(lvalues[506]),0}, +{"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[510]),0}, +}; + +static ASN1_OBJECT *sn_objs[NUM_SN]={ +&(nid_objs[91]),/* "BF-CBC" */ +&(nid_objs[93]),/* "BF-CFB" */ +&(nid_objs[92]),/* "BF-ECB" */ +&(nid_objs[94]),/* "BF-OFB" */ +&(nid_objs[14]),/* "C" */ +&(nid_objs[13]),/* "CN" */ +&(nid_objs[31]),/* "DES-CBC" */ +&(nid_objs[30]),/* "DES-CFB" */ +&(nid_objs[29]),/* "DES-ECB" */ +&(nid_objs[32]),/* "DES-EDE" */ +&(nid_objs[43]),/* "DES-EDE-CBC" */ +&(nid_objs[60]),/* "DES-EDE-CFB" */ +&(nid_objs[62]),/* "DES-EDE-OFB" */ +&(nid_objs[33]),/* "DES-EDE3" */ +&(nid_objs[44]),/* "DES-EDE3-CBC" */ +&(nid_objs[61]),/* "DES-EDE3-CFB" */ +&(nid_objs[63]),/* "DES-EDE3-OFB" */ +&(nid_objs[45]),/* "DES-OFB" */ +&(nid_objs[80]),/* "DESX-CBC" */ +&(nid_objs[67]),/* "DSA" */ +&(nid_objs[66]),/* "DSA-SHA" */ +&(nid_objs[70]),/* "DSA-SHA1" */ +&(nid_objs[48]),/* "Email" */ +&(nid_objs[34]),/* "IDEA-CBC" */ +&(nid_objs[35]),/* "IDEA-CFB" */ +&(nid_objs[36]),/* "IDEA-ECB" */ +&(nid_objs[46]),/* "IDEA-OFB" */ +&(nid_objs[15]),/* "L" */ +&(nid_objs[ 3]),/* "MD2" */ +&(nid_objs[ 4]),/* "MD5" */ +&(nid_objs[95]),/* "MDC2" */ +&(nid_objs[57]),/* "Netscape" */ +&(nid_objs[17]),/* "O" */ +&(nid_objs[18]),/* "OU" */ +&(nid_objs[37]),/* "RC2-CBC" */ +&(nid_objs[39]),/* "RC2-CFB" */ +&(nid_objs[38]),/* "RC2-ECB" */ +&(nid_objs[40]),/* "RC2-OFB" */ +&(nid_objs[ 5]),/* "RC4" */ +&(nid_objs[19]),/* "RSA" */ +&(nid_objs[ 7]),/* "RSA-MD2" */ +&(nid_objs[ 8]),/* "RSA-MD5" */ +&(nid_objs[96]),/* "RSA-MDC2" */ +&(nid_objs[42]),/* "RSA-SHA" */ +&(nid_objs[65]),/* "RSA-SHA1" */ +&(nid_objs[41]),/* "SHA" */ +&(nid_objs[64]),/* "SHA1" */ +&(nid_objs[16]),/* "ST" */ +&(nid_objs[ 0]),/* "UNDEF" */ +&(nid_objs[90]),/* "authorityKeyIdentifier" */ +&(nid_objs[87]),/* "basicConstraints" */ +&(nid_objs[89]),/* "certificatePolicies" */ +&(nid_objs[88]),/* "crlNumber" */ +&(nid_objs[86]),/* "issuerAltName" */ +&(nid_objs[83]),/* "keyUsage" */ +&(nid_objs[81]),/* "ld-ce" */ +&(nid_objs[72]),/* "nsBaseUrl" */ +&(nid_objs[76]),/* "nsCaPolicyUrl" */ +&(nid_objs[74]),/* "nsCaRevocationUrl" */ +&(nid_objs[58]),/* "nsCertExt" */ +&(nid_objs[79]),/* "nsCertSequence" */ +&(nid_objs[71]),/* "nsCertType" */ +&(nid_objs[78]),/* "nsComment" */ +&(nid_objs[59]),/* "nsDataType" */ +&(nid_objs[75]),/* "nsRenewalUrl" */ +&(nid_objs[73]),/* "nsRevocationUrl" */ +&(nid_objs[77]),/* "nsSslServerName" */ +&(nid_objs[84]),/* "privateKeyUsagePeriod" */ +&(nid_objs[85]),/* "subjectAltName" */ +&(nid_objs[82]),/* "subjectKeyIdentifier" */ +}; + +static ASN1_OBJECT *ln_objs[NUM_LN]={ +&(nid_objs[72]),/* "Netscape Base Url" */ +&(nid_objs[76]),/* "Netscape CA Policy Url" */ +&(nid_objs[74]),/* "Netscape CA Revocation Url" */ +&(nid_objs[71]),/* "Netscape Cert Type" */ +&(nid_objs[58]),/* "Netscape Certificate Extension" */ +&(nid_objs[79]),/* "Netscape Certificate Sequence" */ +&(nid_objs[78]),/* "Netscape Comment" */ +&(nid_objs[57]),/* "Netscape Communications Corp." */ +&(nid_objs[59]),/* "Netscape Data Type" */ +&(nid_objs[75]),/* "Netscape Renewal Url" */ +&(nid_objs[73]),/* "Netscape Revocation Url" */ +&(nid_objs[77]),/* "Netscape SSL Server Name" */ +&(nid_objs[11]),/* "X500" */ +&(nid_objs[12]),/* "X509" */ +&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ +&(nid_objs[87]),/* "X509v3 Basic Constraints" */ +&(nid_objs[88]),/* "X509v3 CRL Number" */ +&(nid_objs[89]),/* "X509v3 Certificate Policies" */ +&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ +&(nid_objs[83]),/* "X509v3 Key Usage" */ +&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ +&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ +&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ +&(nid_objs[91]),/* "bf-cbc" */ +&(nid_objs[93]),/* "bf-cfb" */ +&(nid_objs[92]),/* "bf-ecb" */ +&(nid_objs[94]),/* "bf-ofb" */ +&(nid_objs[54]),/* "challengePassword" */ +&(nid_objs[13]),/* "commonName" */ +&(nid_objs[50]),/* "contentType" */ +&(nid_objs[53]),/* "countersignature" */ +&(nid_objs[14]),/* "countryName" */ +&(nid_objs[31]),/* "des-cbc" */ +&(nid_objs[30]),/* "des-cfb" */ +&(nid_objs[29]),/* "des-ecb" */ +&(nid_objs[32]),/* "des-ede" */ +&(nid_objs[43]),/* "des-ede-cbc" */ +&(nid_objs[60]),/* "des-ede-cfb" */ +&(nid_objs[62]),/* "des-ede-ofb" */ +&(nid_objs[33]),/* "des-ede3" */ +&(nid_objs[44]),/* "des-ede3-cbc" */ +&(nid_objs[61]),/* "des-ede3-cfb" */ +&(nid_objs[63]),/* "des-ede3-ofb" */ +&(nid_objs[45]),/* "des-ofb" */ +&(nid_objs[80]),/* "desx-cbc" */ +&(nid_objs[28]),/* "dhKeyAgreement" */ +&(nid_objs[67]),/* "dsaEncryption" */ +&(nid_objs[66]),/* "dsaWithSHA" */ +&(nid_objs[70]),/* "dsaWithSHA1" */ +&(nid_objs[48]),/* "emailAddress" */ +&(nid_objs[56]),/* "extendedCertificateAttributes" */ +&(nid_objs[34]),/* "idea-cbc" */ +&(nid_objs[35]),/* "idea-cfb" */ +&(nid_objs[36]),/* "idea-ecb" */ +&(nid_objs[46]),/* "idea-ofb" */ +&(nid_objs[15]),/* "localityName" */ +&(nid_objs[ 3]),/* "md2" */ +&(nid_objs[ 7]),/* "md2WithRSAEncryption" */ +&(nid_objs[ 4]),/* "md5" */ +&(nid_objs[ 8]),/* "md5WithRSAEncryption" */ +&(nid_objs[95]),/* "mdc2" */ +&(nid_objs[96]),/* "mdc2withRSA" */ +&(nid_objs[51]),/* "messageDigest" */ +&(nid_objs[17]),/* "organizationName" */ +&(nid_objs[18]),/* "organizationalUnitName" */ +&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ +&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */ +&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */ +&(nid_objs[69]),/* "pbeWithSHA1AndRC4" */ +&(nid_objs[ 2]),/* "pkcs" */ +&(nid_objs[27]),/* "pkcs3" */ +&(nid_objs[20]),/* "pkcs7" */ +&(nid_objs[21]),/* "pkcs7-data" */ +&(nid_objs[25]),/* "pkcs7-digestData" */ +&(nid_objs[26]),/* "pkcs7-encryptedData" */ +&(nid_objs[23]),/* "pkcs7-envelopedData" */ +&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ +&(nid_objs[22]),/* "pkcs7-signedData" */ +&(nid_objs[47]),/* "pkcs9" */ +&(nid_objs[37]),/* "rc2-cbc" */ +&(nid_objs[39]),/* "rc2-cfb" */ +&(nid_objs[38]),/* "rc2-ecb" */ +&(nid_objs[40]),/* "rc2-ofb" */ +&(nid_objs[ 5]),/* "rc4" */ +&(nid_objs[19]),/* "rsa" */ +&(nid_objs[ 6]),/* "rsaEncryption" */ +&(nid_objs[ 1]),/* "rsadsi" */ +&(nid_objs[41]),/* "sha" */ +&(nid_objs[64]),/* "sha1" */ +&(nid_objs[65]),/* "sha1WithRSAEncryption" */ +&(nid_objs[42]),/* "shaWithRSAEncryption" */ +&(nid_objs[52]),/* "signingTime" */ +&(nid_objs[16]),/* "stateOrProvinceName" */ +&(nid_objs[ 0]),/* "undefined" */ +&(nid_objs[55]),/* "unstructuredAddress" */ +&(nid_objs[49]),/* "unstructuredName" */ +}; + +static ASN1_OBJECT *obj_objs[NUM_OBJ]={ +&(nid_objs[11]),/* OBJ_X500 2 5 */ +&(nid_objs[12]),/* OBJ_X509 2 5 4 */ +&(nid_objs[81]),/* OBJ_ld_ce 2 5 29 */ +&(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ +&(nid_objs[14]),/* OBJ_countryName 2 5 4 6 */ +&(nid_objs[15]),/* OBJ_localityName 2 5 4 7 */ +&(nid_objs[16]),/* OBJ_stateOrProvinceName 2 5 4 8 */ +&(nid_objs[17]),/* OBJ_organizationName 2 5 4 10 */ +&(nid_objs[18]),/* OBJ_organizationalUnitName 2 5 4 11 */ +&(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ +&(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ +&(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */ +&(nid_objs[85]),/* OBJ_subject_alt_name 2 5 29 17 */ +&(nid_objs[86]),/* OBJ_issuer_alt_name 2 5 29 18 */ +&(nid_objs[87]),/* OBJ_basic_constraints 2 5 29 19 */ +&(nid_objs[88]),/* OBJ_crl_number 2 5 29 20 */ +&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ +&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ +&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ +&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ +&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +&(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ +&(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ +&(nid_objs[45]),/* OBJ_des_ofb64 1 3 14 3 2 8 */ +&(nid_objs[30]),/* OBJ_des_cfb64 1 3 14 3 2 9 */ +&(nid_objs[67]),/* OBJ_dsa 1 3 14 3 2 12 */ +&(nid_objs[66]),/* OBJ_dsaWithSHA 1 3 14 3 2 13 */ +&(nid_objs[42]),/* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ +&(nid_objs[32]),/* OBJ_des_ede 1 3 14 3 2 17 */ +&(nid_objs[41]),/* OBJ_sha 1 3 14 3 2 18 */ +&(nid_objs[64]),/* OBJ_sha1 1 3 14 3 2 26 */ +&(nid_objs[70]),/* OBJ_dsaWithSHA1 1 3 14 3 2 27 */ +&(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ +&(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ +&(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ +&(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ +&(nid_objs[20]),/* OBJ_pkcs7 1 2 840 113549 1 7 */ +&(nid_objs[47]),/* OBJ_pkcs9 1 2 840 113549 1 9 */ +&(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */ +&(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */ +&(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */ +&(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ +&(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ +&(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ +&(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ +&(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ +&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ +&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ +&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ +&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ +&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ +&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ +&(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4 1 2 840 113549 1 5 12 */ +&(nid_objs[21]),/* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ +&(nid_objs[22]),/* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ +&(nid_objs[23]),/* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ +&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ +&(nid_objs[25]),/* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ +&(nid_objs[26]),/* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ +&(nid_objs[48]),/* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ +&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ +&(nid_objs[50]),/* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ +&(nid_objs[51]),/* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ +&(nid_objs[52]),/* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ +&(nid_objs[53]),/* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ +&(nid_objs[54]),/* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ +&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ +&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ +&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ +&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ +&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ +&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ +&(nid_objs[75]),/* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ +&(nid_objs[76]),/* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ +&(nid_objs[77]),/* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ +&(nid_objs[78]),/* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ +&(nid_objs[79]),/* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ +}; + diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl new file mode 100644 index 0000000000000000000000000000000000000000..ebeb243d80dcfd12ef7588b0fd0be9c8b2949c95 --- /dev/null +++ b/crypto/objects/obj_dat.pl @@ -0,0 +1,269 @@ +#!/usr/local/bin/perl + +sub obj_cmp + { + local(@a,@b,$_,$r); + + $A=$obj_len{$obj{$nid{$a}}}; + $B=$obj_len{$obj{$nid{$b}}}; + + $r=($A-$B); + return($r) if $r != 0; + + $A=$obj_der{$obj{$nid{$a}}}; + $B=$obj_der{$obj{$nid{$b}}}; + + return($A cmp $B); + } + +sub expand_obj + { + local(*v)=@_; + local($k,$d); + local($i); + + do { + $i=0; + foreach $k (keys %v) + { + if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/)) + { $i++; } + } + } while($i); + foreach $k (keys %v) + { + @a=split(/,/,$v{$k}); + $objn{$k}=$#a+1; + } + return(%objn); + } + +while (<>) + { + next unless /^\#define\s+(\S+)\s+(.*)$/; + $v=$1; + $d=$2; + if ($v =~ /^SN_(.*)$/) + { $sn{$1}=$d; } + elsif ($v =~ /^LN_(.*)$/) + { $ln{$1}=$d; } + elsif ($v =~ /^NID_(.*)$/) + { $nid{$d}=$1; } + elsif ($v =~ /^OBJ_(.*)$/) + { + $obj{$1}=$v; + $objd{$v}=$d; + } + } + +%ob=&expand_obj(*objd); + +@a=sort { $a <=> $b } keys %nid; +$n=$a[$#a]+1; + +@lvalues=(); +$lvalues=0; + +for ($i=0; $i<$n; $i++) + { + if (!defined($nid{$i})) + { + push(@out,"{NULL,NULL,NID_undef,0,NULL},\n"); + } + else + { + $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL"; + $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL"; + $sn=$ln if ($sn eq "NULL"); + $ln=$sn if ($ln eq "NULL"); + $out ="{"; + $out.=$sn; + $out.=",".$ln; + $out.=",NID_$nid{$i},"; + if (defined($obj{$nid{$i}})) + { + $v=$objd{$obj{$nid{$i}}}; + $v =~ s/L//g; + $v =~ s/,/ /g; + $r=&der_it($v); + $z=""; + $length=0; + foreach (unpack("C*",$r)) + { + $z.=sprintf("0x%02X,",$_); + $length++; + } + $obj_der{$obj{$nid{$i}}}=$z; + $obj_len{$obj{$nid{$i}}}=$length; + + push(@lvalues,sprintf("%-45s/* [%3d] %s */\n", + $z,$lvalues,$obj{$nid{$i}})); + $out.="$length,&(lvalues[$lvalues]),0"; + $lvalues+=$length; + } + else + { + $out.="0,NULL"; + } + $out.="},\n"; + push(@out,$out); + } + } + +@a=grep(defined($sn{$nid{$_}}),0 .. $n); +foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) + { + push(@sn,sprintf("&(nid_objs[%2d]),/* $sn{$nid{$_}} */\n",$_)); + } + +@a=grep(defined($ln{$nid{$_}}),0 .. $n); +foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) + { + push(@ln,sprintf("&(nid_objs[%2d]),/* $ln{$nid{$_}} */\n",$_)); + } + +@a=grep(defined($obj{$nid{$_}}),0 .. $n); +foreach (sort obj_cmp @a) + { + $m=$obj{$nid{$_}}; + $v=$objd{$m}; + $v =~ s/L//g; + $v =~ s/,/ /g; + push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); + } + +print <<'EOF'; +/* lib/obj/obj_dat.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the + * following command: + * perl obj_dat.pl < objects.h > obj_dat.h + */ + +EOF + +printf "#define NUM_NID %d\n",$n; +printf "#define NUM_SN %d\n",$#sn+1; +printf "#define NUM_LN %d\n",$#ln+1; +printf "#define NUM_OBJ %d\n\n",$#ob+1; + +printf "static unsigned char lvalues[%d]={\n",$lvalues+1; +print @lvalues; +print "};\n\n"; + +printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; +foreach (@out) + { + if (length($_) > 75) + { + $out=""; + foreach (split(/,/)) + { + $t=$out.$_.","; + if (length($t) > 70) + { + print "$out\n"; + $t="\t$_,"; + } + $out=$t; + } + chop $out; + print "$out"; + } + else + { print $_; } + } +print "};\n\n"; + +printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; +print @sn; +print "};\n\n"; + +printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; +print @ln; +print "};\n\n"; + +printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; +print @ob; +print "};\n\n"; + +sub der_it + { + local($v)=@_; + local(@a,$i,$ret,@r); + + @a=split(/\s+/,$v); + $ret.=pack("C*",$a[0]*40+$a[1]); + shift @a; + shift @a; + while ($_=shift(@a)) + { + @r=(); + $t=0; + while ($_ >= 128) + { + $x=$_%128; + $_/=128; + push(@r,((($t++)?0x80:0)|$x)); + } + push(@r,((($t++)?0x80:0)|$_)); + $ret.=pack("C*",reverse(@r)); + } + return($ret); + } diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c new file mode 100644 index 0000000000000000000000000000000000000000..bfc13d79a472bb55e39346e633973ca29a5ac8ea --- /dev/null +++ b/crypto/objects/obj_err.c @@ -0,0 +1,90 @@ +/* lib/obj/obj_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "objects.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA OBJ_str_functs[]= + { +{ERR_PACK(0,OBJ_F_OBJ_CREATE_AND_ADD_OBJECT,0), "OBJ_create_and_add_object"}, +{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, +{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, +{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, +{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, +{0,NULL}, + }; + +static ERR_STRING_DATA OBJ_str_reasons[]= + { +{OBJ_R_MALLOC_FAILURE ,"malloc failure"}, +{OBJ_R_UNKNOWN_NID ,"unknown nid"}, +{0,NULL}, + }; + +void ERR_load_OBJ_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); + ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); + } + } diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..35a8d70e09ddf59e2222c212407621b6c2a32519 --- /dev/null +++ b/crypto/objects/obj_lib.c @@ -0,0 +1,126 @@ +/* crypto/objects/obj_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "lhash.h" +#include "objects.h" +#include "buffer.h" + +ASN1_OBJECT *OBJ_dup(o) +ASN1_OBJECT *o; + { + ASN1_OBJECT *r; + int i; + + if (o == NULL) return(NULL); + if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) + return(o); + + r=(ASN1_OBJECT *)ASN1_OBJECT_new(); + if (r == NULL) + { + OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); + return(NULL); + } + r->data=(unsigned char *)Malloc(o->length); + if (r->data == NULL) + goto err; + memcpy(r->data,o->data,o->length); + r->length=o->length; + r->nid=o->nid; + r->ln=r->sn=NULL; + if (o->ln != NULL) + { + i=strlen(o->ln)+1; + r->ln=(char *)Malloc(i); + if (r->ln == NULL) goto err; + memcpy(r->ln,o->ln,i); + } + + if (o->sn != NULL) + { + i=strlen(o->sn)+1; + r->sn=(char *)Malloc(i); + if (r->sn == NULL) goto err; + memcpy(r->sn,o->sn,i); + } + r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS); + return(r); +err: + OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); + if (r != NULL) + { + if (r->ln != NULL) Free(r->ln); + if (r->data != NULL) Free(r->data); + Free(r); + } + return(NULL); + } + +int OBJ_cmp(a,b) +ASN1_OBJECT *a; +ASN1_OBJECT *b; + { + int ret; + + ret=(a->length-b->length); + if (ret) return(ret); + return(memcmp(a->data,b->data,a->length)); + } diff --git a/crypto/objects/objects.err b/crypto/objects/objects.err new file mode 100644 index 0000000000000000000000000000000000000000..3f8c54e2db2acea6bd5ca3eccb38ceb12fac9bb5 --- /dev/null +++ b/crypto/objects/objects.err @@ -0,0 +1,12 @@ +/* Error codes for the OBJ functions. */ + +/* Function codes. */ +#define OBJ_F_OBJ_CREATE_AND_ADD_OBJECT 100 +#define OBJ_F_OBJ_DUP 101 +#define OBJ_F_OBJ_NID2LN 102 +#define OBJ_F_OBJ_NID2OBJ 103 +#define OBJ_F_OBJ_NID2SN 104 + +/* Reason codes. */ +#define OBJ_R_MALLOC_FAILURE 100 +#define OBJ_R_UNKNOWN_NID 101 diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h new file mode 100644 index 0000000000000000000000000000000000000000..e69cb7134a99b9df7dd753dc0f5f4155fc8e9a2f --- /dev/null +++ b/crypto/objects/objects.h @@ -0,0 +1,584 @@ +/* crypto/objects/objects.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_OBJECTS_H +#define HEADER_OBJECTS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 + +#define SN_Algorithm "Algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 38 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define LN_rsadsi "rsadsi" +#define NID_rsadsi 1 +#define OBJ_rsadsi 1L,2L,840L,113549L + +#define LN_pkcs "pkcs" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs,1L,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L + +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L + +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L + +#define LN_X500 "X500" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define LN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +/* Postal Address? PA */ + +/* should be "ST" (rfc1327) but MS uses 'S' */ +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500,8L,1L,1L + +#define LN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define LN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +/* IV + num */ +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +/* IV */ +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ede "DES-EDE" +#define LN_des_ede "des-ede" +#define NID_des_ede 32 +/* ?? */ +#define OBJ_des_ede OBJ_algorithm,17L + +#define SN_des_ede3 "DES-EDE3" +#define LN_des_ede3 "des-ede3" +#define NID_des_ede3 33 + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define LN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define SN_pkcs9_emailAddress "Email" +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +/* I'm not sure about the object ID */ +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L +/* 28 Jun 1996 - eay */ +/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 67 +#define OBJ_dsa OBJ_algorithm,12L + +/* proposed by microsoft to RSA */ +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L + +/* proposed by microsoft to RSA */ +#define LN_pbeWithSHA1AndRC4 "pbeWithSHA1AndRC4" +#define NID_pbeWithSHA1AndRC4 69 +#define OBJ_pbeWithSHA1AndRC4 OBJ_pkcs,5L,12L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 70 +/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ +#define OBJ_dsaWithSHA1 OBJ_algorithm,27L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_ld_ce "ld-ce" +#define NID_ld_ce 81 +#define OBJ_ld_ce 2L,5L,29L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_ld_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_ld_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_ld_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_ld_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_ld_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_ld_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_ld_ce,20L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_ld_ce,32L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_ld_ce,35L + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 2L,5L,8L,3L,101L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2withRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L + +#include "asn1.h" + +#ifndef NOPROTO + +ASN1_OBJECT * OBJ_dup(ASN1_OBJECT *o); +ASN1_OBJECT * OBJ_nid2obj(int n); +char * OBJ_nid2ln(int n); +char * OBJ_nid2sn(int n); +int OBJ_obj2nid(ASN1_OBJECT *o); +int OBJ_txt2nid(char *s); +int OBJ_ln2nid(char *s); +int OBJ_sn2nid(char *s); +int OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b); +char * OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)()); + +void ERR_load_OBJ_strings(void ); + +int OBJ_new_nid(int num); +int OBJ_add_object(ASN1_OBJECT *obj); +int OBJ_create_and_add_object(char *oid,char *sn,char *ln); + +void OBJ_cleanup(void ); + +#else + +ASN1_OBJECT * OBJ_dup(); +ASN1_OBJECT * OBJ_nid2obj(); +char * OBJ_nid2ln(); +char * OBJ_nid2sn(); +int OBJ_obj2nid(); +int OBJ_txt2nid(); +int OBJ_ln2nid(); +int OBJ_sn2nid(); +int OBJ_cmp(); +char * OBJ_bsearch(); + +void ERR_load_OBJ_strings(); + +int OBJ_new_nid(); +int OBJ_add_object(); +int OBJ_create_and_add_object(); +void OBJ_cleanup(); + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the OBJ functions. */ + +/* Function codes. */ +#define OBJ_F_OBJ_CREATE_AND_ADD_OBJECT 100 +#define OBJ_F_OBJ_DUP 101 +#define OBJ_F_OBJ_NID2LN 102 +#define OBJ_F_OBJ_NID2OBJ 103 +#define OBJ_F_OBJ_NID2SN 104 + +/* Reason codes. */ +#define OBJ_R_MALLOC_FAILURE 100 +#define OBJ_R_UNKNOWN_NID 101 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt new file mode 100644 index 0000000000000000000000000000000000000000..cb276e90e9808700c4547188914975c71f3d1daa --- /dev/null +++ b/crypto/objects/objects.txt @@ -0,0 +1,40 @@ +1 2 : ISO member bodies +1 2 840 : US (ANSI) +1 2 840 113549 : rsadsi : RSA Data Security, Inc. +1 2 840 113549 1 : pkcs : RSA Data Security, Inc. PKCS +1 2 840 113549 1 1 1 : rsaEncryption +1 2 840 113549 1 1 2 : md2withRSAEncryption +1 2 840 113549 1 1 4 : md5withRSAEncryption +1 2 840 113549 1 7 : pkcs-7 +1 2 840 113549 1 7 1 : pkcs-7-data +1 2 840 113549 1 7 2 : pkcs-7-signedData +1 2 840 113549 1 7 3 : pkcs-7-envelopedData +1 2 840 113549 1 7 4 : pkcs-7-signedAndEnvelopedData +1 2 840 113549 1 7 5 : pkcs-7-digestData +1 2 840 113549 1 7 6 : pkcs-7-encryptedData +1 2 840 113549 2 2 : md2 +1 2 840 113549 2 4 : md4 +1 2 840 113549 2 5 : md5 +1 2 840 113549 3 4 : rc4 +1 2 840 113549 5 1 : pbeWithMD2AndDES_CBC +1 2 840 113549 5 3 : pbeWithMD5AndDES_CBC +2 5 : X500 : directory services (X.500) +2 5 4 : X509 +2 5 4 3 : commonName +2 5 4 6 : countryName +2 5 4 7 : localityName +2 5 4 8 : stateOrProvinceName +2 5 4 10 : organizationName +2 5 4 11 : organizationalUnitName +2 5 8 : directory services - algorithms +2 5 8 1 1 : rsa + +algorithm 18 : sha +encryptionAlgorithm 1 : rsa +algorithm 11 : rsaSignature + +algorithm 6 : desECB +algorithm 7 : desCBC +algorithm 8 : desOFB +algorithm 9 : desCFB +algorithm 17 : desEDE2 diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..447fcb4c0d28c1cb37c953b933ad4f4827b75c0c --- /dev/null +++ b/crypto/pem/Makefile.ssl @@ -0,0 +1,96 @@ +# +# SSLeay/crypto/pem/Makefile +# + +DIR= pem +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=pem +ERRC=pem_err +GENERAL=Makefile +TEST= +APPS= + +CTX_SIZE= ctx_size + +LIB=$(TOP)/libcrypto.a +LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c $(ERRC).c + +LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o $(ERRC).o + +SRC= $(LIBSRC) + +EXHEADER= pem.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: pem.h lib + +pem.h: $(CTX_SIZE) + ./$(CTX_SIZE) pem.new + if [ -f pem.h ]; then mv -f pem.h pem.old; fi + mv -f pem.new pem.h + +$(CTX_SIZE): $(CTX_SIZE).o + $(CC) $(CFLAGS) -o $(CTX_SIZE) $(CTX_SIZE).o + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(CTX_SIZE).c $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f $(CTX_SIZE) *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/pem/ctx_size.c b/crypto/pem/ctx_size.c new file mode 100644 index 0000000000000000000000000000000000000000..c9e2ce6d0d44959a0646925aa3f2ef8e3841719f --- /dev/null +++ b/crypto/pem/ctx_size.c @@ -0,0 +1,122 @@ +/* crypto/pem/ctx_size.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,j; + char buf[256]; + + for (;;) + { + char *str; + buf[0]='\0'; + fgets(buf,256,stdin); + if (buf[0] == '\0') break; + + str="#define EVP_ENCODE_CTX_SIZE "; + if (strncmp(buf,str,strlen(str)) == 0) + { + printf("%s %d\n",str,(int)sizeof(EVP_ENCODE_CTX)); + continue; + } + str="#define EVP_MD_SIZE "; + if (strncmp(buf,str,strlen(str)) == 0) + { + printf("%s %d\n",str,(int)sizeof(EVP_MD)); + continue; + } + str="#define EVP_MD_CTX_SIZE "; + if (strncmp(buf,str,strlen(str)) == 0) + { + printf("%s %d\n",str,(int)sizeof(EVP_MD_CTX)); + continue; + } + str="#define EVP_CIPHER_SIZE "; + if (strncmp(buf,str,strlen(str)) == 0) + { + printf("%s %d\n",str,(int)sizeof(EVP_CIPHER)); + continue; + } + str="#define EVP_CIPHER_CTX_SIZE "; + if (strncmp(buf,str,strlen(str)) == 0) + { + printf("%s %d\n",str,(int)sizeof(EVP_CIPHER_CTX)); + continue; + } + + str="#define EVP_MAX_MD_SIZE "; + if (strncmp(buf,str,strlen(str)) == 0) + { + i=MD2_DIGEST_LENGTH; + j=MD5_DIGEST_LENGTH; + if (j > i) i=j; + j=SHA_DIGEST_LENGTH; + if (j > i) i=j; + printf("%s %d\n",str,i); + continue; + } + fputs(buf,stdout); + } + exit(0); + } diff --git a/crypto/pem/message b/crypto/pem/message new file mode 100644 index 0000000000000000000000000000000000000000..e8bf9d759296b69719850452a15d17b81ce592c8 --- /dev/null +++ b/crypto/pem/message @@ -0,0 +1,16 @@ +-----BEGIN PRIVACY-ENHANCED MESSAGE----- +Proc-Type: 4,ENCRYPTED +Proc-Type: 4,MIC-ONLY +Proc-Type: 4,MIC-CLEAR +Content-Domain: RFC822 +DEK-Info: DES-CBC,0123456789abcdef +Originator-Certificate + xxxx +Issuer-Certificate + xxxx +MIC-Info: RSA-MD5,RSA, + xxxx + + +-----END PRIVACY-ENHANCED MESSAGE----- + diff --git a/crypto/pem/pem.err b/crypto/pem/pem.err new file mode 100644 index 0000000000000000000000000000000000000000..0e523abf8281d726cbf778ebd3fffef10d6999a3 --- /dev/null +++ b/crypto/pem/pem.err @@ -0,0 +1,38 @@ +/* Error codes for the PEM functions. */ + +/* Function codes. */ +#define PEM_F_DEF_CALLBACK 100 +#define PEM_F_LOAD_IV 101 +#define PEM_F_PEM_ASN1_READ 102 +#define PEM_F_PEM_ASN1_READ_BIO 103 +#define PEM_F_PEM_ASN1_WRITE 104 +#define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DO_HEADER 106 +#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_READ 108 +#define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_SEALFINAL 110 +#define PEM_F_PEM_SEALINIT 111 +#define PEM_F_PEM_SIGNFINAL 112 +#define PEM_F_PEM_WRITE 113 +#define PEM_F_PEM_WRITE_BIO 114 +#define PEM_F_PEM_X509_INFO_READ 115 +#define PEM_F_PEM_X509_INFO_READ_BIO 116 +#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* Reason codes. */ +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 +#define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_NOT_DEK_INFO 105 +#define PEM_R_NOT_ENCRYPTED 106 +#define PEM_R_NOT_PROC_TYPE 107 +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h new file mode 100644 index 0000000000000000000000000000000000000000..38952509dd4954ee1485db834c6ea6a7346795fb --- /dev/null +++ b/crypto/pem/pem.h @@ -0,0 +1,562 @@ +/* crypto/pem/pem.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify pem.org since pem.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#ifndef HEADER_PEM_H +#define HEADER_PEM_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "evp.h" +#include "x509.h" + +#define PEM_OBJ_UNDEF 0 +#define PEM_OBJ_X509 1 +#define PEM_OBJ_X509_REQ 2 +#define PEM_OBJ_CRL 3 +#define PEM_OBJ_SSL_SESSION 4 +#define PEM_OBJ_PRIV_KEY 10 +#define PEM_OBJ_PRIV_RSA 11 +#define PEM_OBJ_PRIV_DSA 12 +#define PEM_OBJ_PRIV_DH 13 +#define PEM_OBJ_PUB_RSA 14 +#define PEM_OBJ_PUB_DSA 15 +#define PEM_OBJ_PUB_DH 16 +#define PEM_OBJ_DHPARAMS 17 +#define PEM_OBJ_DSAPARAMS 18 +#define PEM_OBJ_PRIV_RSA_PUBLIC 19 + +#define PEM_ERROR 30 +#define PEM_DEK_DES_CBC 40 +#define PEM_DEK_IDEA_CBC 45 +#define PEM_DEK_DES_EDE 50 +#define PEM_DEK_DES_ECB 60 +#define PEM_DEK_RSA 70 +#define PEM_DEK_RSA_MD2 80 +#define PEM_DEK_RSA_MD5 90 + +#define PEM_MD_MD2 NID_md2 +#define PEM_MD_MD5 NID_md5 +#define PEM_MD_SHA NID_sha +#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption +#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption +#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption + +#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +#define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +#define PEM_STRING_X509_CRL "X509 CRL" +#define PEM_STRING_EVP_PKEY "PRIVATE KEY" +#define PEM_STRING_RSA "RSA PRIVATE KEY" +#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +#define PEM_STRING_DSA "DSA PRIVATE KEY" +#define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" + +#ifndef HEADER_ENVELOPE_H + +#define EVP_ENCODE_CTX_SIZE 92 +#define EVP_MD_SIZE 48 +#define EVP_MD_CTX_SIZE 152 +#define EVP_CIPHER_SIZE 28 +#define EVP_CIPHER_CTX_SIZE 4212 +#define EVP_MAX_MD_SIZE 20 + +typedef struct evp_encode_ctx_st + { + char data[EVP_ENCODE_CTX_SIZE]; + } EVP_ENCODE_CTX; + +typedef struct env_md_ctx_st + { + char data[EVP_MD_CTX_SIZE]; + } EVP_MD_CTX; + +typedef struct evp_cipher_st + { + char data[EVP_CIPHER_SIZE]; + } EVP_CIPHER; + +typedef struct evp_cipher_ctx_st + { + char data[EVP_CIPHER_CTX_SIZE]; + } EVP_CIPHER_CTX; +#endif + + +typedef struct PEM_Encode_Seal_st + { + EVP_ENCODE_CTX encode; + EVP_MD_CTX md; + EVP_CIPHER_CTX cipher; + } PEM_ENCODE_SEAL_CTX; + +/* enc_type is one off */ +#define PEM_TYPE_ENCRYPTED 10 +#define PEM_TYPE_MIC_ONLY 20 +#define PEM_TYPE_MIC_CLEAR 30 +#define PEM_TYPE_CLEAR 40 + +typedef struct pem_recip_st + { + char *name; + X509_NAME *dn; + + int cipher; + int key_enc; + char iv[8]; + } PEM_USER; + +typedef struct pem_ctx_st + { + int type; /* what type of object */ + + struct { + int version; + int mode; + } proc_type; + + char *domain; + + struct { + int cipher; + unsigned char iv[8]; + } DEK_info; + + PEM_USER *originator; + + int num_recipient; + PEM_USER **recipient; + +#ifdef HEADER_STACK_H + STACK *x509_chain; /* certificate chain */ +#else + char *x509_chain; /* certificate chain */ +#endif + EVP_MD *md; /* signature type */ + + int md_enc; /* is the md encrypted or not? */ + int md_len; /* length of md_data */ + char *md_data; /* message digest, could be pkey encrypted */ + + EVP_CIPHER *dec; /* date encryption cipher */ + int key_len; /* key length */ + unsigned char *key; /* key */ + unsigned char iv[8]; /* the iv */ + + + int data_enc; /* is the data encrypted */ + int data_len; + unsigned char *data; + } PEM_CTX; + +#ifdef SSLEAY_MACROS + +#define PEM_write_SSL_SESSION(fp,x) \ + PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL) +#define PEM_write_X509(fp,x) \ + PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ + (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ + NULL,NULL,0,NULL) +#define PEM_write_X509_CRL(fp,x) \ + PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ + fp,(char *)x, NULL,NULL,0,NULL) +#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ + (char *)x,enc,kstr,klen,cb) +#define PEM_write_RSAPublicKey(fp,x) \ + PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ + PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL) +#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ + (char *)x,enc,kstr,klen,cb) +#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write((int (*)())i2d_PrivateKey,\ + (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_PKCS7(fp,x) \ + PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_DHparams(fp,x) \ + PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ + (char *)x,NULL,NULL,0,NULL) + +#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb) +#define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \ + (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb) +#define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \ + (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb) +#define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \ + (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb) +#define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \ + (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb) +#define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \ + (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb) +#define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \ + (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb) +#define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \ + (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb) +#define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \ + (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb) +#define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \ + (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb) + +#define PEM_write_bio_SSL_SESSION(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_X509(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ + (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ + NULL,NULL,0,NULL) +#define PEM_write_bio_X509_CRL(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ + bp,(char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_bio_RSAPublicKey(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ + PEM_STRING_RSA_PUBLIC,\ + bp,(char *)x,NULL,NULL,0,NULL) +#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ + (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_bio_PKCS7(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_DHparams(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ + bp,(char *)x,NULL,NULL,0,NULL) +#define PEM_write_bio_DSAparams(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ + PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL) + +#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb) +#define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb) +#define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb) +#define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb) +#define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb) +#define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb) +#define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb) +#define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb) + +#define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb) +#define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb) +#define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb) + +#endif + +#ifndef NOPROTO +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, + int (*callback)()); + +#ifdef HEADER_BIO_H +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data,long *len); +int PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data, + long len); +char * PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x, + int (*cb)()); +int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x, + EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); +STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)()); +int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, int (*cb)()); +#endif + +#ifndef WIN16 +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data,long *len); +int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); +char * PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x, + int (*cb)()); +int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x, + EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); +STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)()); +#endif + +int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, + EVP_MD *md_type, unsigned char **ek, int *ekl, + unsigned char *iv, EVP_PKEY **pubk, int npubk); +void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl); +int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, + unsigned char *out, int *outl, EVP_PKEY *priv); + +void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +void ERR_load_PEM_strings(void); + +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, char *type, int len, char *str); + +#ifndef SSLEAY_MACROS + +#ifndef WIN16 +X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)()); +X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)()); +X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)()); +RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)()); +RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)()); +DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)()); +EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)()); +PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)()); +DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)()); +DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)()); +int PEM_write_X509(FILE *fp,X509 *x); +int PEM_write_X509_REQ(FILE *fp,X509_REQ *x); +int PEM_write_X509_CRL(FILE *fp,X509_CRL *x); +int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr, + int klen,int (*cb)()); +int PEM_write_RSAPublicKey(FILE *fp,RSA *x); +int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr, + int klen,int (*cb)()); +int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_PKCS7(FILE *fp,PKCS7 *x); +int PEM_write_DHparams(FILE *fp,DH *x); +int PEM_write_DSAparams(FILE *fp,DSA *x); +#endif + +#ifdef HEADER_BIO_H +X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)()); +X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)()); +X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)()); +RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)()); +RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)()); +DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)()); +EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)()); +PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)()); +DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)()); +DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)()); +int PEM_write_bio_X509(BIO *bp,X509 *x); +int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x); +int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x); +int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x); +int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x); +int PEM_write_bio_DHparams(BIO *bp,DH *x); +int PEM_write_bio_DSAparams(BIO *bp,DSA *x); +#endif + +#endif /* SSLEAY_MACROS */ + + +#else + +int PEM_get_EVP_CIPHER_INFO(); +int PEM_do_header(); +int PEM_read_bio(); +int PEM_write_bio(); +#ifndef WIN16 +int PEM_read(); +int PEM_write(); +STACK * PEM_X509_INFO_read(); +char * PEM_ASN1_read(); +int PEM_ASN1_write(); +#endif +STACK * PEM_X509_INFO_read_bio(); +int PEM_X509_INFO_write_bio(); +char * PEM_ASN1_read_bio(); +int PEM_ASN1_write_bio(); +int PEM_SealInit(); +void PEM_SealUpdate(); +int PEM_SealFinal(); +int PEM_SignFinal(); + +void ERR_load_PEM_strings(); + +void PEM_proc_type(); +void PEM_dek_info(); + +#ifndef SSLEAY_MACROS +#ifndef WIN16 +X509 *PEM_read_X509(); +X509_REQ *PEM_read_X509_REQ(); +X509_CRL *PEM_read_X509_CRL(); +RSA *PEM_read_RSAPrivateKey(); +RSA *PEM_read_RSAPublicKey(); +DSA *PEM_read_DSAPrivateKey(); +EVP_PKEY *PEM_read_PrivateKey(); +PKCS7 *PEM_read_PKCS7(); +DH *PEM_read_DHparams(); +DSA *PEM_read_DSAparams(); +int PEM_write_X509(); +int PEM_write_X509_REQ(); +int PEM_write_X509_CRL(); +int PEM_write_RSAPrivateKey(); +int PEM_write_RSAPublicKey(); +int PEM_write_DSAPrivateKey(); +int PEM_write_PrivateKey(); +int PEM_write_PKCS7(); +int PEM_write_DHparams(); +int PEM_write_DSAparams(); +#endif + +X509 *PEM_read_bio_X509(); +X509_REQ *PEM_read_bio_X509_REQ(); +X509_CRL *PEM_read_bio_X509_CRL(); +RSA *PEM_read_bio_RSAPrivateKey(); +RSA *PEM_read_bio_RSAPublicKey(); +DSA *PEM_read_bio_DSAPrivateKey(); +EVP_PKEY *PEM_read_bio_PrivateKey(); +PKCS7 *PEM_read_bio_PKCS7(); +DH *PEM_read_bio_DHparams(); +DSA *PEM_read_bio_DSAparams(); +int PEM_write_bio_X509(); +int PEM_write_bio_X509_REQ(); +int PEM_write_bio_X509_CRL(); +int PEM_write_bio_RSAPrivateKey(); +int PEM_write_bio_RSAPublicKey(); +int PEM_write_bio_DSAPrivateKey(); +int PEM_write_bio_PrivateKey(); +int PEM_write_bio_PKCS7(); +int PEM_write_bio_DHparams(); +int PEM_write_bio_DSAparams(); + +#endif /* SSLEAY_MACROS */ + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the PEM functions. */ + +/* Function codes. */ +#define PEM_F_DEF_CALLBACK 100 +#define PEM_F_LOAD_IV 101 +#define PEM_F_PEM_ASN1_READ 102 +#define PEM_F_PEM_ASN1_READ_BIO 103 +#define PEM_F_PEM_ASN1_WRITE 104 +#define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DO_HEADER 106 +#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_READ 108 +#define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_SEALFINAL 110 +#define PEM_F_PEM_SEALINIT 111 +#define PEM_F_PEM_SIGNFINAL 112 +#define PEM_F_PEM_WRITE 113 +#define PEM_F_PEM_WRITE_BIO 114 +#define PEM_F_PEM_X509_INFO_READ 115 +#define PEM_F_PEM_X509_INFO_READ_BIO 116 +#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* Reason codes. */ +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 +#define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_NOT_DEK_INFO 105 +#define PEM_R_NOT_ENCRYPTED 106 +#define PEM_R_NOT_PROC_TYPE 107 +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/pem/pem.org b/crypto/pem/pem.org new file mode 100644 index 0000000000000000000000000000000000000000..38952509dd4954ee1485db834c6ea6a7346795fb --- /dev/null +++ b/crypto/pem/pem.org @@ -0,0 +1,562 @@ +/* crypto/pem/pem.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify pem.org since pem.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#ifndef HEADER_PEM_H +#define HEADER_PEM_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "evp.h" +#include "x509.h" + +#define PEM_OBJ_UNDEF 0 +#define PEM_OBJ_X509 1 +#define PEM_OBJ_X509_REQ 2 +#define PEM_OBJ_CRL 3 +#define PEM_OBJ_SSL_SESSION 4 +#define PEM_OBJ_PRIV_KEY 10 +#define PEM_OBJ_PRIV_RSA 11 +#define PEM_OBJ_PRIV_DSA 12 +#define PEM_OBJ_PRIV_DH 13 +#define PEM_OBJ_PUB_RSA 14 +#define PEM_OBJ_PUB_DSA 15 +#define PEM_OBJ_PUB_DH 16 +#define PEM_OBJ_DHPARAMS 17 +#define PEM_OBJ_DSAPARAMS 18 +#define PEM_OBJ_PRIV_RSA_PUBLIC 19 + +#define PEM_ERROR 30 +#define PEM_DEK_DES_CBC 40 +#define PEM_DEK_IDEA_CBC 45 +#define PEM_DEK_DES_EDE 50 +#define PEM_DEK_DES_ECB 60 +#define PEM_DEK_RSA 70 +#define PEM_DEK_RSA_MD2 80 +#define PEM_DEK_RSA_MD5 90 + +#define PEM_MD_MD2 NID_md2 +#define PEM_MD_MD5 NID_md5 +#define PEM_MD_SHA NID_sha +#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption +#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption +#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption + +#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +#define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +#define PEM_STRING_X509_CRL "X509 CRL" +#define PEM_STRING_EVP_PKEY "PRIVATE KEY" +#define PEM_STRING_RSA "RSA PRIVATE KEY" +#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +#define PEM_STRING_DSA "DSA PRIVATE KEY" +#define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" + +#ifndef HEADER_ENVELOPE_H + +#define EVP_ENCODE_CTX_SIZE 92 +#define EVP_MD_SIZE 48 +#define EVP_MD_CTX_SIZE 152 +#define EVP_CIPHER_SIZE 28 +#define EVP_CIPHER_CTX_SIZE 4212 +#define EVP_MAX_MD_SIZE 20 + +typedef struct evp_encode_ctx_st + { + char data[EVP_ENCODE_CTX_SIZE]; + } EVP_ENCODE_CTX; + +typedef struct env_md_ctx_st + { + char data[EVP_MD_CTX_SIZE]; + } EVP_MD_CTX; + +typedef struct evp_cipher_st + { + char data[EVP_CIPHER_SIZE]; + } EVP_CIPHER; + +typedef struct evp_cipher_ctx_st + { + char data[EVP_CIPHER_CTX_SIZE]; + } EVP_CIPHER_CTX; +#endif + + +typedef struct PEM_Encode_Seal_st + { + EVP_ENCODE_CTX encode; + EVP_MD_CTX md; + EVP_CIPHER_CTX cipher; + } PEM_ENCODE_SEAL_CTX; + +/* enc_type is one off */ +#define PEM_TYPE_ENCRYPTED 10 +#define PEM_TYPE_MIC_ONLY 20 +#define PEM_TYPE_MIC_CLEAR 30 +#define PEM_TYPE_CLEAR 40 + +typedef struct pem_recip_st + { + char *name; + X509_NAME *dn; + + int cipher; + int key_enc; + char iv[8]; + } PEM_USER; + +typedef struct pem_ctx_st + { + int type; /* what type of object */ + + struct { + int version; + int mode; + } proc_type; + + char *domain; + + struct { + int cipher; + unsigned char iv[8]; + } DEK_info; + + PEM_USER *originator; + + int num_recipient; + PEM_USER **recipient; + +#ifdef HEADER_STACK_H + STACK *x509_chain; /* certificate chain */ +#else + char *x509_chain; /* certificate chain */ +#endif + EVP_MD *md; /* signature type */ + + int md_enc; /* is the md encrypted or not? */ + int md_len; /* length of md_data */ + char *md_data; /* message digest, could be pkey encrypted */ + + EVP_CIPHER *dec; /* date encryption cipher */ + int key_len; /* key length */ + unsigned char *key; /* key */ + unsigned char iv[8]; /* the iv */ + + + int data_enc; /* is the data encrypted */ + int data_len; + unsigned char *data; + } PEM_CTX; + +#ifdef SSLEAY_MACROS + +#define PEM_write_SSL_SESSION(fp,x) \ + PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL) +#define PEM_write_X509(fp,x) \ + PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ + (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ + NULL,NULL,0,NULL) +#define PEM_write_X509_CRL(fp,x) \ + PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ + fp,(char *)x, NULL,NULL,0,NULL) +#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ + (char *)x,enc,kstr,klen,cb) +#define PEM_write_RSAPublicKey(fp,x) \ + PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ + PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL) +#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ + (char *)x,enc,kstr,klen,cb) +#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write((int (*)())i2d_PrivateKey,\ + (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_PKCS7(fp,x) \ + PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_DHparams(fp,x) \ + PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ + (char *)x,NULL,NULL,0,NULL) + +#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb) +#define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \ + (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb) +#define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \ + (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb) +#define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \ + (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb) +#define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \ + (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb) +#define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \ + (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb) +#define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \ + (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb) +#define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \ + (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb) +#define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \ + (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb) +#define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \ + (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb) + +#define PEM_write_bio_SSL_SESSION(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_X509(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ + (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ + NULL,NULL,0,NULL) +#define PEM_write_bio_X509_CRL(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ + bp,(char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_bio_RSAPublicKey(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ + PEM_STRING_RSA_PUBLIC,\ + bp,(char *)x,NULL,NULL,0,NULL) +#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \ + PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ + (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ + bp,(char *)x,enc,kstr,klen,cb) +#define PEM_write_bio_PKCS7(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ + (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_DHparams(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ + bp,(char *)x,NULL,NULL,0,NULL) +#define PEM_write_bio_DSAparams(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ + PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL) + +#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb) +#define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb) +#define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb) +#define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb) +#define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb) +#define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb) +#define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb) +#define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb) + +#define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb) +#define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb) +#define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb) + +#endif + +#ifndef NOPROTO +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, + int (*callback)()); + +#ifdef HEADER_BIO_H +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data,long *len); +int PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data, + long len); +char * PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x, + int (*cb)()); +int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x, + EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); +STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)()); +int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, int (*cb)()); +#endif + +#ifndef WIN16 +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data,long *len); +int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); +char * PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x, + int (*cb)()); +int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x, + EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); +STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)()); +#endif + +int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, + EVP_MD *md_type, unsigned char **ek, int *ekl, + unsigned char *iv, EVP_PKEY **pubk, int npubk); +void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl); +int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, + unsigned char *out, int *outl, EVP_PKEY *priv); + +void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +void ERR_load_PEM_strings(void); + +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, char *type, int len, char *str); + +#ifndef SSLEAY_MACROS + +#ifndef WIN16 +X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)()); +X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)()); +X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)()); +RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)()); +RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)()); +DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)()); +EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)()); +PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)()); +DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)()); +DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)()); +int PEM_write_X509(FILE *fp,X509 *x); +int PEM_write_X509_REQ(FILE *fp,X509_REQ *x); +int PEM_write_X509_CRL(FILE *fp,X509_CRL *x); +int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr, + int klen,int (*cb)()); +int PEM_write_RSAPublicKey(FILE *fp,RSA *x); +int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr, + int klen,int (*cb)()); +int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_PKCS7(FILE *fp,PKCS7 *x); +int PEM_write_DHparams(FILE *fp,DH *x); +int PEM_write_DSAparams(FILE *fp,DSA *x); +#endif + +#ifdef HEADER_BIO_H +X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)()); +X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)()); +X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)()); +RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)()); +RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)()); +DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)()); +EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)()); +PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)()); +DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)()); +DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)()); +int PEM_write_bio_X509(BIO *bp,X509 *x); +int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x); +int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x); +int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x); +int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc, + unsigned char *kstr,int klen,int (*cb)()); +int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x); +int PEM_write_bio_DHparams(BIO *bp,DH *x); +int PEM_write_bio_DSAparams(BIO *bp,DSA *x); +#endif + +#endif /* SSLEAY_MACROS */ + + +#else + +int PEM_get_EVP_CIPHER_INFO(); +int PEM_do_header(); +int PEM_read_bio(); +int PEM_write_bio(); +#ifndef WIN16 +int PEM_read(); +int PEM_write(); +STACK * PEM_X509_INFO_read(); +char * PEM_ASN1_read(); +int PEM_ASN1_write(); +#endif +STACK * PEM_X509_INFO_read_bio(); +int PEM_X509_INFO_write_bio(); +char * PEM_ASN1_read_bio(); +int PEM_ASN1_write_bio(); +int PEM_SealInit(); +void PEM_SealUpdate(); +int PEM_SealFinal(); +int PEM_SignFinal(); + +void ERR_load_PEM_strings(); + +void PEM_proc_type(); +void PEM_dek_info(); + +#ifndef SSLEAY_MACROS +#ifndef WIN16 +X509 *PEM_read_X509(); +X509_REQ *PEM_read_X509_REQ(); +X509_CRL *PEM_read_X509_CRL(); +RSA *PEM_read_RSAPrivateKey(); +RSA *PEM_read_RSAPublicKey(); +DSA *PEM_read_DSAPrivateKey(); +EVP_PKEY *PEM_read_PrivateKey(); +PKCS7 *PEM_read_PKCS7(); +DH *PEM_read_DHparams(); +DSA *PEM_read_DSAparams(); +int PEM_write_X509(); +int PEM_write_X509_REQ(); +int PEM_write_X509_CRL(); +int PEM_write_RSAPrivateKey(); +int PEM_write_RSAPublicKey(); +int PEM_write_DSAPrivateKey(); +int PEM_write_PrivateKey(); +int PEM_write_PKCS7(); +int PEM_write_DHparams(); +int PEM_write_DSAparams(); +#endif + +X509 *PEM_read_bio_X509(); +X509_REQ *PEM_read_bio_X509_REQ(); +X509_CRL *PEM_read_bio_X509_CRL(); +RSA *PEM_read_bio_RSAPrivateKey(); +RSA *PEM_read_bio_RSAPublicKey(); +DSA *PEM_read_bio_DSAPrivateKey(); +EVP_PKEY *PEM_read_bio_PrivateKey(); +PKCS7 *PEM_read_bio_PKCS7(); +DH *PEM_read_bio_DHparams(); +DSA *PEM_read_bio_DSAparams(); +int PEM_write_bio_X509(); +int PEM_write_bio_X509_REQ(); +int PEM_write_bio_X509_CRL(); +int PEM_write_bio_RSAPrivateKey(); +int PEM_write_bio_RSAPublicKey(); +int PEM_write_bio_DSAPrivateKey(); +int PEM_write_bio_PrivateKey(); +int PEM_write_bio_PKCS7(); +int PEM_write_bio_DHparams(); +int PEM_write_bio_DSAparams(); + +#endif /* SSLEAY_MACROS */ + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the PEM functions. */ + +/* Function codes. */ +#define PEM_F_DEF_CALLBACK 100 +#define PEM_F_LOAD_IV 101 +#define PEM_F_PEM_ASN1_READ 102 +#define PEM_F_PEM_ASN1_READ_BIO 103 +#define PEM_F_PEM_ASN1_WRITE 104 +#define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DO_HEADER 106 +#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_READ 108 +#define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_SEALFINAL 110 +#define PEM_F_PEM_SEALINIT 111 +#define PEM_F_PEM_SIGNFINAL 112 +#define PEM_F_PEM_WRITE 113 +#define PEM_F_PEM_WRITE_BIO 114 +#define PEM_F_PEM_X509_INFO_READ 115 +#define PEM_F_PEM_X509_INFO_READ_BIO 116 +#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* Reason codes. */ +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 +#define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_NOT_DEK_INFO 105 +#define PEM_R_NOT_ENCRYPTED 106 +#define PEM_R_NOT_PROC_TYPE 107 +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c new file mode 100644 index 0000000000000000000000000000000000000000..5485628f52cd30112caa87e4cae0504f814a16f8 --- /dev/null +++ b/crypto/pem/pem_all.c @@ -0,0 +1,487 @@ +/* crypto/pem/pem_all.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#undef SSLEAY_MACROS +#include "bio.h" +#include "evp.h" +#include "x509.h" +#include "pkcs7.h" +#include "pem.h" + +#ifndef WIN16 +/* The X509 functions */ +X509 *PEM_read_X509(fp,x,cb) +FILE *fp; +X509 **x; +int (*cb)(); + { + return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509, + PEM_STRING_X509,fp,(char **)x,cb)); + } +#endif + +X509 *PEM_read_bio_X509(bp,x,cb) +BIO *bp; +X509 **x; +int (*cb)(); + { + return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509, + PEM_STRING_X509,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_X509(fp,x) +FILE *fp; +X509 *x; + { + return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, + (char *)x, NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_X509(bp,x) +BIO *bp; +X509 *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, + (char *)x, NULL,NULL,0,NULL)); + } + +#ifndef WIN16 +/* The X509_REQ functions */ +X509_REQ *PEM_read_X509_REQ(fp,x,cb) +FILE *fp; +X509_REQ **x; +int (*cb)(); + { + return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ, + PEM_STRING_X509_REQ,fp,(char **)x,cb)); + } +#endif + +X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb) +BIO *bp; +X509_REQ **x; +int (*cb)(); + { + return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ, + PEM_STRING_X509_REQ,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_X509_REQ(fp,x) +FILE *fp; +X509_REQ *x; + { + return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp, + (char *)x, NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_X509_REQ(bp,x) +BIO *bp; +X509_REQ *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ, + bp,(char *)x, NULL,NULL,0,NULL)); + } + +#ifndef WIN16 +/* The X509_CRL functions */ +X509_CRL *PEM_read_X509_CRL(fp,x,cb) +FILE *fp; +X509_CRL **x; +int (*cb)(); + { + return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL, + PEM_STRING_X509_CRL,fp,(char **)x,cb)); + } +#endif + +X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb) +BIO *bp; +X509_CRL **x; +int (*cb)(); + { + return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL, + PEM_STRING_X509_CRL,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_X509_CRL(fp,x) +FILE *fp; +X509_CRL *x; + { + return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp, + (char *)x, NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_X509_CRL(bp,x) +BIO *bp; +X509_CRL *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, + bp,(char *)x, NULL,NULL,0,NULL)); + } + +#ifndef NO_RSA +#ifndef WIN16 +/* The RSAPrivateKey functions */ +RSA *PEM_read_RSAPrivateKey(fp,x,cb) +FILE *fp; +RSA **x; +int (*cb)(); + { + return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey, + PEM_STRING_RSA,fp,(char **)x,cb)); + } + +RSA *PEM_read_RSAPublicKey(fp,x,cb) +FILE *fp; +RSA **x; +int (*cb)(); + { + return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey, + PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)); + } +#endif + +RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb) +BIO *bp; +RSA **x; +int (*cb)(); + { + return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey, + PEM_STRING_RSA,bp,(char **)x,cb)); + } + +RSA *PEM_read_bio_RSAPublicKey(bp,x,cb) +BIO *bp; +RSA **x; +int (*cb)(); + { + return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey, + PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) +FILE *fp; +RSA *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*cb)(); + { + return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp, + (char *)x,enc,kstr,klen,cb)); + } + +int PEM_write_RSAPublicKey(fp,x) +FILE *fp; +RSA *x; + { + return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey, + PEM_STRING_RSA_PUBLIC,fp, + (char *)x,NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) +BIO *bp; +RSA *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*cb)(); + { + return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA, + bp,(char *)x,enc,kstr,klen,cb)); + } + +int PEM_write_bio_RSAPublicKey(bp,x) +BIO *bp; +RSA *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, + PEM_STRING_RSA_PUBLIC, + bp,(char *)x,NULL,NULL,0,NULL)); + } +#endif /* !NO_RSA */ + +#ifndef NO_DSA +#ifndef WIN16 +/* The DSAPrivateKey functions */ +DSA *PEM_read_DSAPrivateKey(fp,x,cb) +FILE *fp; +DSA **x; +int (*cb)(); + { + return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey, + PEM_STRING_DSA,fp,(char **)x,cb)); + } +#endif + +DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb) +BIO *bp; +DSA **x; +int (*cb)(); + { + return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey, + PEM_STRING_DSA,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) +FILE *fp; +DSA *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*cb)(); + { + return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp, + (char *)x,enc,kstr,klen,cb)); + } +#endif + +int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) +BIO *bp; +DSA *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*cb)(); + { + return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA, + bp,(char *)x,enc,kstr,klen,cb)); + } +#endif + +#ifndef WIN16 +/* The PrivateKey functions */ +EVP_PKEY *PEM_read_PrivateKey(fp,x,cb) +FILE *fp; +EVP_PKEY **x; +int (*cb)(); + { + return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY,fp,(char **)x,cb)); + } +#endif + +EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb) +BIO *bp; +EVP_PKEY **x; +int (*cb)(); + { + return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb) +FILE *fp; +EVP_PKEY *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*cb)(); + { + return(PEM_ASN1_write((int (*)())i2d_PrivateKey, + ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), + fp,(char *)x,enc,kstr,klen,cb)); + } +#endif + +int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) +BIO *bp; +EVP_PKEY *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*cb)(); + { + return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, + ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), + bp,(char *)x,enc,kstr,klen,cb)); + } + +#ifndef WIN16 +/* The PKCS7 functions */ +PKCS7 *PEM_read_PKCS7(fp,x,cb) +FILE *fp; +PKCS7 **x; +int (*cb)(); + { + return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7, + PEM_STRING_PKCS7,fp,(char **)x,cb)); + } +#endif + +PKCS7 *PEM_read_bio_PKCS7(bp,x,cb) +BIO *bp; +PKCS7 **x; +int (*cb)(); + { + return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7, + PEM_STRING_PKCS7,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_PKCS7(fp,x) +FILE *fp; +PKCS7 *x; + { + return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, + (char *)x, NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_PKCS7(bp,x) +BIO *bp; +PKCS7 *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, + (char *)x, NULL,NULL,0,NULL)); + } + +#ifndef NO_DH +#ifndef WIN16 +/* The DHparams functions */ +DH *PEM_read_DHparams(fp,x,cb) +FILE *fp; +DH **x; +int (*cb)(); + { + return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams, + PEM_STRING_DHPARAMS,fp,(char **)x,cb)); + } +#endif + +DH *PEM_read_bio_DHparams(bp,x,cb) +BIO *bp; +DH **x; +int (*cb)(); + { + return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams, + PEM_STRING_DHPARAMS,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_DHparams(fp,x) +FILE *fp; +DH *x; + { + return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp, + (char *)x, NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_DHparams(bp,x) +BIO *bp; +DH *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS, + bp,(char *)x, NULL,NULL,0,NULL)); + } +#endif + +#ifndef NO_DSA +#ifndef WIN16 +/* The DSAparams functions */ +DSA *PEM_read_DSAparams(fp,x,cb) +FILE *fp; +DSA **x; +int (*cb)(); + { + return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams, + PEM_STRING_DSAPARAMS,fp,(char **)x,cb)); + } +#endif + +DSA *PEM_read_bio_DSAparams(bp,x,cb) +BIO *bp; +DSA **x; +int (*cb)(); + { + return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams, + PEM_STRING_DSAPARAMS,bp,(char **)x,cb)); + } + +#ifndef WIN16 +int PEM_write_DSAparams(fp,x) +FILE *fp; +DSA *x; + { + return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp, + (char *)x, NULL,NULL,0,NULL)); + } +#endif + +int PEM_write_bio_DSAparams(bp,x) +BIO *bp; +DSA *x; + { + return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS, + bp,(char *)x, NULL,NULL,0,NULL)); + } +#endif + diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c new file mode 100644 index 0000000000000000000000000000000000000000..b8d95204eabbc89b2950b4dfc6332fc33d85a98d --- /dev/null +++ b/crypto/pem/pem_err.c @@ -0,0 +1,116 @@ +/* lib/pem/pem_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "pem.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA PEM_str_functs[]= + { +{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, +{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, +{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, +{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"}, +{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, +{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, +{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, +{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, +{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, +{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, +{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"}, +{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"}, +{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, +{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, +{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, +{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, +{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, +{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, +{0,NULL}, + }; + +static ERR_STRING_DATA PEM_str_reasons[]= + { +{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"}, +{PEM_R_BAD_DECRYPT ,"bad decrypt"}, +{PEM_R_BAD_END_LINE ,"bad end line"}, +{PEM_R_BAD_IV_CHARS ,"bad iv chars"}, +{PEM_R_BAD_PASSWORD_READ ,"bad password read"}, +{PEM_R_NOT_DEK_INFO ,"not dek info"}, +{PEM_R_NOT_ENCRYPTED ,"not encrypted"}, +{PEM_R_NOT_PROC_TYPE ,"not proc type"}, +{PEM_R_NO_START_LINE ,"no start line"}, +{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"}, +{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"}, +{PEM_R_READ_KEY ,"read key"}, +{PEM_R_SHORT_HEADER ,"short header"}, +{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, +{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, +{0,NULL}, + }; + +void ERR_load_PEM_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); + ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); + } + } diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c new file mode 100644 index 0000000000000000000000000000000000000000..aafd9ce7bef521a0395d6dfdde6d0e9830bc7eda --- /dev/null +++ b/crypto/pem/pem_info.c @@ -0,0 +1,365 @@ +/* crypto/pem/pem_info.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "buffer.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +#ifndef WIN16 +STACK *PEM_X509_INFO_read(fp,sk,cb) +FILE *fp; +STACK *sk; +int (*cb)(); + { + BIO *b; + STACK *ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=PEM_X509_INFO_read_bio(b,sk,cb); + BIO_free(b); + return(ret); + } +#endif + +STACK *PEM_X509_INFO_read_bio(bp,sk,cb) +BIO *bp; +STACK *sk; +int (*cb)(); + { + X509_INFO *xi=NULL; + char *name=NULL,*header=NULL,**pp; + unsigned char *data=NULL,*p; + long len,error=0; + int ok=0; + STACK *ret=NULL; + unsigned int i,raw; + char *(*d2i)(); + + if (sk == NULL) + { + if ((ret=sk_new_null()) == NULL) + { + PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE); + goto err; + } + } + else + ret=sk; + + if ((xi=X509_INFO_new()) == NULL) goto err; + for (;;) + { + raw=0; + i=PEM_read_bio(bp,&name,&header,&data,&len); + if (i == 0) + { + error=ERR_GET_REASON(ERR_peek_error()); + if (error == PEM_R_NO_START_LINE) + { + ERR_clear_error(); + break; + } + goto err; + } +start: + if ( (strcmp(name,PEM_STRING_X509) == 0) || + (strcmp(name,PEM_STRING_X509_OLD) == 0)) + { + d2i=(char *(*)())d2i_X509; + if (xi->x509 != NULL) + { + if (!sk_push(ret,(char *)xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + pp=(char **)&(xi->x509); + } + else if (strcmp(name,PEM_STRING_X509_CRL) == 0) + { + d2i=(char *(*)())d2i_X509_CRL; + if (xi->crl != NULL) + { + if (!sk_push(ret,(char *)xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + pp=(char **)&(xi->crl); + } + else +#ifndef NO_RSA + if (strcmp(name,PEM_STRING_RSA) == 0) + { + d2i=(char *(*)())d2i_RSAPrivateKey; + if (xi->x_pkey != NULL) + { + if (!sk_push(ret,(char *)xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + + xi->enc_data=NULL; + xi->enc_len=0; + + xi->x_pkey=X509_PKEY_new(); + if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) + goto err; + xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; + pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa); + if ((int)strlen(header) > 10) /* assume encrypted */ + raw=1; + } + else +#endif +#ifndef NO_DSA + if (strcmp(name,PEM_STRING_DSA) == 0) + { + d2i=(char *(*)())d2i_DSAPrivateKey; + if (xi->x_pkey != NULL) + { + if (!sk_push(ret,(char *)xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + + xi->enc_data=NULL; + xi->enc_len=0; + + xi->x_pkey=X509_PKEY_new(); + if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) + goto err; + xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; + pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); + if ((int)strlen(header) > 10) /* assume encrypted */ + raw=1; + } + else +#endif + { + d2i=NULL; + pp=NULL; + } + + if (d2i != NULL) + { + if (!raw) + { + EVP_CIPHER_INFO cipher; + + if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) + goto err; + if (!PEM_do_header(&cipher,data,&len,cb)) + goto err; + p=data; + if (d2i(pp,&p,len) == NULL) + { + PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); + goto err; + } + } + else + { /* encrypted RSA data */ + if (!PEM_get_EVP_CIPHER_INFO(header, + &xi->enc_cipher)) goto err; + xi->enc_data=(char *)data; + xi->enc_len=(int)len; + data=NULL; + } + } + else { + /* unknown */ + } + if (name != NULL) Free(name); + if (header != NULL) Free(header); + if (data != NULL) Free(data); + name=NULL; + header=NULL; + data=NULL; + } + + /* if the last one hasn't been pushed yet and there is anything + * in it then add it to the stack ... + */ + if ((xi->x509 != NULL) || (xi->crl != NULL) || + (xi->x_pkey != NULL) || (xi->enc_data != NULL)) + { + if (!sk_push(ret,(char *)xi)) goto err; + xi=NULL; + } + ok=1; +err: + if (xi != NULL) X509_INFO_free(xi); + if (!ok) + { + for (i=0; ((int)i)x_pkey!=NULL) + { + if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) + { + /* copy from wierdo names into more normal things */ + iv=xi->enc_cipher.iv; + data=(unsigned char *)xi->enc_data; + i=xi->enc_len; + + /* we take the encryption data from the + * internal stuff rather than what the + * user has passed us ... as we have to + * match exactly for some strange reason + */ + objstr=OBJ_nid2sn( + EVP_CIPHER_nid(xi->enc_cipher.cipher)); + if (objstr == NULL) + { + PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); + goto err; + } + + /* create the right magic header stuff */ + buf[0]='\0'; + PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); + PEM_dek_info(buf,objstr,8,(char *)iv); + + /* use the normal code to write things out */ + i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); + if (i <= 0) goto err; + } + else + { + /* Add DSA/DH */ +#ifndef NO_RSA + /* normal optionally encrypted stuff */ + if (PEM_write_bio_RSAPrivateKey(bp, + xi->x_pkey->dec_pkey->pkey.rsa, + enc,kstr,klen,cb)<=0) + goto err; +#endif + } + } + + /* if we have a certificate then write it out now */ + if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0)) + goto err; + + /* we are ignoring anything else that is loaded into the X509_INFO + * structure for the moment ... as I don't need it so I'm not + * coding it here and Eric can do it when this makes it into the + * base library --tjh + */ + + ret=1; + +err: + memset((char *)&ctx,0,sizeof(ctx)); + memset(buf,0,PEM_BUFSIZE); + return(ret); + } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..1397d83113c30d64da2fcc2eb2a66f1a16cf59b2 --- /dev/null +++ b/crypto/pem/pem_lib.c @@ -0,0 +1,757 @@ +/* crypto/pem/pem_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "buffer.h" +#include "objects.h" +#include "evp.h" +#include "rand.h" +#include "x509.h" +#include "pem.h" +#ifndef NO_DES +#include "des.h" +#endif + +char *PEM_version="PEM part of SSLeay 0.8.1b 29-Jun-1998"; + +#define MIN_LENGTH 4 + +/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE); + * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); + */ + +#ifndef NOPROTO +static int def_callback(char *buf, int num, int w); +static int load_iv(unsigned char **fromp,unsigned char *to, int num); +#else +static int def_callback(); +static int load_iv(); +#endif + +static int def_callback(buf, num, w) +char *buf; +int num; +int w; + { +#ifdef WIN16 + /* We should not ever call the default callback routine from + * windows. */ + PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(-1); +#else + int i,j; + char *prompt; + + prompt=EVP_get_pw_prompt(); + if (prompt == NULL) + prompt="Enter PEM pass phrase:"; + + for (;;) + { + i=EVP_read_pw_string(buf,num,prompt,w); + if (i != 0) + { + PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf,0,(unsigned int)num); + return(-1); + } + j=strlen(buf); + if (j < MIN_LENGTH) + { + fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH); + } + else + break; + } + return(j); +#endif + } + +void PEM_proc_type(buf, type) +char *buf; +int type; + { + char *str; + + if (type == PEM_TYPE_ENCRYPTED) + str="ENCRYPTED"; + else if (type == PEM_TYPE_MIC_CLEAR) + str="MIC-CLEAR"; + else if (type == PEM_TYPE_MIC_ONLY) + str="MIC-ONLY"; + else + str="BAD-TYPE"; + + strcat(buf,"Proc-Type: 4,"); + strcat(buf,str); + strcat(buf,"\n"); + } + +void PEM_dek_info(buf, type, len, str) +char *buf; +char *type; +int len; +char *str; + { + static unsigned char map[17]="0123456789ABCDEF"; + long i; + int j; + + strcat(buf,"DEK-Info: "); + strcat(buf,type); + strcat(buf,","); + j=strlen(buf); + for (i=0; i>4)&0x0f]; + buf[j+i*2+1]=map[(str[i] )&0x0f]; + } + buf[j+i*2]='\n'; + buf[j+i*2+1]='\0'; + } + +#ifndef WIN16 +char *PEM_ASN1_read(d2i,name,fp, x, cb) +char *(*d2i)(); +char *name; +FILE *fp; +char **x; +int (*cb)(); + { + BIO *b; + char *ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=PEM_ASN1_read_bio(d2i,name,b,x,cb); + BIO_free(b); + return(ret); + } +#endif + +char *PEM_ASN1_read_bio(d2i,name,bp, x, cb) +char *(*d2i)(); +char *name; +BIO *bp; +char **x; +int (*cb)(); + { + EVP_CIPHER_INFO cipher; + char *nm=NULL,*header=NULL; + unsigned char *p=NULL,*data=NULL; + long len; + char *ret=NULL; + + for (;;) + { + if (!PEM_read_bio(bp,&nm,&header,&data,&len)) return(NULL); + if ( (strcmp(nm,name) == 0) || + ((strcmp(nm,PEM_STRING_RSA) == 0) && + (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || + ((strcmp(nm,PEM_STRING_DSA) == 0) && + (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || + ((strcmp(nm,PEM_STRING_X509_OLD) == 0) && + (strcmp(name,PEM_STRING_X509) == 0)) || + ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) && + (strcmp(name,PEM_STRING_X509_REQ) == 0)) + ) + break; + Free(nm); + Free(header); + Free(data); + } + if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; + if (!PEM_do_header(&cipher,data,&len,cb)) goto err; + p=data; + if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) + { + if (strcmp(nm,PEM_STRING_RSA) == 0) + ret=d2i(EVP_PKEY_RSA,x,&p,len); + else if (strcmp(nm,PEM_STRING_DSA) == 0) + ret=d2i(EVP_PKEY_DSA,x,&p,len); + } + else + ret=d2i(x,&p,len); + if (ret == NULL) + PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); +err: + Free(nm); + Free(header); + Free(data); + return(ret); + } + +#ifndef WIN16 +int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback) +int (*i2d)(); +char *name; +FILE *fp; +char *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*callback)(); + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback); + BIO_free(b); + return(ret); + } +#endif + +int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback) +int (*i2d)(); +char *name; +BIO *bp; +char *x; +EVP_CIPHER *enc; +unsigned char *kstr; +int klen; +int (*callback)(); + { + EVP_CIPHER_CTX ctx; + int dsize=0,i,j,ret=0; + unsigned char *p,*data=NULL; + char *objstr=NULL; +#define PEM_BUFSIZE 1024 + char buf[PEM_BUFSIZE]; + unsigned char key[EVP_MAX_KEY_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + + if (enc != NULL) + { + objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); + if (objstr == NULL) + { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); + goto err; + } + } + + dsize=i2d(x,NULL); + /* dzise + 8 bytes are needed */ + data=(unsigned char *)Malloc((unsigned int)dsize+20); + if (data == NULL) + { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); + goto err; + } + p=data; + i=i2d(x,&p); + + if (enc != NULL) + { + if (kstr == NULL) + { + if (callback == NULL) + klen=def_callback(buf,PEM_BUFSIZE,1); + else + klen=(*callback)(buf,PEM_BUFSIZE,1); + if (klen <= 0) + { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); + goto err; + } + kstr=(unsigned char *)buf; + } + RAND_seed(data,i);/* put in the RSA key. */ + RAND_bytes(iv,8); /* Generate a salt */ + /* The 'iv' is used as the iv and as a salt. It is + * NOT taken from the BytesToKey function */ + EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); + + if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + + buf[0]='\0'; + PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); + PEM_dek_info(buf,objstr,8,(char *)iv); + /* k=strlen(buf); */ + + EVP_EncryptInit(&ctx,enc,key,iv); + EVP_EncryptUpdate(&ctx,data,&j,data,i); + EVP_EncryptFinal(&ctx,&(data[j]),&i); + i+=j; + ret=1; + } + else + { + ret=1; + buf[0]='\0'; + } + i=PEM_write_bio(bp,name,buf,data,i); + if (i <= 0) ret=0; +err: + memset(key,0,sizeof(key)); + memset(iv,0,sizeof(iv)); + memset((char *)&ctx,0,sizeof(ctx)); + memset(buf,0,PEM_BUFSIZE); + memset(data,0,(unsigned int)dsize); + Free(data); + return(ret); + } + +int PEM_do_header(cipher, data, plen, callback) +EVP_CIPHER_INFO *cipher; +unsigned char *data; +long *plen; +int (*callback)(); + { + int i,j,o,klen; + long len; + EVP_CIPHER_CTX ctx; + unsigned char key[EVP_MAX_KEY_LENGTH]; + char buf[PEM_BUFSIZE]; + + len= *plen; + + if (cipher->cipher == NULL) return(1); + if (callback == NULL) + klen=def_callback(buf,PEM_BUFSIZE,0); + else + klen=callback(buf,PEM_BUFSIZE,0); + if (klen <= 0) + { + PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); + return(0); + } + EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), + (unsigned char *)buf,klen,1,key,NULL); + + j=(int)len; + EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0])); + EVP_DecryptUpdate(&ctx,data,&i,data,j); + o=EVP_DecryptFinal(&ctx,&(data[i]),&j); + EVP_CIPHER_CTX_cleanup(&ctx); + memset((char *)buf,0,sizeof(buf)); + memset((char *)key,0,sizeof(key)); + j+=i; + if (!o) + { + PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); + return(0); + } + *plen=j; + return(1); + } + +int PEM_get_EVP_CIPHER_INFO(header,cipher) +char *header; +EVP_CIPHER_INFO *cipher; + { + int o; + EVP_CIPHER *enc=NULL; + char *p,c; + + cipher->cipher=NULL; + if ((header == NULL) || (*header == '\0') || (*header == '\n')) + return(1); + if (strncmp(header,"Proc-Type: ",11) != 0) + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } + header+=11; + if (*header != '4') return(0); header++; + if (*header != ',') return(0); header++; + if (strncmp(header,"ENCRYPTED",9) != 0) + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } + for (; (*header != '\n') && (*header != '\0'); header++) + ; + if (*header == '\0') + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } + header++; + if (strncmp(header,"DEK-Info: ",10) != 0) + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } + header+=10; + + p=header; + for (;;) + { + c= *header; + if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || + ((c >= '0') && (c <= '9')))) + break; + header++; + } + *header='\0'; + o=OBJ_sn2nid(p); + cipher->cipher=enc=EVP_get_cipherbyname(p); + *header=c; + header++; + + if (enc == NULL) + { + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); + return(0); + } + if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0); + + return(1); + } + +static int load_iv(fromp,to,num) +unsigned char **fromp,*to; +int num; + { + int v,i; + unsigned char *from; + + from= *fromp; + for (i=0; i= '0') && (*from <= '9')) + v= *from-'0'; + else if ((*from >= 'A') && (*from <= 'F')) + v= *from-'A'+10; + else if ((*from >= 'a') && (*from <= 'f')) + v= *from-'a'+10; + else + { + PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); + return(0); + } + from++; + to[i/2]|=v<<(long)((!(i&1))*4); + } + + *fromp=from; + return(1); + } + +#ifndef WIN16 +int PEM_write(fp, name, header, data,len) +FILE *fp; +char *name; +char *header; +unsigned char *data; +long len; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=PEM_write_bio(b, name, header, data,len); + BIO_free(b); + return(ret); + } +#endif + +int PEM_write_bio(bp, name, header, data,len) +BIO *bp; +char *name; +char *header; +unsigned char *data; +long len; + { + int nlen,n,i,j,outl; + unsigned char *buf; + EVP_ENCODE_CTX ctx; + int reason=ERR_R_BUF_LIB; + + EVP_EncodeInit(&ctx); + nlen=strlen(name); + + if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || + (BIO_write(bp,name,nlen) != nlen) || + (BIO_write(bp,"-----\n",6) != 6)) + goto err; + + i=strlen(header); + if (i > 0) + { + if ( (BIO_write(bp,header,i) != i) || + (BIO_write(bp,"\n",1) != 1)) + goto err; + } + + buf=(unsigned char *)Malloc(PEM_BUFSIZE*8); + if (buf == NULL) + { + reason=ERR_R_MALLOC_FAILURE; + goto err; + } + + i=j=0; + while (len > 0) + { + n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); + EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); + if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl)) + goto err; + i+=outl; + len-=n; + j+=n; + } + EVP_EncodeFinal(&ctx,buf,&outl); + if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; + Free(buf); + if ( (BIO_write(bp,"-----END ",9) != 9) || + (BIO_write(bp,name,nlen) != nlen) || + (BIO_write(bp,"-----\n",6) != 6)) + goto err; + return(i+outl); +err: + PEMerr(PEM_F_PEM_WRITE_BIO,reason); + return(0); + } + +#ifndef WIN16 +int PEM_read(fp, name, header, data,len) +FILE *fp; +char **name; +char **header; +unsigned char **data; +long *len; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=PEM_read_bio(b, name, header, data,len); + BIO_free(b); + return(ret); + } +#endif + +int PEM_read_bio(bp, name, header, data, len) +BIO *bp; +char **name; +char **header; +unsigned char **data; +long *len; + { + EVP_ENCODE_CTX ctx; + int end=0,i,k,bl=0,hl=0,nohead=0; + char buf[256]; + BUF_MEM *nameB; + BUF_MEM *headerB; + BUF_MEM *dataB,*tmpB; + + nameB=BUF_MEM_new(); + headerB=BUF_MEM_new(); + dataB=BUF_MEM_new(); + if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) + { + PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); + return(0); + } + + buf[254]='\0'; + for (;;) + { + i=BIO_gets(bp,buf,254); + + if (i <= 0) + { + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE); + goto err; + } + + while ((i >= 0) && (buf[i] <= ' ')) i--; + buf[++i]='\n'; buf[++i]='\0'; + + if (strncmp(buf,"-----BEGIN ",11) == 0) + { + i=strlen(&(buf[11])); + + if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) + continue; + if (!BUF_MEM_grow(nameB,i+9)) + { + PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); + goto err; + } + strncpy(nameB->data,&(buf[11]),(unsigned int)i-6); + nameB->data[i-6]='\0'; + break; + } + } + hl=0; + if (!BUF_MEM_grow(headerB,256)) + { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } + headerB->data[0]='\0'; + for (;;) + { + i=BIO_gets(bp,buf,254); + if (i <= 0) break; + + while ((i >= 0) && (buf[i] <= ' ')) i--; + buf[++i]='\n'; buf[++i]='\0'; + + if (buf[0] == '\n') break; + if (!BUF_MEM_grow(headerB,hl+i+9)) + { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } + if (strncmp(buf,"-----END ",9) == 0) + { + nohead=1; + break; + } + strncpy(&(headerB->data[hl]),buf,(unsigned int)i); + headerB->data[hl+i]='\0'; + hl+=i; + } + + bl=0; + if (!BUF_MEM_grow(dataB,1024)) + { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } + dataB->data[0]='\0'; + if (!nohead) + { + for (;;) + { + i=BIO_gets(bp,buf,254); + if (i <= 0) break; + + while ((i >= 0) && (buf[i] <= ' ')) i--; + buf[++i]='\n'; buf[++i]='\0'; + + if (i != 65) end=1; + if (strncmp(buf,"-----END ",9) == 0) + break; + if (i > 65) break; + if (!BUF_MEM_grow(dataB,i+bl+9)) + { + PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); + goto err; + } + strncpy(&(dataB->data[bl]),buf,(unsigned int)i); + dataB->data[bl+i]='\0'; + bl+=i; + if (end) + { + buf[0]='\0'; + i=BIO_gets(bp,buf,254); + if (i <= 0) break; + + while ((i >= 0) && (buf[i] <= ' ')) i--; + buf[++i]='\n'; buf[++i]='\0'; + + break; + } + } + } + else + { + tmpB=headerB; + headerB=dataB; + dataB=tmpB; + bl=hl; + } + i=strlen(nameB->data); + if ( (strncmp(buf,"-----END ",9) != 0) || + (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) || + (strncmp(&(buf[9+i]),"-----\n",6) != 0)) + { + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); + goto err; + } + + EVP_DecodeInit(&ctx); + i=EVP_DecodeUpdate(&ctx, + (unsigned char *)dataB->data,&bl, + (unsigned char *)dataB->data,bl); + if (i < 0) + { + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); + goto err; + } + i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); + if (i < 0) + { + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); + goto err; + } + bl+=k; + + if (bl == 0) goto err; + *name=nameB->data; + *header=headerB->data; + *data=(unsigned char *)dataB->data; + *len=bl; + Free(nameB); + Free(headerB); + Free(dataB); + return(1); +err: + BUF_MEM_free(nameB); + BUF_MEM_free(headerB); + BUF_MEM_free(dataB); + return(0); + } diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c new file mode 100644 index 0000000000000000000000000000000000000000..6acb04ad774df40c51b61aa1cc28397c62bf135d --- /dev/null +++ b/crypto/pem/pem_seal.c @@ -0,0 +1,191 @@ +/* crypto/pem/pem_seal.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "rand.h" +#include "objects.h" +#include "x509.h" +#include "pem.h" + +int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk) +PEM_ENCODE_SEAL_CTX *ctx; +EVP_CIPHER *type; +EVP_MD *md_type; +unsigned char **ek; +int *ekl; +unsigned char *iv; +EVP_PKEY **pubk; +int npubk; + { + unsigned char key[EVP_MAX_KEY_LENGTH]; + int ret= -1; + int i,j,max=0; + char *s=NULL; + + for (i=0; itype != EVP_PKEY_RSA) + { + PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA); + goto err; + } + j=RSA_size(pubk[i]->pkey.rsa); + if (j > max) max=j; + } + s=(char *)Malloc(max*2); + if (s == NULL) + { + PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); + goto err; + } + + EVP_EncodeInit(&(ctx->encode)); + EVP_SignInit(&(ctx->md),md_type); + + ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk); + if (!ret) goto err; + + /* base64 encode the keys */ + for (i=0; ipkey.rsa)); + ekl[i]=j; + memcpy(ek[i],s,j+1); + } + + ret=npubk; +err: + if (s != NULL) Free(s); + memset(key,0,EVP_MAX_KEY_LENGTH); + return(ret); + } + +void PEM_SealUpdate(ctx,out,outl,in,inl) +PEM_ENCODE_SEAL_CTX *ctx; +unsigned char *out; +int *outl; +unsigned char *in; +int inl; + { + unsigned char buffer[1600]; + int i,j; + + *outl=0; + EVP_SignUpdate(&(ctx->md),in,inl); + for (;;) + { + if (inl <= 0) break; + if (inl > 1200) + i=1200; + else + i=inl; + EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i); + EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j); + *outl+=j; + out+=j; + in+=i; + inl-=i; + } + } + +int PEM_SealFinal(ctx,sig,sigl,out,outl,priv) +PEM_ENCODE_SEAL_CTX *ctx; +unsigned char *sig; +int *sigl; +unsigned char *out; +int *outl; +EVP_PKEY *priv; + { + unsigned char *s=NULL; + int ret=0,j; + unsigned int i; + + if (priv->type != EVP_PKEY_RSA) + { + PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA); + goto err; + } + i=RSA_size(priv->pkey.rsa); + if (i < 100) i=100; + s=(unsigned char *)Malloc(i*2); + if (s == NULL) + { + PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } + + EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i); + EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i); + *outl=j; + out+=j; + EVP_EncodeFinal(&(ctx->encode),out,&j); + *outl+=j; + + if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err; + *sigl=EVP_EncodeBlock(sig,s,i); + + ret=1; +err: + memset((char *)&(ctx->md),0,sizeof(ctx->md)); + memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher)); + if (s != NULL) Free(s); + return(ret); + } diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c new file mode 100644 index 0000000000000000000000000000000000000000..0df99a3d84e981f9ddffe2c6266186c7f8f5447a --- /dev/null +++ b/crypto/pem/pem_sign.c @@ -0,0 +1,109 @@ +/* crypto/pem/pem_sign.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "rand.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "pem.h" + +void PEM_SignInit(ctx,type) +EVP_MD_CTX *ctx; +EVP_MD *type; + { + EVP_DigestInit(ctx,type); + } + +void PEM_SignUpdate(ctx,data,count) +EVP_MD_CTX *ctx; +unsigned char *data; +unsigned int count; + { + EVP_DigestUpdate(ctx,data,count); + } + +int PEM_SignFinal(ctx,sigret,siglen,pkey) +EVP_MD_CTX *ctx; +unsigned char *sigret; +unsigned int *siglen; +EVP_PKEY *pkey; + { + unsigned char *m; + int i,ret=0; + unsigned int m_len; + + m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2); + if (m == NULL) + { + PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err; + + i=EVP_EncodeBlock(sigret,m,m_len); + *siglen=i; + ret=1; +err: + /* ctx has been zeroed by EVP_SignFinal() */ + if (m != NULL) Free(m); + return(ret); + } + diff --git a/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis new file mode 100644 index 0000000000000000000000000000000000000000..be90c5d87f5b38a4503209c71df1e9ab5edae581 --- /dev/null +++ b/crypto/pem/pkcs7.lis @@ -0,0 +1,22 @@ +21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE + 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData + 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag + 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE + 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version + 20 20:d=0 hl=2 l= 0 cons: univ: SET + 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE + 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data + 00 35:d=0 hl=2 l= 0 prim: univ: EOC + 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag + 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE + 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE + 00 1116:d=0 hl=2 l= 0 prim: univ: EOC + 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag + 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE + 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE + 00 2066:d=0 hl=2 l= 0 prim: univ: EOC + 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers + 00 2070:d=0 hl=2 l= 0 prim: univ: EOC + 00 2072:d=0 hl=2 l= 0 prim: univ: EOC + 00 2074:d=0 hl=2 l= 0 prim: univ: EOC +00 2076:d=0 hl=2 l= 0 prim: univ: EOC diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl new file mode 100644 index 0000000000000000000000000000000000000000..558112e0826784caab867ffe2feaf578a94c7d3f --- /dev/null +++ b/crypto/perlasm/x86ms.pl @@ -0,0 +1,249 @@ +#!/usr/local/bin/perl + +package x86ms; + +$label="L000"; + +%lb=( 'eax', 'al', + 'ebx', 'bl', + 'ecx', 'cl', + 'edx', 'dl', + 'ax', 'al', + 'bx', 'bl', + 'cx', 'cl', + 'dx', 'dl', + ); + +%hb=( 'eax', 'ah', + 'ebx', 'bh', + 'ecx', 'ch', + 'edx', 'dh', + 'ax', 'ah', + 'bx', 'bh', + 'cx', 'ch', + 'dx', 'dh', + ); + +sub main'LB + { + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; + return($lb{$_[0]}); + } + +sub main'HB + { + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; + return($hb{$_[0]}); + } + +sub main'DWP + { + local($addr,$reg1,$reg2,$idx)=@_; + local($t); + local($ret)="DWORD PTR "; + + $addr =~ s/^\s+//; + if ($addr =~ /^(.+)\+(.+)$/) + { + $reg2=&conv($1); + $addr="_$2"; + } + elsif ($addr =~ /^[_a-zA-Z]/) + { + $addr="_$addr"; + } + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + $ret.=$addr if ($addr ne "") && ($addr ne 0); + if ($reg2 ne "") + { + $t=""; + $t="*$idx" if ($idx != 0); + $ret.="[$reg2$t+$reg1]"; + } + else + { + $ret.="[$reg1]" + } + return($ret); + } + +sub main'mov { &out2("mov",@_); } +sub main'movb { &out2("mov",@_); } +sub main'and { &out2("and",@_); } +sub main'or { &out2("or",@_); } +sub main'shl { &out2("shl",@_); } +sub main'shr { &out2("shr",@_); } +sub main'xor { &out2("xor",@_); } +sub main'add { &out2("add",@_); } +sub main'sub { &out2("sub",@_); } +sub main'rotl { &out2("rol",@_); } +sub main'rotr { &out2("ror",@_); } +sub main'exch { &out2("xchg",@_); } +sub main'cmp { &out2("cmp",@_); } +sub main'dec { &out1("dec",@_); } +sub main'jmp { &out1("jmp",@_); } +sub main'je { &out1("je",@_); } +sub main'jz { &out1("jz",@_); } +sub main'jnz { &out1("jnz",@_); } +sub main'push { &out1("push",@_); } +sub main'call { &out1("call",'_'.$_[0]); } + + +sub out2 + { + local($name,$p1,$p2)=@_; + local($l,$t); + + print "\t$name\t"; + $t=&conv($p1).","; + $l=length($t); + print $t; + $l=4-($l+9)/8; + print "\t" x $l; + print &conv($p2); + print "\n"; + } + +sub out1 + { + local($name,$p1)=@_; + local($l,$t); + + print "\t$name\t"; + print &conv($p1); + print "\n"; + } + +sub conv + { + local($p)=@_; + + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; + return $p; + } + +sub main'file + { + local($file)=@_; + + print <<"EOF"; + TITLE $file.asm + .386 +.model FLAT +EOF + } + +sub main'function_begin + { + local($func,$num,$extra)=@_; + + $params=$num*4; + + print <<"EOF"; +_TEXT SEGMENT +PUBLIC _$func +$extra +_$func PROC NEAR + push ebp + push ebx + push esi + push edi +EOF + $stack=20; + } + +sub main'function_end + { + local($func)=@_; + + print <<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +_$func ENDP +_TEXT ENDS +EOF + $stack=0; + %label=(); + } + +sub main'function_end_A + { + local($func)=@_; + + print <<"EOF"; + pop edi + pop esi + pop ebx + pop ebp + ret +EOF + } + +sub main'function_end_B + { + local($func)=@_; + + print <<"EOF"; +_$func ENDP +_TEXT ENDS +EOF + $stack=0; + %label=(); + } + +sub main'file_end + { + print "END\n" + } + +sub main'wparam + { + local($num)=@_; + + return(&main'DWP($stack+$num*4,"esp","",0)); + } + +sub main'wtmp + { + local($num)=@_; + + return(&main'DWP($stack+$params+$num*4,"esp","",0)); + } + +sub main'comment + { + foreach (@_) + { + print "\t; $_\n"; + } + } + +sub main'label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="\$${label}${_[0]}"; + $label++; + } + return($label{$_[0]}); + } + +sub main'set_label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}="${label}${_[0]}"; + $label++; + } + print "$label{$_[0]}:\n"; + } + +sub main'file_end + { + print "END\n"; + } diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl new file mode 100644 index 0000000000000000000000000000000000000000..3426563dca72edd7eb370af383947deb11b90466 --- /dev/null +++ b/crypto/perlasm/x86unix.pl @@ -0,0 +1,313 @@ +#!/usr/local/bin/perl + +package x86ms; + +$label="L000"; + +$align=($main'aout)?"4":"16"; +$under=($main'aout)?"_":""; +$com_start=($main'sol)?"/":"#"; + +if ($main'cpp) + { + $align="ALIGN"; + $under=""; + $com_start='/*'; + $com_end='*/'; + } + +%lb=( 'eax', '%al', + 'ebx', '%bl', + 'ecx', '%cl', + 'edx', '%dl', + 'ax', '%al', + 'bx', '%bl', + 'cx', '%cl', + 'dx', '%dl', + ); + +%hb=( 'eax', '%ah', + 'ebx', '%bh', + 'ecx', '%ch', + 'edx', '%dh', + 'ax', '%ah', + 'bx', '%bh', + 'cx', '%ch', + 'dx', '%dh', + ); + +%regs=( 'eax', '%eax', + 'ebx', '%ebx', + 'ecx', '%ecx', + 'edx', '%edx', + 'esi', '%esi', + 'edi', '%edi', + 'ebp', '%ebp', + 'esp', '%esp', + ); + +sub main'LB + { + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; + return($lb{$_[0]}); + } + +sub main'HB + { + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; + return($hb{$_[0]}); + } + +sub main'DWP + { + local($addr,$reg1,$reg2,$idx)=@_; + + + $ret=""; + + $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + $ret.=$addr if ($addr ne "") && ($addr ne 0); + if ($reg2 ne "") + { + $ret.="($reg1,$reg2,$idx)"; + } + else + { + $ret.="($reg1)" + } + return($ret); + } + +sub main'BP + { + local($addr,$reg1,$reg2,$idx)=@_; + + + $ret=""; + + $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; + + $reg1="$regs{$reg1}" if defined($regs{$reg1}); + $reg2="$regs{$reg2}" if defined($regs{$reg2}); + $ret.=$addr if ($addr ne "") && ($addr ne 0); + if ($reg2 ne "") + { + $ret.="($reg1,$reg2,$idx)"; + } + else + { + $ret.="($reg1)" + } + return($ret); + } + +sub main'mov { &out2("movl",@_); } +sub main'movb { &out2("movb",@_); } +sub main'and { &out2("andl",@_); } +sub main'or { &out2("orl",@_); } +sub main'shl { &out2("sall",@_); } +sub main'shr { &out2("shrl",@_); } +sub main'xor { &out2("xorl",@_); } +sub main'add { &out2("addl",@_); } +sub main'sub { &out2("subl",@_); } +sub main'rotl { &out2("roll",@_); } +sub main'rotr { &out2("rorl",@_); } +sub main'exch { &out2("xchg",@_); } +sub main'cmp { &out2("cmpl",@_); } +sub main'jmp { &out1("jmp",@_); } +sub main'je { &out1("je",@_); } +sub main'jne { &out1("jne",@_); } +sub main'jnz { &out1("jnz",@_); } +sub main'jz { &out1("jz",@_); } +sub main'dec { &out1("decl",@_); } +sub main'push { &out1("pushl",@_); } +sub main'call { &out1("call",$under.$_[0]); } + + +sub out2 + { + local($name,$p1,$p2)=@_; + local($l,$ll,$t); + + print "\t$name\t"; + $t=&conv($p2).","; + $l=length($t); + print $t; + $ll=4-($l+9)/8; + print "\t" x $ll; + print &conv($p1); + print "\n"; + } + +sub out1 + { + local($name,$p1)=@_; + local($l,$t); + + print "\t$name\t"; + print &conv($p1); + print "\n"; + } + +sub conv + { + local($p)=@_; + +# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; + + $p=$regs{$p} if (defined($regs{$p})); + + $p =~ s/^([0-9A-Fa-f]+)$/\$$1/; + $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/; + return $p; + } + +sub main'file + { + local($file)=@_; + + print <<"EOF"; + .file "$file.s" + .version "01.01" +gcc2_compiled.: +EOF + } + +sub main'function_begin + { + local($func,$num)=@_; + + $params=$num*4; + + $func=$under.$func; + + print <<"EOF"; +.text + .align $align +.globl $func +EOF + if ($main'cpp) + { printf("\tTYPE($func,\@function)\n"); } + else { printf("\t.type $func,\@function\n"); } + print <<"EOF"; +$func: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + +EOF + $stack=20; + } + +sub main'function_end + { + local($func)=@_; + + $func=$under.$func; + + print <<"EOF"; + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.${func}_end: +EOF + if ($main'cpp) + { printf("\tSIZE($func,.${func}_end-$func)\n"); } + else { printf("\t.size\t$func,.${func}_end-$func\n"); } + print ".ident \"desasm.pl\"\n"; + $stack=0; + %label=(); + } + +sub main'function_end_A + { + local($func)=@_; + + print <<"EOF"; + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +EOF + } + +sub main'function_end_B + { + local($func)=@_; + + $func=$under.$func; + + print <<"EOF"; +.${func}_end: +EOF + if ($main'cpp) + { printf("\tSIZE($func,.${func}_end-$func)\n"); } + else { printf("\t.size\t$func,.${func}_end-$func\n"); } + print ".ident \"desasm.pl\"\n"; + $stack=0; + %label=(); + } + +sub main'wparam + { + local($num)=@_; + + return(&main'DWP($stack+$num*4,"esp","",0)); + } + +sub main'wtmp_b + { + local($num,$b)=@_; + + return(&main'BP(-(($num+1)*4)+$b,"esp","",0)); + } + +sub main'wtmp + { + local($num)=@_; + + return(&main'DWP(-($num+1)*4,"esp","",0)); + } + +sub main'comment + { + foreach (@_) + { + if (/^\s*$/) + { print "\n"; } + else + { print "\t$com_start $_ $com_end\n"; } + } + } + +sub main'label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}=".${label}${_[0]}"; + $label++; + } + return($label{$_[0]}); + } + +sub main'set_label + { + if (!defined($label{$_[0]})) + { + $label{$_[0]}=".${label}${_[0]}"; + $label++; + } + print ".align $align\n"; + print "$label{$_[0]}:\n"; + } + +sub main'file_end + { + } diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..64a005a18616a3ee9918cc316316dd7f06157014 --- /dev/null +++ b/crypto/pkcs7/Makefile.ssl @@ -0,0 +1,86 @@ +# +# SSLeay/crypto/asn1/Makefile +# + +DIR= pkcs7 +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=pkcs7 +ERRC=pkcs7err +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c +LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o + +SRC= $(LIBSRC) + +EXHEADER= pkcs7.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +test: + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/pkcs7/README b/crypto/pkcs7/README new file mode 100644 index 0000000000000000000000000000000000000000..27001c69707c09d1c285e3627e3abc5377b705de --- /dev/null +++ b/crypto/pkcs7/README @@ -0,0 +1,5 @@ +WARNING + +Everything in this directory is experimental and is subject to change. + +Do not rely on the stuff in here not changing in the next release diff --git a/crypto/pkcs7/doc b/crypto/pkcs7/doc new file mode 100644 index 0000000000000000000000000000000000000000..d2e8b7b2a3df243f0a0b556acb455098f38fc9de --- /dev/null +++ b/crypto/pkcs7/doc @@ -0,0 +1,24 @@ +int PKCS7_set_content_type(PKCS7 *p7, int type); +Call to set the type of PKCS7 object we are working on + +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + EVP_MD *dgst); +Use this to setup a signer info +There will also be functions to add signed and unsigned attributes. + +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +Add a signer info to the content. + +int PKCS7_add_certificae(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); + +---- + +p7=PKCS7_new(); +PKCS7_set_content_type(p7,NID_pkcs7_signed); + +signer=PKCS7_SINGNER_INFO_new(); +PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5()); +PKCS7_add_signer(py,signer); + +we are now setup. diff --git a/crypto/pkcs7/mf.p7 b/crypto/pkcs7/mf.p7 new file mode 100644 index 0000000000000000000000000000000000000000..524335b4b30d6a1518bb89cc800ed0213c2ab1dd --- /dev/null +++ b/crypto/pkcs7/mf.p7 @@ -0,0 +1,18 @@ +-----BEGIN PKCS7----- +MIAGCSqGSIb3DQEHAqCAMIIC2QIBATEMMAoGCCqGSIb3DQIFMIAGCSqGSIb3DQEH +AQAAoIIB7TCCAekwggFSAgEAMA0GCSqGSIb3DQEBBAUAMFsxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIEwpRdWVlbnNsYW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0 +ZDEbMBkGA1UEAxMSVGVzdCBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0NloX +DTk4MDYwOTEzNTc0NlowYzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xh +bmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYDVQQDExpTZXJ2ZXIg +dGVzdCBjZXJ0ICg1MTIgYml0KTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCfs8OE +J5X/EjFSDxXvRhHErYDmNlsP3YDXYY3g/HJFCTT+VWZFQ0xol2r+qKCl3194/+7X +ZLg/BMtv/yr+/rntAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAeEzEdgr2nChPcALL +vY8gl/GIlpoAjPmKD+pLeGZI9s+SEX5u1q8nCrJ6ZzkfrRnqgI5Anmev9+qPZfdU +bz5zdVSf4sUL9nX9ChXjK9NCJA3UzQHSFqhZErGUwGNkAHYHp2+zAdY6Ho6rmMzt +g0CDu/sKR4qzm6REsQGS8kgpjz4xgcUwgcICAQEwYDBbMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx +GzAZBgNVBAMTElRlc3QgQ0EgKDEwMjQgYml0KQIBADAKBggqhkiG9w0CBTANBgkq +hkiG9w0BAQQFAARALnrxJiOX9XZf2D+3vL8SKMQmMq55LltomwOLGUru/q1uVXzi +ARg7FSCegOpA1nunsTURMUGgrPXKK4XmL4IseQAAAAA= +-----END PKCS7----- diff --git a/crypto/pkcs7/p7.tst b/crypto/pkcs7/p7.tst new file mode 100644 index 0000000000000000000000000000000000000000..6d14dce1634ec49a1879e62129f0edfa5f430a79 --- /dev/null +++ b/crypto/pkcs7/p7.tst @@ -0,0 +1,33 @@ +-----BEGIN PKCS7----- +MIAGCSqGSIb3DQEHAqCAMIIFsQIBATELMAkGBSsOAwIaBQAwgAYJKoZIhvcNAQcB +AACgggQdMIICJTCCAc+gAwIBAgIBIjANBgkqhkiG9w0BAQQFADCBgjELMAkGA1UE +BhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRow +GAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEUMBIGA1UECxMLZGV2ZWxvcG1lbnQx +GTAXBgNVBAMTEENyeXB0U29mdCBEZXYgQ0EwHhcNOTcwNjEzMTgxMDE3WhcNOTgw +NjEzMTgxMDE3WjCBiDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEU +MBIGA1UECxMLSUlTIHRlc3RpbmcxDjAMBgNVBAMTBXRlc3QxMQ8wDQYJKoZIhvcN +AQkBFgAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxtWiv59VH42+rotrmFAyDxTc +J2osFt5uy/zEllx3vvjtwewqQxGUOwf6cjqFOTrnpEdVvwywpEhIQ5364bJqIwID +AQABoygwJjAkBglghkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0G +CSqGSIb3DQEBBAUAA0EAMnYkNV2AdpeHPy/qlcdZx6MDGIJgrLhklhcn6Or6KiAP +t9+nv9XdOGHyMyQr9ufsweuQfAgJ9yjKPZR2/adTjTCCAfAwggGaAgEAMA0GCSqG +SIb3DQEBBAUAMIGCMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDER +MA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRQw +EgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UEAxMQQ3J5cHRTb2Z0IERldiBDQTAe +Fw05NzAzMjIxMzM0MDRaFw05ODAzMjIxMzM0MDRaMIGCMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoT +EUNyeXB0U29mdCBQdHkgTHRkMRQwEgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UE +AxMQQ3J5cHRTb2Z0IERldiBDQTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDgDgKq +IBuUMAJi4c8juAqEZ8f8FcuDWT+HcScvNztRJy9K8DnbGpiSrzzix4El6N4A7vbl +crwn/0CZmQJguZpfAgMBAAEwDQYJKoZIhvcNAQEEBQADQQA0UUvxlXXe6wKkVukn +ZoCyXbjlNsqt2rwbvfZEam6fQP3S7uq+o1Pnj+KDgE33WxWbQAA9h8fY1LWN7X3a +yTm/MYIBbTCCAWkCAQEwgYgwgYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVl +bnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0 +eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQg +RGV2IENBAgEiMAkGBSsOAwIaBQCgfTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB +MCMGCSqGSIb3DQEJBDEWBBSUVhbGkNE+KGqpOK13+FkfOkaoizAcBgkqhkiG9w0B +CQUxDxcNOTcwNzAxMDE0MzM0WjAeBgkqhkiG9w0BCQ8xETAPMA0GCCqGSIb3DQMC +AgEoMA0GCSqGSIb3DQEBAQUABECa9Jpo4w/fZOc3Vy78wZFAVF8kvpn7il99Ldsr +AQ4JiBmcfiSwEBBY6WuKT+/SYtFwZl1oXkTwB5AVCFIC/IFNAAAAAA== +-----END PKCS7----- diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c new file mode 100644 index 0000000000000000000000000000000000000000..fa562a48165cc8cf570a0b584f390a382f2a29a2 --- /dev/null +++ b/crypto/pkcs7/pk7_dgst.c @@ -0,0 +1,66 @@ +/* crypto/pkcs7/pk7_dgst.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "rand.h" +#include "objects.h" +#include "x509.h" +#include "pkcs7.h" + diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c new file mode 100644 index 0000000000000000000000000000000000000000..32a2a45226c87ba9af0eef6d23c032f7201ba366 --- /dev/null +++ b/crypto/pkcs7/pk7_doit.c @@ -0,0 +1,327 @@ +/* crypto/pkcs7/pk7_doit.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "objects.h" +#include "x509.h" + +BIO *PKCS7_dataInit(p7,bio) +PKCS7 *p7; +BIO *bio; + { + int i,j; + BIO *out=NULL,*btmp; + X509_ALGOR *xa; + EVP_MD *evp_md; + + i=OBJ_obj2nid(p7->type); + p7->state=PKCS7_S_HEADER; + + switch (i) + { + case NID_pkcs7_signed: + for (i=0; id.sign->md_algs); i++) + { + xa=(X509_ALGOR *)sk_value(p7->d.sign->md_algs,i); + if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err; + + j=OBJ_obj2nid(xa->algorithm); + evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); + if (evp_md == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp,evp_md); + if (out == NULL) + out=btmp; + else + BIO_push(out,btmp); + } + break; + default: + PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + if (bio == NULL) + { + if (p7->detached) + bio=BIO_new(BIO_s_null()); + else + { + bio=BIO_new(BIO_s_mem()); + if (PKCS7_type_is_signed(p7) && + PKCS7_type_is_data(p7->d.sign->contents)) + { + ASN1_OCTET_STRING *os; + + os=p7->d.sign->contents->d.data; + if (os->length > 0) + BIO_write(bio,os->data,os->length); + } + } + } + BIO_push(out,bio); + return(out); +err: + return(NULL); + } + +int PKCS7_dataSign(p7,bio) +PKCS7 *p7; +BIO *bio; + { + int ret=0; + int i,j; + BIO *btmp; + BUF_MEM *buf_mem=NULL; + BUF_MEM *buf=NULL; + PKCS7_SIGNER_INFO *si; + EVP_MD_CTX *mdc,ctx_tmp; + STACK *sk; + unsigned char *p,*pp=NULL; + int x; + + i=OBJ_obj2nid(p7->type); + p7->state=PKCS7_S_HEADER; + + switch (i) + { + case NID_pkcs7_signed: + + if ((buf=BUF_MEM_new()) == NULL) goto err; + for (i=0; id.sign->signer_info); i++) + { + si=(PKCS7_SIGNER_INFO *) + sk_value(p7->d.sign->signer_info,i); + if (si->pkey == NULL) + continue; + j=OBJ_obj2nid(si->digest_enc_alg->algorithm); + + btmp=bio; + for (;;) + { + if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) + == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + goto err; + } + BIO_get_md_ctx(btmp,&mdc); + if (mdc == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_INTERNAL_ERROR); + goto err; + } + if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j) + break; + else + btmp=btmp->next_bio; + } + + /* We now have the EVP_MD_CTX, lets do the + * signing. */ + memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp)); + if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) + goto err; + + sk=si->auth_attr; + if ((sk != NULL) && (sk_num(sk) != 0)) + { + x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, + V_ASN1_SET,V_ASN1_UNIVERSAL); + pp=(unsigned char *)Malloc(i); + p=pp; + i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, + V_ASN1_SET,V_ASN1_UNIVERSAL); + EVP_SignUpdate(&ctx_tmp,pp,x); + Free(pp); + } + + if (!EVP_SignFinal(&ctx_tmp,buf->data, + (unsigned int *)&buf->length,si->pkey)) + goto err; + if (!ASN1_STRING_set(si->enc_digest, + (unsigned char *)buf->data,buf->length)) + goto err; + + } + if (p7->detached) + PKCS7_content_free(p7->d.sign->contents); + else + { + btmp=BIO_find_type(bio,BIO_TYPE_MEM); + if (btmp == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; + } + BIO_get_mem_ptr(btmp,&buf_mem); + ASN1_OCTET_STRING_set(p7->d.sign->contents->d.data, + (unsigned char *)buf_mem->data,buf_mem->length); + } + if (pp != NULL) Free(pp); + pp=NULL; + break; + default: + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + if (p7->detached) + { + + } + ret=1; +err: + if (buf != NULL) BUF_MEM_free(buf); + return(ret); + } + +int PKCS7_dataVerify(cert_store,ctx,bio,p7,si) +X509_STORE *cert_store; +X509_STORE_CTX *ctx; +BIO *bio; +PKCS7 *p7; +PKCS7_SIGNER_INFO *si; + { + PKCS7_SIGNED *s; + ASN1_OCTET_STRING *os; + EVP_MD_CTX mdc_tmp,*mdc; + unsigned char *pp,*p; + PKCS7_ISSUER_AND_SERIAL *ias; + int ret=0,md_type,i; + STACK *sk; + BIO *btmp; + X509 *x509; + + if (!PKCS7_type_is_signed(p7)) abort(); + ias=si->issuer_and_serial; + s=p7->d.sign; + + x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial); + + /* were we able to find the cert in passed to us */ + if (x509 == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); + goto err; + } + + /* Lets verify */ + X509_STORE_CTX_init(ctx,cert_store,x509,s->cert); + i=X509_verify_cert(ctx); + if (i <= 0) goto err; + X509_STORE_CTX_cleanup(ctx); + + /* So we like 'x509', lets check the signature. */ + md_type=OBJ_obj2nid(si->digest_alg->algorithm); + + btmp=bio; + for (;;) + { + if ((btmp == NULL) || + ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) + { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + goto err; + } + BIO_get_md_ctx(btmp,&mdc); + if (mdc == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR); + goto err; + } + if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type) + break; + btmp=btmp->next_bio; + } + + /* mdc is the digest ctx that we want */ + memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); + + sk=si->auth_attr; + if ((sk != NULL) && (sk_num(sk) != 0)) + { + i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, + V_ASN1_SET,V_ASN1_UNIVERSAL); + pp=(unsigned char *)malloc(i); + p=pp; + i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, + V_ASN1_SET,V_ASN1_UNIVERSAL); + EVP_VerifyUpdate(&mdc_tmp,pp,i); + free(pp); + } + + os=si->enc_digest; + i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, + X509_get_pubkey(x509)); + if (i <= 0) + { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE); + ret= -1; + goto err; + } + else + ret=1; +err: + return(ret); + } + diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..96a6dd94a89f64bd30b3c9f16e0b9cd77b416993 --- /dev/null +++ b/crypto/pkcs7/pk7_enc.c @@ -0,0 +1,76 @@ +/* crypto/pkcs7/pk7_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "rand.h" +#include "objects.h" +#include "x509.h" +#include "pkcs7.h" + +PKCS7_in_bio(PKCS7 *p7,BIO *in); +PKCS7_out_bio(PKCS7 *p7,BIO *out); + +PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key); +PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher); + +PKCS7_Init(PKCS7 *p7); +PKCS7_Update(PKCS7 *p7); +PKCS7_Finish(PKCS7 *p7); + diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..aac133e639fe0eb93fb7140b43c9ad29bfc3a1eb --- /dev/null +++ b/crypto/pkcs7/pk7_lib.c @@ -0,0 +1,343 @@ +/* crypto/pkcs7/pk7_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "objects.h" +#include "x509.h" + +long PKCS7_ctrl(p7,cmd,larg,parg) +PKCS7 *p7; +int cmd; +long larg; +char *parg; + { + int nid; + long ret; + + nid=OBJ_obj2nid(p7->type); + + switch (cmd) + { + case PKCS7_OP_SET_DETACHED_SIGNATURE: + if (nid == NID_pkcs7_signed) + { + ret=p7->detached=(int)larg; + } + else + { + PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret=0; + } + break; + case PKCS7_OP_GET_DETACHED_SIGNATURE: + if (nid == NID_pkcs7_signed) + { + ret=p7->detached; + } + else + { + PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret=0; + } + + break; + default: + abort(); + } + return(ret); + } + +int PKCS7_content_new(p7,type) +PKCS7 *p7; +int type; + { + PKCS7 *ret=NULL; + + if ((ret=PKCS7_new()) == NULL) goto err; + if (!PKCS7_set_type(ret,type)) goto err; + if (!PKCS7_set_content(p7,ret)) goto err; + + return(1); +err: + if (ret != NULL) PKCS7_free(ret); + return(0); + } + +int PKCS7_set_content(p7,p7_data) +PKCS7 *p7; +PKCS7 *p7_data; + { + int i; + + i=OBJ_obj2nid(p7->type); + switch (i) + { + case NID_pkcs7_signed: + if (p7->d.sign->contents != NULL) + PKCS7_content_free(p7->d.sign->contents); + p7->d.sign->contents=p7_data; + break; + case NID_pkcs7_digest: + case NID_pkcs7_data: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_encrypted: + default: + PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + return(1); +err: + return(0); + } + +int PKCS7_set_type(p7,type) +PKCS7 *p7; +int type; + { + ASN1_OBJECT *obj; + + PKCS7_content_free(p7); + obj=OBJ_nid2obj(type); /* will not fail */ + + switch (type) + { + case NID_pkcs7_signed: + p7->type=obj; + if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) + goto err; + ASN1_INTEGER_set(p7->d.sign->version,1); + break; + case NID_pkcs7_data: + p7->type=obj; + if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL) + goto err; + break; + case NID_pkcs7_digest: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_encrypted: + default: + PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + return(1); +err: + return(0); + } + +int PKCS7_add_signer(p7,psi) +PKCS7 *p7; +PKCS7_SIGNER_INFO *psi; + { + int i,j,nid; + X509_ALGOR *alg; + PKCS7_SIGNED *p7s; + + i=OBJ_obj2nid(p7->type); + if (i != NID_pkcs7_signed) + { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); + return(0); + } + + p7s=p7->d.sign; + + nid=OBJ_obj2nid(psi->digest_alg->algorithm); + + /* If the digest is not currently listed, add it */ + j=0; + for (i=0; imd_algs); i++) + { + alg=(X509_ALGOR *)sk_value(p7s->md_algs,i); + if (OBJ_obj2nid(alg->algorithm) == nid) + { + j=1; + break; + } + } + if (!j) /* we need to add another algorithm */ + { + alg=X509_ALGOR_new(); + alg->algorithm=OBJ_nid2obj(nid); + sk_push(p7s->md_algs,(char *)alg); + } + + sk_push(p7s->signer_info,(char *)psi); + return(1); + } + +int PKCS7_add_certificate(p7,x509) +PKCS7 *p7; +X509 *x509; + { + int i; + + i=OBJ_obj2nid(p7->type); + if (i != NID_pkcs7_signed) + { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); + return(0); + } + + if (p7->d.sign->cert == NULL) + p7->d.sign->cert=sk_new_null(); + CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); + sk_push(p7->d.sign->cert,(char *)x509); + return(1); + } + +int PKCS7_add_crl(p7,crl) +PKCS7 *p7; +X509_CRL *crl; + { + int i; + i=OBJ_obj2nid(p7->type); + if (i != NID_pkcs7_signed) + { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); + return(0); + } + + if (p7->d.sign->crl == NULL) + p7->d.sign->crl=sk_new_null(); + + CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); + sk_push(p7->d.sign->crl,(char *)crl); + return(1); + } + +int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst) +PKCS7_SIGNER_INFO *p7i; +X509 *x509; +EVP_PKEY *pkey; +EVP_MD *dgst; + { + /* We now need to add another PKCS7_SIGNER_INFO entry */ + ASN1_INTEGER_set(p7i->version,1); + X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509)); + + /* because ASN1_INTEGER_set is used to set a 'long' we will do + * things the ugly way. */ + ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + p7i->issuer_and_serial->serial= + ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + + /* lets keep the pkey around for a while */ + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + p7i->pkey=pkey; + + /* Set the algorithms */ + p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst)); + +#if 1 + if (p7i->digest_enc_alg->parameter != NULL) + ASN1_TYPE_free(p7i->digest_enc_alg->parameter); + if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; +#endif + + + return(1); +err: + return(0); + } + +PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst) +PKCS7 *p7; +X509 *x509; +EVP_PKEY *pkey; +EVP_MD *dgst; + { + PKCS7_SIGNER_INFO *si; + + if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; + if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; + if (!PKCS7_add_signer(p7,si)) goto err; + return(si); +err: + return(NULL); + } + +STACK *PKCS7_get_signer_info(p7) +PKCS7 *p7; + { + if (PKCS7_type_is_signed(p7)) + { + return(p7->d.sign->signer_info); + } + else + return(NULL); + } + +X509 *PKCS7_cert_from_signer_info(p7,si) +PKCS7 *p7; +PKCS7_SIGNER_INFO *si; + { + if (PKCS7_type_is_signed(p7)) + return(X509_find_by_issuer_and_serial(p7->d.sign->cert, + si->issuer_and_serial->issuer, + si->issuer_and_serial->serial)); + else + return(NULL); + } + diff --git a/crypto/pkcs7/pkcs7.err b/crypto/pkcs7/pkcs7.err new file mode 100644 index 0000000000000000000000000000000000000000..500f9b3de4ac536da8e7a251a6fde371a26c0c98 --- /dev/null +++ b/crypto/pkcs7/pkcs7.err @@ -0,0 +1,21 @@ +/* Error codes for the PKCS7 functions. */ + +/* Function codes. */ +#define PKCS7_F_PKCS7_ADD_SIGNER 100 +#define PKCS7_F_PKCS7_CTRL 101 +#define PKCS7_F_PKCS7_DATAFINAL 102 +#define PKCS7_F_PKCS7_DATAINIT 103 +#define PKCS7_F_PKCS7_DATAVERIFY 104 +#define PKCS7_F_PKCS7_SET_CONTENT 105 +#define PKCS7_F_PKCS7_SET_TYPE 106 + +/* Reason codes. */ +#define PKCS7_R_INTERNAL_ERROR 100 +#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 101 +#define PKCS7_R_SIGNATURE_FAILURE 102 +#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 103 +#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 104 +#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 105 +#define PKCS7_R_UNKNOWN_DIGEST_TYPE 106 +#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 107 +#define PKCS7_R_WRONG_CONTENT_TYPE 108 diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h new file mode 100644 index 0000000000000000000000000000000000000000..061f1f07094284c7605db375f667c2f05a72785c --- /dev/null +++ b/crypto/pkcs7/pkcs7.h @@ -0,0 +1,416 @@ +/* crypto/pkcs7/pkcs7.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PKCS7_H +#define HEADER_PKCS7_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "bio.h" +#include "x509.h" + +/* +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st + { + X509_NAME *issuer; + ASN1_INTEGER *serial; + } PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st + { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK /* X509_ATTRIBUTE */ *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK /* X509_ATTRIBUTE */ *unauth_attr; /* [ 1 ] */ + + /* The private key to sign with */ + EVP_PKEY *pkey; + } PKCS7_SIGNER_INFO; + +typedef struct pkcs7_recip_info_st + { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + } PKCS7_RECIP_INFO; + +typedef struct pkcs7_signed_st + { + ASN1_INTEGER *version; /* version 1 */ + STACK /* X509_ALGOR's */ *md_algs; /* md used */ + struct pkcs7_st *contents; + STACK /* X509 */ *cert; /* [ 0 ] */ + STACK /* X509_CRL */ *crl; /* [ 1 ] */ + STACK /* PKCS7_SIGNER_INFO */ *signer_info; + } PKCS7_SIGNED; +/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. + * How about merging the two */ + +typedef struct pkcs7_enc_content_st + { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + } PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st + { + ASN1_INTEGER *version; /* version 0 */ + STACK /* PKCS7_RECIP_INFO */ *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; + } PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st + { + ASN1_INTEGER *version; /* version 1 */ + STACK /* PKCS7_RECIP_INFO */ *recipientinfo; + STACK /* X509_ALGOR's */ *md_algs; /* md used */ + PKCS7_ENC_CONTENT *enc_data; + STACK /* X509 */ *cert; /* [ 0 ] */ + STACK /* X509_CRL */ *crl; /* [ 1 ] */ + STACK /* PKCS7_SIGNER_INFO */ *signer_info; + } PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st + { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; + } PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st + { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; + } PKCS7_ENCRYPT; + +typedef struct pkcs7_st + { + /* The following is non NULL if it contains ASN1 encoding of + * this structure */ + unsigned char *asn1; + long length; + +#define PKCS7_S_HEADER 0 +#define PKCS7_S_BODY 1 +#define PKCS7_S_TAIL 2 + int state; /* used during processing */ + + int detached; + + ASN1_OBJECT *type; + /* content as defined by the type */ + /* all encryption/message digests are applied to the 'contents', + * leaving out the 'type' field. */ + union { + char *ptr; + + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + } d; + } PKCS7; + +#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) + +#define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +#define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +#ifndef NOPROTO +PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void ); +void PKCS7_ISSUER_AND_SERIAL_free( + PKCS7_ISSUER_AND_SERIAL *a); +int i2d_PKCS7_ISSUER_AND_SERIAL( + PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp); +PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL( + PKCS7_ISSUER_AND_SERIAL **a, + unsigned char **pp, long length); + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type, + unsigned char *md,unsigned int *len); + +PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void); +void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a); +int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, + unsigned char **pp); +PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, + unsigned char **pp,long length); + +PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void); +void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a); +int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, + unsigned char **pp); +PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, + unsigned char **pp,long length); + +PKCS7_SIGNED *PKCS7_SIGNED_new(void); +void PKCS7_SIGNED_free(PKCS7_SIGNED *a); +int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, + unsigned char **pp); +PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, + unsigned char **pp,long length); + +PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void); +void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a); +int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, + unsigned char **pp); +PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, + unsigned char **pp,long length); + +PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void); +void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a); +int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, + unsigned char **pp); +PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, + unsigned char **pp,long length); + +PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void); +void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a); +int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, + unsigned char **pp); +PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, + unsigned char **pp,long length); + +PKCS7_DIGEST *PKCS7_DIGEST_new(void); +void PKCS7_DIGEST_free(PKCS7_DIGEST *a); +int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, + unsigned char **pp); +PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, + unsigned char **pp,long length); + +PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void); +void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a); +int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, + unsigned char **pp); +PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, + unsigned char **pp,long length); + +PKCS7 *PKCS7_new(void); +void PKCS7_free(PKCS7 *a); +void PKCS7_content_free(PKCS7 *a); +int i2d_PKCS7(PKCS7 *a, + unsigned char **pp); +PKCS7 *d2i_PKCS7(PKCS7 **a, + unsigned char **pp,long length); + +void ERR_load_PKCS7_strings(void); + +#ifndef WIN16 +PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7); +int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); +#endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7); +int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + EVP_MD *dgst); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataSign(PKCS7 *p7, BIO *bio); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +/*int PKCS7_DataFinal(PKCS7 *p7, BIO *bio); */ + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +STACK *PKCS7_get_signer_info(PKCS7 *p7); + +#else + +PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(); +void PKCS7_ISSUER_AND_SERIAL_free(); +int i2d_PKCS7_ISSUER_AND_SERIAL(); +PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(); + +int PKCS7_ISSUER_AND_SERIAL_digest(); + +PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(); +void PKCS7_SIGNER_INFO_free(); +int i2d_PKCS7_SIGNER_INFO(); +PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(); +PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(); +void PKCS7_RECIP_INFO_free(); +int i2d_PKCS7_RECIP_INFO(); +PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(); +PKCS7_SIGNED *PKCS7_SIGNED_new(); +void PKCS7_SIGNED_free(); +int i2d_PKCS7_SIGNED(); +PKCS7_SIGNED *d2i_PKCS7_SIGNED(); +PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(); +void PKCS7_ENC_CONTENT_free(); +int i2d_PKCS7_ENC_CONTENT(); +PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(); +PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(); +void PKCS7_ENVELOPE_free(); +int i2d_PKCS7_ENVELOPE(); +PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(); +PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(); +void PKCS7_SIGN_ENVELOPE_free(); +int i2d_PKCS7_SIGN_ENVELOPE(); +PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(); +PKCS7_DIGEST *PKCS7_DIGEST_new(); +void PKCS7_DIGEST_free(); +int i2d_PKCS7_DIGEST(); +PKCS7_DIGEST *d2i_PKCS7_DIGEST(); +PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(); +void PKCS7_ENCRYPT_free(); +int i2d_PKCS7_ENCRYPT(); +PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(); +PKCS7 *PKCS7_new(); +void PKCS7_free(); +void PKCS7_content_free(); +int i2d_PKCS7(); +PKCS7 *d2i_PKCS7(); + +void ERR_load_PKCS7_strings(); + +#ifndef WIN16 +PKCS7 *d2i_PKCS7_fp(); +int i2d_PKCS7_fp(); +#endif +PKCS7 *PKCS7_dup(); +PKCS7 *d2i_PKCS7_bio(); +int i2d_PKCS7_bio(); +long PKCS7_ctrl(); +int PKCS7_set_type(); +int PKCS7_set_content(); +int PKCS7_SIGNER_INFO_set(); +int PKCS7_add_signer(); +int PKCS7_add_certificate(); +int PKCS7_add_crl(); +int PKCS7_content_new(); +int PKCS7_dataSign(); +int PKCS7_dataVerify(); +BIO *PKCS7_dataInit(); +PKCS7_SIGNER_INFO *PKCS7_add_signature(); +X509 *PKCS7_cert_from_signer_info(); +STACK *PKCS7_get_signer_info(); + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the PKCS7 functions. */ + +/* Function codes. */ +#define PKCS7_F_PKCS7_ADD_SIGNER 100 +#define PKCS7_F_PKCS7_CTRL 101 +#define PKCS7_F_PKCS7_DATAFINAL 102 +#define PKCS7_F_PKCS7_DATAINIT 103 +#define PKCS7_F_PKCS7_DATAVERIFY 104 +#define PKCS7_F_PKCS7_SET_CONTENT 105 +#define PKCS7_F_PKCS7_SET_TYPE 106 + +/* Reason codes. */ +#define PKCS7_R_INTERNAL_ERROR 100 +#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 101 +#define PKCS7_R_SIGNATURE_FAILURE 102 +#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 103 +#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 104 +#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 105 +#define PKCS7_R_UNKNOWN_DIGEST_TYPE 106 +#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 107 +#define PKCS7_R_WRONG_CONTENT_TYPE 108 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c new file mode 100644 index 0000000000000000000000000000000000000000..851691da6a77d669456f94da670101e65f3934dc --- /dev/null +++ b/crypto/pkcs7/pkcs7err.c @@ -0,0 +1,99 @@ +/* lib/pkcs7/pkcs7_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "pkcs7.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA PKCS7_str_functs[]= + { +{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, +{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, +{ERR_PACK(0,PKCS7_F_PKCS7_DATAFINAL,0), "PKCS7_DATAFINAL"}, +{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, +{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, +{0,NULL}, + }; + +static ERR_STRING_DATA PKCS7_str_reasons[]= + { +{PKCS7_R_INTERNAL_ERROR ,"internal error"}, +{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, +{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, +{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, +{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, +{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, +{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, +{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, +{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, +{0,NULL}, + }; + +void ERR_load_PKCS7_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); + ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); + } + } diff --git a/crypto/pkcs7/server.pem b/crypto/pkcs7/server.pem new file mode 100644 index 0000000000000000000000000000000000000000..750aac20946851fdafd421f4fe6ba02eefbfa014 --- /dev/null +++ b/crypto/pkcs7/server.pem @@ -0,0 +1,24 @@ +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) +-----BEGIN CERTIFICATE----- +MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5 +MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl +cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP +Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// +Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW +mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i +xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH +irObpESxAZLySCmPPg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD +TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu +OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj +gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz +rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b +PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA +vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= +-----END RSA PRIVATE KEY----- diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c new file mode 100644 index 0000000000000000000000000000000000000000..9400fe30ba235208fd56d50a23c89b7eedca9a8f --- /dev/null +++ b/crypto/pkcs7/sign.c @@ -0,0 +1,83 @@ +#include +#include "bio.h" +#include "x509.h" +#include "pem.h" + +main(argc,argv) +int argc; +char *argv[]; + { + X509 *x509; + EVP_PKEY *pkey; + PKCS7 *p7; + PKCS7 *p7_data; + PKCS7_SIGNER_INFO *si; + BIO *in; + BIO *data,*p7bio; + char buf[1024*4]; + int i,j; + int nodetach=0; + + EVP_add_digest(EVP_md2()); + EVP_add_digest(EVP_md5()); + EVP_add_digest(EVP_sha1()); + EVP_add_digest(EVP_mdc2()); + + data=BIO_new(BIO_s_file()); +again: + if (argc > 1) + { + if (strcmp(argv[1],"-nd") == 0) + { + nodetach=1; + argv++; argc--; + goto again; + } + if (!BIO_read_filename(data,argv[1])) + goto err; + } + else + BIO_set_fp(data,stdin,BIO_NOCLOSE); + + if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; + if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err; + BIO_reset(in); + if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; + BIO_free(in); + + p7=PKCS7_new(); + PKCS7_set_type(p7,NID_pkcs7_signed); + + if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; + + /* we may want to add more */ + PKCS7_add_certificate(p7,x509); + + /* Set the content of the signed to 'data' */ + PKCS7_content_new(p7,NID_pkcs7_data); + + if (!nodetach) + PKCS7_set_detached(p7,1); + + if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; + + for (;;) + { + i=BIO_read(data,buf,sizeof(buf)); + if (i <= 0) break; + BIO_write(p7bio,buf,i); + } + + if (!PKCS7_dataSign(p7,p7bio)) goto err; + BIO_free(p7bio); + + PEM_write_PKCS7(stdout,p7); + PKCS7_free(p7); + + exit(0); +err: + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + exit(1); + } + diff --git a/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c new file mode 100644 index 0000000000000000000000000000000000000000..bce20ee20fd8dc118518bffb5a9773301b9943f9 --- /dev/null +++ b/crypto/pkcs7/verify.c @@ -0,0 +1,181 @@ +#include +#include "asn1.h" +#include "bio.h" +#include "x509.h" +#include "pem.h" + +int verify_callback(int ok, X509_STORE_CTX *ctx); + +BIO *bio_err=NULL; + +main(argc,argv) +int argc; +char *argv[]; + { + X509 *x509,*x; + PKCS7 *p7; + PKCS7_SIGNED *s; + PKCS7_SIGNER_INFO *si; + PKCS7_ISSUER_AND_SERIAL *ias; + X509_STORE_CTX cert_ctx; + X509_STORE *cert_store=NULL; + X509_LOOKUP *lookup=NULL; + BIO *data,*detached=NULL,*p7bio=NULL; + char buf[1024*4]; + unsigned char *p,*pp; + int i,j,printit=0; + STACK *sk; + + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + EVP_add_digest(EVP_md2()); + EVP_add_digest(EVP_md5()); + EVP_add_digest(EVP_sha1()); + EVP_add_digest(EVP_mdc2()); + + data=BIO_new(BIO_s_file()); +again: + pp=NULL; + while (argc > 1) + { + argc--; + argv++; + if (strcmp(argv[0],"-p") == 0) + { + printit=1; + } + else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) + { + detached=BIO_new(BIO_s_file()); + if (!BIO_read_filename(detached,argv[1])) + goto err; + argc--; + argv++; + } + else + { + pp=argv[0]; + if (!BIO_read_filename(data,argv[0])) + goto err; + } + } + + if (pp == NULL) + BIO_set_fp(data,stdin,BIO_NOCLOSE); + + + /* Load the PKCS7 object from a file */ + if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err; + + /* This stuff is being setup for certificate verification. + * When using SSL, it could be replaced with a + * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ + cert_store=X509_STORE_new(); + X509_STORE_set_default_paths(cert_store); + X509_STORE_load_locations(cert_store,NULL,"../../certs"); + X509_STORE_set_verify_cb_func(cert_store,verify_callback); + + ERR_clear_errors(); + + /* We need to process the data */ + if (PKCS7_get_detached(p7)) + { + if (detached == NULL) + { + printf("no data to verify the signature on\n"); + exit(1); + } + else + p7bio=PKCS7_dataInit(p7,detached); + } + else + { + p7bio=PKCS7_dataInit(p7,NULL); + } + + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) + { + i=BIO_read(p7bio,buf,sizeof(buf)); + /* print it? */ + if (i <= 0) break; + } + + /* We can now verify signatures */ + sk=PKCS7_get_signer_info(p7); + if (sk == NULL) + { + printf("there are no signatures on this data\n"); + exit(1); + } + + /* Ok, first we need to, for each subject entry, see if we can verify */ + for (i=0; ierror) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + BIO_printf(bio_err,"issuer= %s\n",buf); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err,"notBefore="); + ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err,"notAfter="); + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + } + BIO_printf(bio_err,"verify return:%d\n",ok); + return(ok); + } diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..d04f0a9b43ba258c6a9cfaea1feafa0ebe64a99a --- /dev/null +++ b/crypto/rand/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/rand/Makefile +# + +DIR= rand +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= randtest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=md_rand.c randfile.c +LIBOBJ=md_rand.o randfile.o + +SRC= $(LIBSRC) + +EXHEADER= rand.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c new file mode 100644 index 0000000000000000000000000000000000000000..6c8e65a05cc81c94e57c4eb40d5b76aab60b0150 --- /dev/null +++ b/crypto/rand/md_rand.c @@ -0,0 +1,406 @@ +/* crypto/rand/md_rand.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include + + +#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +#ifndef NO_MD5 +#define USE_MD5_RAND +#elif !defined(NO_SHA1) +#define USE_SHA1_RAND +#elif !defined(NO_MDC2) +#define USE_MDC2_RAND +#elif !defined(NO_MD2) +#define USE_MD2_RAND +#else +We need a message digest of some type +#endif +#endif + +/* Changed how the state buffer used. I now attempt to 'wrap' such + * that I don't run over the same locations the next time go through + * the 1023 bytes - many thanks to + * Robert J. LeBlanc for his comments + */ + +#if defined(USE_MD5_RAND) +#include "md5.h" +#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH +#define MD_CTX MD5_CTX +#define MD_Init(a) MD5_Init(a) +#define MD_Update(a,b,c) MD5_Update(a,b,c) +#define MD_Final(a,b) MD5_Final(a,b) +#elif defined(USE_SHA1_RAND) +#include "sha.h" +#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH +#define MD_CTX SHA_CTX +#define MD_Init(a) SHA1_Init(a) +#define MD_Update(a,b,c) SHA1_Update(a,b,c) +#define MD_Final(a,b) SHA1_Final(a,b) +#elif defined(USE_MDC2_RAND) +#include "mdc2.h" +#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH +#define MD_CTX MDC2_CTX +#define MD_Init(a) MDC2_Init(a) +#define MD_Update(a,b,c) MDC2_Update(a,b,c) +#define MD_Final(a,b) MDC2_Final(a,b) +#elif defined(USE_MD2_RAND) +#include "md2.h" +#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH +#define MD_CTX MD2_CTX +#define MD_Init(a) MD2_Init(a) +#define MD_Update(a,b,c) MD2_Update(a,b,c) +#define MD_Final(a,b) MD2_Final(a,b) +#endif + +#include "rand.h" + +/*#define NORAND 1 */ +/*#define PREDICT 1 */ + +#define STATE_SIZE 1023 +static int state_num=0,state_index=0; +static unsigned char state[STATE_SIZE]; +static unsigned char md[MD_DIGEST_LENGTH]; +static int count=0; + +char *RAND_version="RAND part of SSLeay 0.8.1b 29-Jun-1998"; + +void RAND_cleanup() + { + memset(state,0,STATE_SIZE); + state_num=0; + state_index=0; + memset(md,0,MD_DIGEST_LENGTH); + count=0; + } + +void RAND_seed(buf,num) +unsigned char *buf; +int num; + { + int i,j,k,st_idx,st_num; + MD_CTX m; + +#ifdef NORAND + return; +#endif + + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + st_idx=state_index; + st_num=state_num; + + state_index=(state_index+num); + if (state_index > STATE_SIZE) + { + state_index%=STATE_SIZE; + state_num=STATE_SIZE; + } + else if (state_num < STATE_SIZE) + { + if (state_index > state_num) + state_num=state_index; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + for (i=0; i MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; + + MD_Init(&m); + MD_Update(&m,md,MD_DIGEST_LENGTH); + k=(st_idx+j)-STATE_SIZE; + if (k > 0) + { + MD_Update(&m,&(state[st_idx]),j-k); + MD_Update(&m,&(state[0]),k); + } + else + MD_Update(&m,&(state[st_idx]),j); + + MD_Update(&m,buf,j); + MD_Final(md,&m); + + buf+=j; + + for (k=0; k= STATE_SIZE) + { + st_idx=0; + st_num=STATE_SIZE; + } + } + } + memset((char *)&m,0,sizeof(m)); + } + +void RAND_bytes(buf,num) +unsigned char *buf; +int num; + { + int i,j,k,st_num,st_idx; + MD_CTX m; + static int init=1; + unsigned long l; +#ifdef DEVRANDOM + FILE *fh; +#endif + +#ifdef PREDICT + { + static unsigned char val=0; + + for (i=0; i state_num) + state_index=(state_index%state_num); + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + while (num > 0) + { + j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; + num-=j; + MD_Init(&m); + MD_Update(&m,&(md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2); +#ifndef PURIFY + MD_Update(&m,buf,j); /* purify complains */ +#endif + k=(st_idx+j)-st_num; + if (k > 0) + { + MD_Update(&m,&(state[st_idx]),j-k); + MD_Update(&m,&(state[0]),k); + } + else + MD_Update(&m,&(state[st_idx]),j); + MD_Final(md,&m); + + for (i=0; i= st_num) + st_idx=0; + state[st_idx++]^=md[i]; + *(buf++)=md[i+MD_DIGEST_LENGTH/2]; + } + } + + MD_Init(&m); + MD_Update(&m,(unsigned char *)&count,sizeof(count)); count++; + MD_Update(&m,md,MD_DIGEST_LENGTH); + MD_Final(md,&m); + memset(&m,0,sizeof(m)); + } + +#ifdef WINDOWS +#include +#include + +/***************************************************************************** + * Initialisation function for the SSL random generator. Takes the contents + * of the screen as random seed. + * + * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. + * + * Code adapted from + * ; + * the original copyright message is: + * +// (C) Copyright Microsoft Corp. 1993. All rights reserved. +// +// You have a royalty-free right to use, modify, reproduce and +// distribute the Sample Files (and/or any modified version) in +// any way you find useful, provided that you agree that +// Microsoft has no warranty obligations or liability for any +// Sample Application Files which are modified. + */ +/* + * I have modified the loading of bytes via RAND_seed() mechanism since + * the origional would have been very very CPU intensive since RAND_seed() + * does an MD5 per 16 bytes of input. The cost to digest 16 bytes is the same + * as that to digest 56 bytes. So under the old system, a screen of + * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5 + * digests or digesting 2.7 mbytes. What I have put in place would + * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes + * or about 3.5 times as much. + * - eric + */ +void RAND_screen(void) +{ + HDC hScrDC; /* screen DC */ + HDC hMemDC; /* memory DC */ + HBITMAP hBitmap; /* handle for our bitmap */ + HBITMAP hOldBitmap; /* handle for previous bitmap */ + BITMAP bm; /* bitmap properties */ + unsigned int size; /* size of bitmap */ + char *bmbits; /* contents of bitmap */ + int w; /* screen width */ + int h; /* screen height */ + int y; /* y-coordinate of screen lines to grab */ + int n = 16; /* number of screen lines to grab at a time */ + + /* Create a screen DC and a memory DC compatible to screen DC */ + hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL); + hMemDC = CreateCompatibleDC(hScrDC); + + /* Get screen resolution */ + w = GetDeviceCaps(hScrDC, HORZRES); + h = GetDeviceCaps(hScrDC, VERTRES); + + /* Create a bitmap compatible with the screen DC */ + hBitmap = CreateCompatibleBitmap(hScrDC, w, n); + + /* Select new bitmap into memory DC */ + hOldBitmap = SelectObject(hMemDC, hBitmap); + + /* Get bitmap properties */ + GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); + size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; + + bmbits = Malloc(size); + if (bmbits) { + /* Now go through the whole screen, repeatedly grabbing n lines */ + for (y = 0; y < h-n; y += n) + { + unsigned char md[MD_DIGEST_LENGTH]; + + /* Bitblt screen DC to memory DC */ + BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); + + /* Copy bitmap bits from memory DC to bmbits */ + GetBitmapBits(hBitmap, size, bmbits); + + /* Get the MD5 of the bitmap */ + MD5(bmbits,size,md); + + /* Seed the random generator with the MD5 digest */ + RAND_seed(md, MD_DIGEST_LENGTH); + } + + Free(bmbits); + } + + /* Select old bitmap back into memory DC */ + hBitmap = SelectObject(hMemDC, hOldBitmap); + + /* Clean up */ + DeleteObject(hBitmap); + DeleteDC(hMemDC); + DeleteDC(hScrDC); +} +#endif diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h new file mode 100644 index 0000000000000000000000000000000000000000..99ca47d6cf9e6c1d8a9d5578d0c30e571ee344c5 --- /dev/null +++ b/crypto/rand/rand.h @@ -0,0 +1,92 @@ +/* crypto/rand/rand.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RAND_H +#define HEADER_RAND_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef NOPROTO +void RAND_cleanup(void ); +void RAND_bytes( unsigned char *buf,int num); +void RAND_seed( unsigned char *buf,int num); +int RAND_load_file(char *file,long max_bytes); +int RAND_write_file(char *file); +char *RAND_file_name(char *file,int num); +#ifdef WINDOWS +void RAND_screen(void); +#endif +#else +void RAND_cleanup(); +void RAND_bytes(); +void RAND_seed(); +int RAND_load_file(); +int RAND_write_file(); +char *RAND_file_name(); +#ifdef WINDOWS +void RAND_screen(); +#endif +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c new file mode 100644 index 0000000000000000000000000000000000000000..ad0e55db9047660fffa3906685bb5a0f8c961a27 --- /dev/null +++ b/crypto/rand/randfile.c @@ -0,0 +1,166 @@ +/* crypto/rand/randfile.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include +#include "rand.h" + +#undef BUFSIZE +#define BUFSIZE 1024 +#define RAND_DATA 1024 + +/* #define RFILE ".rand" - defined in ../../e_os.h */ + +int RAND_load_file(file,bytes) +char *file; +long bytes; + { + MS_STATIC unsigned char buf[BUFSIZE]; + struct stat sb; + int i,ret=0,n; + FILE *in; + + if (file == NULL) return(0); + + i=stat(file,&sb); + /* If the state fails, put some crap in anyway */ + RAND_seed((unsigned char *)&sb,sizeof(sb)); + ret+=sizeof(sb); + if (i < 0) return(0); + if (bytes <= 0) return(ret); + + in=fopen(file,"r"); + if (in == NULL) goto err; + for (;;) + { + n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE; + i=fread(buf,1,n,in); + if (i <= 0) break; + /* even if n != i, use the full array */ + RAND_seed(buf,n); + ret+=i; + bytes-=n; + if (bytes <= 0) break; + } + fclose(in); + memset(buf,0,BUFSIZE); +err: + return(ret); + } + +int RAND_write_file(file) +char *file; + { + unsigned char buf[BUFSIZE]; + int i,ret=0; + FILE *out; + int n; + + out=fopen(file,"w"); + if (out == NULL) goto err; + chmod(file,0600); + n=RAND_DATA; + for (;;) + { + i=(n > BUFSIZE)?BUFSIZE:n; + n-=BUFSIZE; + RAND_bytes(buf,i); + i=fwrite(buf,1,i,out); + if (i <= 0) + { + ret=0; + break; + } + ret+=i; + if (n <= 0) break; + } + fclose(out); + memset(buf,0,BUFSIZE); +err: + return(ret); + } + +char *RAND_file_name(buf,size) +char *buf; +int size; + { + char *s; + char *ret=NULL; + + s=getenv("RANDFILE"); + if (s != NULL) + { + strncpy(buf,s,size-1); + buf[size-1]='\0'; + ret=buf; + } + else + { + s=getenv("HOME"); + if (s == NULL) return(RFILE); + if (((int)(strlen(s)+strlen(RFILE)+2)) > size) + return(RFILE); + strcpy(buf,s); + strcat(buf,"/"); + strcat(buf,RFILE); + ret=buf; + } + return(ret); + } diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c new file mode 100644 index 0000000000000000000000000000000000000000..ac3f0d7097722dfd926269fba65aeec6c15eaacb --- /dev/null +++ b/crypto/rand/randtest.c @@ -0,0 +1,207 @@ +/* crypto/rand/randtest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "rand.h" + +/* some FIPS 140-1 random number test */ +/* some simple tests */ + +int main() + { + unsigned char buf[2500]; + int i,j,k,s,sign,nsign,err=0; + unsigned long n1; + unsigned long n2[16]; + unsigned long runs[2][34]; + /*double d; */ + long d; + + RAND_bytes(buf,2500); + + n1=0; + for (i=0; i<16; i++) n2[i]=0; + for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0; + + /* test 1 and 2 */ + sign=0; + nsign=0; + for (i=0; i<2500; i++) + { + j=buf[i]; + + n2[j&0x0f]++; + n2[(j>>4)&0x0f]++; + + for (k=0; k<8; k++) + { + s=(j&0x01); + if (s == sign) + nsign++; + else + { + if (nsign > 34) nsign=34; + if (nsign != 0) + { + runs[sign][nsign-1]++; + if (nsign > 6) + runs[sign][5]++; + } + sign=s; + nsign=1; + } + + if (s) n1++; + j>>=1; + } + } + if (nsign > 34) nsign=34; + if (nsign != 0) runs[sign][nsign-1]++; + + /* test 1 */ + if (!((9654 < n1) && (n1 < 10346))) + { + printf("test 1 failed, X=%ld\n",n1); + err++; + } + printf("test 1 done\n"); + + /* test 2 */ +#ifdef undef + d=0; + for (i=0; i<16; i++) + d+=n2[i]*n2[i]; + d=d*16.0/5000.0-5000.0; + if (!((1.03 < d) && (d < 57.4))) + { + printf("test 2 failed, X=%.2f\n",d); + err++; + } +#endif + d=0; + for (i=0; i<16; i++) + d+=n2[i]*n2[i]; + d=(d*8)/25-500000; + if (!((103 < d) && (d < 5740))) + { + printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L); + err++; + } + printf("test 2 done\n"); + + /* test 3 */ + for (i=0; i<2; i++) + { + if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) + { + printf("test 3 failed, bit=%d run=%d num=%ld\n", + i,1,runs[i][0]); + err++; + } + if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) + { + printf("test 3 failed, bit=%d run=%d num=%ld\n", + i,2,runs[i][1]); + err++; + } + if (!(( 502 < runs[i][2]) && (runs[i][2] < 748))) + { + printf("test 3 failed, bit=%d run=%d num=%ld\n", + i,3,runs[i][2]); + err++; + } + if (!(( 223 < runs[i][3]) && (runs[i][3] < 402))) + { + printf("test 3 failed, bit=%d run=%d num=%ld\n", + i,4,runs[i][3]); + err++; + } + if (!(( 90 < runs[i][4]) && (runs[i][4] < 223))) + { + printf("test 3 failed, bit=%d run=%d num=%ld\n", + i,5,runs[i][4]); + err++; + } + if (!(( 90 < runs[i][5]) && (runs[i][5] < 223))) + { + printf("test 3 failed, bit=%d run=%d num=%ld\n", + i,6,runs[i][5]); + err++; + } + } + printf("test 3 done\n"); + + /* test 4 */ + if (runs[0][33] != 0) + { + printf("test 4 failed, bit=%d run=%d num=%ld\n", + 0,34,runs[0][33]); + err++; + } + if (runs[1][33] != 0) + { + printf("test 4 failed, bit=%d run=%d num=%ld\n", + 1,34,runs[1][33]); + err++; + } + printf("test 4 done\n"); + err=((err)?1:0); + exit(err); + return(err); + } diff --git a/crypto/rc2/Makefile.ssl b/crypto/rc2/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..c5138f13e29b37c649ce1608683447681ebd89df --- /dev/null +++ b/crypto/rc2/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/rc2/Makefile +# + +DIR= rc2 +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=rc2test.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c +LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o + +SRC= $(LIBSRC) + +EXHEADER= rc2.h +HEADER= rc2_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h new file mode 100644 index 0000000000000000000000000000000000000000..0903417fc302ef3146c25138ec88e214c54c26e4 --- /dev/null +++ b/crypto/rc2/rc2.h @@ -0,0 +1,116 @@ +/* crypto/rc2/rc2.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify rc2.org since rc2.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#ifndef HEADER_RC2_H +#define HEADER_RC2_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 + +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int + +#define RC2_BLOCK 8 +#define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st + { + RC2_INT data[64]; + } RC2_KEY; + +#ifndef NOPROTO + +void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits); +void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key, + int enc); +void RC2_encrypt(unsigned long *data,RC2_KEY *key,int enc); +void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, int *num, int enc); +void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, int *num); + +#else + +void RC2_set_key(); +void RC2_ecb_encrypt(); +void RC2_encrypt(); +void RC2_cbc_encrypt(); +void RC2_cfb64_encrypt(); +void RC2_ofb64_encrypt(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/rc2/rc2.org b/crypto/rc2/rc2.org new file mode 100644 index 0000000000000000000000000000000000000000..af9310f13e842abf80fe83950b4c724e2f4bba19 --- /dev/null +++ b/crypto/rc2/rc2.org @@ -0,0 +1,116 @@ +/* crypto/rc2/rc2.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify rc2.org since rc2.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#ifndef HEADER_RC2_H +#define HEADER_RC2_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 + +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned short + +#define RC2_BLOCK 8 +#define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st + { + RC2_INT data[64]; + } RC2_KEY; + +#ifndef NOPROTO + +void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits); +void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key, + int enc); +void RC2_encrypt(unsigned long *data,RC2_KEY *key,int enc); +void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, int *num, int enc); +void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, int *num); + +#else + +void RC2_set_key(); +void RC2_ecb_encrypt(); +void RC2_encrypt(); +void RC2_cbc_encrypt(); +void RC2_cfb64_encrypt(); +void RC2_ofb64_encrypt(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c new file mode 100644 index 0000000000000000000000000000000000000000..24e77593571bd40c662753d0110057bcee062735 --- /dev/null +++ b/crypto/rc2/rc2_cbc.c @@ -0,0 +1,140 @@ +/* crypto/rc2/rc2_cbc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "rc2.h" +#include "rc2_locl.h" + +void RC2_cbc_encrypt(in, out, length, ks, iv, encrypt) +unsigned char *in; +unsigned char *out; +long length; +RC2_KEY *ks; +unsigned char *iv; +int encrypt; + { + register unsigned long tin0,tin1; + register unsigned long tout0,tout1,xor0,xor1; + register long l=length; + unsigned long tin[2]; + + if (encrypt) + { + c2l(iv,tout0); + c2l(iv,tout1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + c2l(in,tin0); + c2l(in,tin1); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + RC2_encrypt(tin,ks,RC2_ENCRYPT); + tout0=tin[0]; l2c(tout0,out); + tout1=tin[1]; l2c(tout1,out); + } + if (l != -8) + { + c2ln(in,tin0,tin1,l+8); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + RC2_encrypt(tin,ks,RC2_ENCRYPT); + tout0=tin[0]; l2c(tout0,out); + tout1=tin[1]; l2c(tout1,out); + } + l2c(tout0,iv); + l2c(tout1,iv); + } + else + { + c2l(iv,xor0); + c2l(iv,xor1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + c2l(in,tin0); tin[0]=tin0; + c2l(in,tin1); tin[1]=tin1; + RC2_encrypt(tin,ks,RC2_DECRYPT); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2c(tout0,out); + l2c(tout1,out); + xor0=tin0; + xor1=tin1; + } + if (l != -8) + { + c2l(in,tin0); tin[0]=tin0; + c2l(in,tin1); tin[1]=tin1; + RC2_encrypt(tin,ks,RC2_DECRYPT); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2cn(tout0,tout1,out,l+8); + xor0=tin0; + xor1=tin1; + } + l2c(xor0,iv); + l2c(xor1,iv); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + tin[0]=tin[1]=0; + } + diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c new file mode 100644 index 0000000000000000000000000000000000000000..65b5d3536a9f88790f9279d3a106224b4a8949d7 --- /dev/null +++ b/crypto/rc2/rc2_ecb.c @@ -0,0 +1,163 @@ +/* crypto/rc2/rc2_ecb.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "rc2.h" +#include "rc2_locl.h" + +char *RC2_version="RC2 part of SSLeay 0.8.1b 29-Jun-1998"; + +/* RC2 as implemented frm a posting from + * Newsgroups: sci.crypt + * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) + * Subject: Specification for Ron Rivests Cipher No.2 + * Message-ID: <4fk39f$f70@net.auckland.ac.nz> + * Date: 11 Feb 1996 06:45:03 GMT + */ + +void RC2_ecb_encrypt(in, out, ks, encrypt) +unsigned char *in; +unsigned char *out; +RC2_KEY *ks; +int encrypt; + { + unsigned long l,d[2]; + + c2l(in,l); d[0]=l; + c2l(in,l); d[1]=l; + RC2_encrypt(d,ks,encrypt); + l=d[0]; l2c(l,out); + l=d[1]; l2c(l,out); + l=d[0]=d[1]=0; + } + +void RC2_encrypt(d,key,encrypt) +unsigned long *d; +RC2_KEY *key; +int encrypt; + { + int i,n; + register RC2_INT *p0,*p1; + register RC2_INT x0,x1,x2,x3,t; + unsigned long l; + + l=d[0]; + x0=(RC2_INT)l&0xffff; + x1=(RC2_INT)(l>>16L); + l=d[1]; + x2=(RC2_INT)l&0xffff; + x3=(RC2_INT)(l>>16L); + + n=3; + i=5; + if (encrypt) + { + p0=p1= &(key->data[0]); + for (;;) + { + t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; + x0=(t<<1)|(t>>15); + t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; + x1=(t<<2)|(t>>14); + t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; + x2=(t<<3)|(t>>13); + t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; + x3=(t<<5)|(t>>11); + + if (--i == 0) + { + if (--n == 0) break; + i=(n == 2)?6:5; + + x0+=p1[x3&0x3f]; + x1+=p1[x0&0x3f]; + x2+=p1[x1&0x3f]; + x3+=p1[x2&0x3f]; + } + } + } + else + { + p0= &(key->data[63]); + p1= &(key->data[0]); + for (;;) + { + t=((x3<<11)|(x3>>5))&0xffff; + x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff; + t=((x2<<13)|(x2>>3))&0xffff; + x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff; + t=((x1<<14)|(x1>>2))&0xffff; + x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff; + t=((x0<<15)|(x0>>1))&0xffff; + x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff; + + if (--i == 0) + { + if (--n == 0) break; + i=(n == 2)?6:5; + + x3=(x3-p1[x2&0x3f])&0xffff; + x2=(x2-p1[x1&0x3f])&0xffff; + x1=(x1-p1[x0&0x3f])&0xffff; + x0=(x0-p1[x3&0x3f])&0xffff; + } + } + } + + d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); + d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); + } diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h new file mode 100644 index 0000000000000000000000000000000000000000..05f45b0573540866f7734b570812b5daf296ba52 --- /dev/null +++ b/crypto/rc2/rc2_locl.h @@ -0,0 +1,146 @@ +/* crypto/rc2/rc2_locl.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#undef c2l +#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<<24L) + +/* NOTE - c is not incremented as per c2l */ +#undef c2ln +#define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +/* NOTE - c is not incremented as per l2c */ +#undef l2cn +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c new file mode 100644 index 0000000000000000000000000000000000000000..cfc8a50cd92f584e80ba272d45a71b8aedb7fff5 --- /dev/null +++ b/crypto/rc2/rc2_skey.c @@ -0,0 +1,142 @@ +/* crypto/rc2/rc2_skey.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "rc2.h" +#include "rc2_locl.h" + +static unsigned char key_table[256]={ + 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79, + 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e, + 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5, + 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32, + 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22, + 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c, + 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f, + 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26, + 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b, + 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7, + 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde, + 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a, + 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e, + 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc, + 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85, + 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31, + 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10, + 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c, + 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b, + 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e, + 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68, + 0xfe,0x7f,0xc1,0xad, + }; + +/* It has come to my attention that there are 2 versions of the RC2 + * key schedule. One which is normal, and anther which has a hook to + * use a reduced key length. + * BSAFE uses the 'retarded' version. What I previously shipped is + * the same as specifying 1024 for the 'bits' parameter. Bsafe uses + * a version where the bits parameter is the same as len*8 */ +void RC2_set_key(key,len,data,bits) +RC2_KEY *key; +int len; +unsigned char *data; +int bits; + { + int i,j; + unsigned char *k; + RC2_INT *ki; + unsigned int c,d; + + k= (unsigned char *)&(key->data[0]); + *k=0; /* for if there is a zero length key */ + + if (len > 128) len=128; + if (bits <= 0) bits=1024; + if (bits > 1024) bits=1024; + + for (i=0; i>3; + i=128-j; + c= (0xff>>(-bits & 0x07)); + + d=key_table[k[i]&c]; + k[i]=d; + while (i--) + { + d=key_table[k[i+j]^d]; + k[i]=d; + } + + /* copy from bytes into RC2_INT's */ + ki= &(key->data[63]); + for (i=127; i>=0; i-=2) + *(ki--)=((k[i]<<8)|k[i-1])&0xffff; + } + diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c new file mode 100644 index 0000000000000000000000000000000000000000..44df3dc951699ba795fe1ecaccbd10b84dd94cbe --- /dev/null +++ b/crypto/rc2/rc2cfb64.c @@ -0,0 +1,127 @@ +/* crypto/rc2/rc2cfb64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "rc2.h" +#include "rc2_locl.h" + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void RC2_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) +unsigned char *in; +unsigned char *out; +long length; +RC2_KEY *schedule; +unsigned char *ivec; +int *num; +int encrypt; + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned long ti[2]; + unsigned char *iv,c,cc; + + iv=(unsigned char *)ivec; + if (encrypt) + { + while (l--) + { + if (n == 0) + { + c2l(iv,v0); ti[0]=v0; + c2l(iv,v1); ti[1]=v1; + RC2_encrypt((unsigned long *)ti,schedule,RC2_ENCRYPT); + iv=(unsigned char *)ivec; + t=ti[0]; l2c(t,iv); + t=ti[1]; l2c(t,iv); + iv=(unsigned char *)ivec; + } + c= *(in++)^iv[n]; + *(out++)=c; + iv[n]=c; + n=(n+1)&0x07; + } + } + else + { + while (l--) + { + if (n == 0) + { + c2l(iv,v0); ti[0]=v0; + c2l(iv,v1); ti[1]=v1; + RC2_encrypt((unsigned long *)ti,schedule,RC2_ENCRYPT); + iv=(unsigned char *)ivec; + t=ti[0]; l2c(t,iv); + t=ti[1]; l2c(t,iv); + iv=(unsigned char *)ivec; + } + cc= *(in++); + c=iv[n]; + iv[n]=cc; + *(out++)=c^cc; + n=(n+1)&0x07; + } + } + v0=v1=ti[0]=ti[1]=t=c=cc=0; + *num=n; + } + diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c new file mode 100644 index 0000000000000000000000000000000000000000..5df004bcec20cf3da7bc4da499dd646c41d54c7a --- /dev/null +++ b/crypto/rc2/rc2ofb64.c @@ -0,0 +1,115 @@ +/* crypto/rc2/rc2ofb64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "rc2.h" +#include "rc2_locl.h" + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void RC2_ofb64_encrypt(in, out, length, schedule, ivec, num) +unsigned char *in; +unsigned char *out; +long length; +RC2_KEY *schedule; +unsigned char *ivec; +int *num; + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned char d[8]; + register char *dp; + unsigned long ti[2]; + unsigned char *iv; + int save=0; + + iv=(unsigned char *)ivec; + c2l(iv,v0); + c2l(iv,v1); + ti[0]=v0; + ti[1]=v1; + dp=(char *)d; + l2c(v0,dp); + l2c(v1,dp); + while (l--) + { + if (n == 0) + { + RC2_encrypt((unsigned long *)ti,schedule,RC2_ENCRYPT); + dp=(char *)d; + t=ti[0]; l2c(t,dp); + t=ti[1]; l2c(t,dp); + save++; + } + *(out++)= *(in++)^d[n]; + n=(n+1)&0x07; + } + if (save) + { + v0=ti[0]; + v1=ti[1]; + iv=(unsigned char *)ivec; + l2c(v0,iv); + l2c(v1,iv); + } + t=v0=v1=ti[0]=ti[1]=0; + *num=n; + } + diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c new file mode 100644 index 0000000000000000000000000000000000000000..00e21ddd3aeb8d0c8b37c02eab6c5c0a24ddec2f --- /dev/null +++ b/crypto/rc2/rc2test.c @@ -0,0 +1,270 @@ +/* crypto/rc2/rc2test.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC2 modes, more of the code will be uncommented. */ + +#include +#include +#include +#include "rc2.h" + +unsigned char RC2key[4][16]={ + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F}, + }; + +unsigned char RC2plain[4][8]={ + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + }; + +unsigned char RC2cipher[4][8]={ + {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7}, + {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74}, + {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E}, + {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31}, + }; +/************/ +#ifdef undef +unsigned char k[16]={ + 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04, + 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08}; + +unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03}; +unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5}; +unsigned char out[80]; + +char *text="Hello to all people out there"; + +static unsigned char cfb_key[16]={ + 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96, + 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e, + }; +static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd}; +static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; +#define CFB_TEST_SIZE 24 +static unsigned char plain[CFB_TEST_SIZE]= + { + 0x4e,0x6f,0x77,0x20,0x69,0x73, + 0x20,0x74,0x68,0x65,0x20,0x74, + 0x69,0x6d,0x65,0x20,0x66,0x6f, + 0x72,0x20,0x61,0x6c,0x6c,0x20 + }; +static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ + 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F, + 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, + 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 + +/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ + }; + + +#ifndef NOPROTO +/*static int cfb64_test(unsigned char *cfb_cipher);*/ +static char *pt(unsigned char *p); +#else +/*static int cfb64_test(); */ +static char *pt(); +#endif + +#endif + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,n,err=0; + RC2_KEY key; + unsigned char buf[8],buf2[8]; + + for (n=0; n<4; n++) + { + RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */); + + RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT); + if (memcmp(&(RC2cipher[n][0]),buf,8) != 0) + { + printf("ecb rc2 error encrypting\n"); + printf("got :"); + for (i=0; i<8; i++) + printf("%02X ",buf[i]); + printf("\n"); + printf("expected:"); + for (i=0; i<8; i++) + printf("%02X ",RC2cipher[n][i]); + err=20; + printf("\n"); + } + + RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT); + if (memcmp(&(RC2plain[n][0]),buf2,8) != 0) + { + printf("ecb RC2 error decrypting\n"); + printf("got :"); + for (i=0; i<8; i++) + printf("%02X ",buf[i]); + printf("\n"); + printf("expected:"); + for (i=0; i<8; i++) + printf("%02X ",RC2plain[n][i]); + printf("\n"); + err=3; + } + } + + if (err == 0) printf("ecb RC2 ok\n"); +#ifdef undef + memcpy(iv,k,8); + idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1); + memcpy(iv,k,8); + idea_cbc_encrypt(out,out,8,&dkey,iv,0); + idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0); + if (memcmp(text,out,strlen(text)+1) != 0) + { + printf("cbc idea bad\n"); + err=4; + } + else + printf("cbc idea ok\n"); + + printf("cfb64 idea "); + if (cfb64_test(cfb_cipher64)) + { + printf("bad\n"); + err=5; + } + else + printf("ok\n"); +#endif + + exit(err); + return(err); + } + +#ifdef undef +static int cfb64_test(cfb_cipher) +unsigned char *cfb_cipher; + { + IDEA_KEY_SCHEDULE eks,dks; + int err=0,i,n; + + idea_set_encrypt_key(cfb_key,&eks); + idea_set_decrypt_key(&eks,&dks); + memcpy(cfb_tmp,cfb_iv,8); + n=0; + idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks, + cfb_tmp,&n,IDEA_ENCRYPT); + idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), + (long)CFB_TEST_SIZE-12,&eks, + cfb_tmp,&n,IDEA_ENCRYPT); + if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0) + { + err=1; + printf("idea_cfb64_encrypt encrypt error\n"); + for (i=0; i>4)&0xf]; + ret[i*2+1]=f[p[i]&0xf]; + } + ret[16]='\0'; + return(ret); + } + +#endif diff --git a/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc new file mode 100644 index 0000000000000000000000000000000000000000..f93ee003d2f8c0ac1d95bb6dd704d766f65b7f50 --- /dev/null +++ b/crypto/rc2/rrc2.doc @@ -0,0 +1,219 @@ +>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996 +Article 23601 of sci.crypt: +Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news +>From: pgut01@cs.auckland.ac.nz (Peter Gutmann) +Newsgroups: sci.crypt +Subject: Specification for Ron Rivests Cipher No.2 +Date: 11 Feb 1996 06:45:03 GMT +Organization: University of Auckland +Lines: 203 +Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) +Message-ID: <4fk39f$f70@net.auckland.ac.nz> +NNTP-Posting-Host: cs26.cs.auckland.ac.nz +X-Newsreader: NN version 6.5.0 #3 (NOV) + + + + + Ron Rivest's Cipher No.2 + ------------------------ + +Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may +refer to it by other names) is word oriented, operating on a block of 64 bits +divided into four 16-bit words, with a key table of 64 words. All data units +are little-endian. This functional description of the algorithm is based in +the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using +the same general layout, terminology, and pseudocode style. + + +Notation and RRC.2 Primitive Operations + +RRC.2 uses the following primitive operations: + +1. Two's-complement addition of words, denoted by "+". The inverse operation, + subtraction, is denoted by "-". +2. Bitwise exclusive OR, denoted by "^". +3. Bitwise AND, denoted by "&". +4. Bitwise NOT, denoted by "~". +5. A left-rotation of words; the rotation of word x left by y is denoted + x <<< y. The inverse operation, right-rotation, is denoted x >>> y. + +These operations are directly and efficiently supported by most processors. + + +The RRC.2 Algorithm + +RRC.2 consists of three components, a *key expansion* algorithm, an +*encryption* algorithm, and a *decryption* algorithm. + + +Key Expansion + +The purpose of the key-expansion routine is to expand the user's key K to fill +the expanded key array S, so S resembles an array of random binary words +determined by the user's secret key K. + +Initialising the S-box + +RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of +Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern +cryptography by enough time that there should be no concerns about trapdoors +hidden in the data. They have been published widely, and the S-box can be +easily recreated from the one-time pad values and the Beale Cipher data taken +from a standard source. To initialise the S-box: + + for i = 0 to 255 do + sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ] + +The contents of Beale Cipher No.1 and the necessary one-time pad are given as +an appendix at the end of this document. For efficiency, implementors may wish +to skip the Beale Cipher expansion and store the sBox table directly. + +Expanding the Secret Key to 128 Bytes + +The secret key is first expanded to fill 128 bytes (64 words). The expansion +consists of taking the sum of the first and last bytes in the user key, looking +up the sum (modulo 256) in the S-box, and appending the result to the key. The +operation is repeated with the second byte and new last byte of the key until +all 128 bytes have been generated. Note that the following pseudocode treats +the S array as an array of 128 bytes rather than 64 words. + + for j = 0 to length-1 do + S[ j ] = K[ j ] + for j = length to 127 do + s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ]; + +At this point it is possible to perform a truncation of the effective key +length to ease the creation of espionage-enabled software products. However +since the author cannot conceive why anyone would want to do this, it will not +be considered further. + +The final phase of the key expansion involves replacing the first byte of S +with the entry selected from the S-box: + + S[ 0 ] = sBox[ S[ 0 ] ] + + +Encryption + +The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full +rounds perform an additional transformation on the data. Note that the +following pseudocode treats the S array as an array of 64 words rather than 128 +bytes. + + for i = 0 to 15 do + j = i * 4; + word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1 + word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2 + word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3 + word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5 + +In addition the fifth and eleventh rounds add the contents of the S-box indexed +by one of the data words to another of the data words following the four +subrounds as follows: + + word0 = word0 + S[ word3 & 63 ]; + word1 = word1 + S[ word0 & 63 ]; + word2 = word2 + S[ word1 & 63 ]; + word3 = word3 + S[ word2 & 63 ]; + + +Decryption + +The decryption operation is simply the inverse of the encryption operation. +Note that the following pseudocode treats the S array as an array of 64 words +rather than 128 bytes. + + for i = 15 downto 0 do + j = i * 4; + word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ] + word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ] + word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ] + word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ] + +In addition the fifth and eleventh rounds subtract the contents of the S-box +indexed by one of the data words from another one of the data words following +the four subrounds as follows: + + word3 = word3 - S[ word2 & 63 ] + word2 = word2 - S[ word1 & 63 ] + word1 = word1 - S[ word0 & 63 ] + word0 = word0 - S[ word3 & 63 ] + + +Test Vectors + +The following test vectors may be used to test the correctness of an RRC.2 +implementation: + + Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 + + Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74 + + Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E + + Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 + + +Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for + Creating the S-Box + +Beale Cipher No.1. + + 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95, + 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3, + 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231, + 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193, + 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176, + 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416, + 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283, + 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131, + 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12, + 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346, + 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21, + 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37, + 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680, + 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818, + 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81, + 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206 + +One-time Pad. + + 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194, + 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161, + 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213, + 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67, + 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108, + 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134, + 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24, + 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84, + 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38, + 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182, + 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44, + 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20, + 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97, + 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155, + 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127, + 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99 + + +Implementation + +A non-US based programmer who has never seen any encryption code before will +shortly be implementing RRC.2 based solely on this specification and not on +knowledge of any other encryption algorithms. Stand by. + + + diff --git a/crypto/rc2/version b/crypto/rc2/version new file mode 100644 index 0000000000000000000000000000000000000000..6f89d595f1790a2956d24b045d4dea37625295ad --- /dev/null +++ b/crypto/rc2/version @@ -0,0 +1,22 @@ +1.1 23/08/96 - eay + Changed RC2_set_key() so it now takes another argument. Many + thanks to Peter Gutmann for the + clarification and origional specification of RC2. BSAFE uses + this last parameter, 'bits'. It the key is 128 bits, BSAFE + also sets this parameter to 128. The old behaviour can be + duplicated by setting this parameter to 1024. + +1.0 08/04/96 - eay + First version of SSLeay with rc2. This has been written from the spec + posted sci.crypt. It is in this directory under rrc2.doc + I have no test values for any mode other than ecb, my wrappers for the + other modes should be ok since they are basically the same as + the ones taken from idea and des :-). I have implemented them as + little-endian operators. + While rc2 is included because it is used with SSL, I don't know how + far I trust it. It is about the same speed as IDEA and DES. + So if you are paranoid, used Tripple DES, else IDEA. If RC2 + does get used more, perhaps more people will look for weaknesses in + it. + + diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..2f40d4ed90fa5d066b20892fa4d762ed12e51772 --- /dev/null +++ b/crypto/rc4/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/rc4/Makefile +# + +DIR= rc4 +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=rc4test.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=rc4_enc.c +LIBOBJ=rc4_enc.o + +SRC= $(LIBSRC) + +EXHEADER= rc4.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c new file mode 100644 index 0000000000000000000000000000000000000000..37965d5262b9e94735de9732a20f82a127bba36d --- /dev/null +++ b/crypto/rc4/rc4.c @@ -0,0 +1,194 @@ +/* crypto/rc4/rc4.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "rc4.h" + +char *usage[]={ +"usage: rc4 args\n", +"\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -key key - password\n", +NULL +}; + +int main(argc, argv) +int argc; +char *argv[]; + { + FILE *in=NULL,*out=NULL; + char *infile=NULL,*outfile=NULL,*keystr=NULL; + RC4_KEY key; + char buf[BUFSIZ]; + int badops=0,i; + char **pp; + unsigned char md[MD5_DIGEST_LENGTH]; + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + keystr= *(++argv); + } + else + { + fprintf(stderr,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + for (pp=usage; (*pp != NULL); pp++) + fprintf(stderr,*pp); + exit(1); + } + + if (infile == NULL) + in=stdin; + else + { + in=fopen(infile,"r"); + if (in == NULL) + { + perror("open"); + exit(1); + } + + } + if (outfile == NULL) + out=stdout; + else + { + out=fopen(outfile,"w"); + if (out == NULL) + { + perror("open"); + exit(1); + } + } + +#ifdef MSDOS + /* This should set the file to binary mode. */ + { +#include + setmode(fileno(in),O_BINARY); + setmode(fileno(out),O_BINARY); + } +#endif + + if (keystr == NULL) + { /* get key */ + i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); + if (i != 0) + { + memset(buf,0,BUFSIZ); + fprintf(stderr,"bad password read\n"); + exit(1); + } + keystr=buf; + } + + MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); + memset(keystr,0,strlen(keystr)); + RC4_set_key(&key,MD5_DIGEST_LENGTH,md); + + for(;;) + { + i=fread(buf,1,BUFSIZ,in); + if (i == 0) break; + if (i < 0) + { + perror("read"); + exit(1); + } + RC4(&key,(unsigned int)i,(unsigned char *)buf, + (unsigned char *)buf); + i=fwrite(buf,(unsigned int)i,1,out); + if (i != 1) + { + perror("write"); + exit(1); + } + } + fclose(out); + fclose(in); + exit(0); + return(1); + } + diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h new file mode 100644 index 0000000000000000000000000000000000000000..c558651af80c2e6b8707dd51e21e0fb113918436 --- /dev/null +++ b/crypto/rc4/rc4.h @@ -0,0 +1,103 @@ +/* crypto/rc4/rc4.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify rc4.org since rc4.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#ifndef HEADER_RC4_H +#define HEADER_RC4_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +#define RC4_INT unsigned int + +typedef struct rc4_key_st + { + RC4_INT x,y; + RC4_INT data[256]; + } RC4_KEY; + +#ifndef NOPROTO + +char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, unsigned char *data); +void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata, + unsigned char *outdata); + +#else + +char *RC4_options(); +void RC4_set_key(); +void RC4(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/rc4/rc4.org b/crypto/rc4/rc4.org new file mode 100644 index 0000000000000000000000000000000000000000..c558651af80c2e6b8707dd51e21e0fb113918436 --- /dev/null +++ b/crypto/rc4/rc4.org @@ -0,0 +1,103 @@ +/* crypto/rc4/rc4.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify rc4.org since rc4.h is automatically generated from + * it during SSLeay configuration. + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#ifndef HEADER_RC4_H +#define HEADER_RC4_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +#define RC4_INT unsigned int + +typedef struct rc4_key_st + { + RC4_INT x,y; + RC4_INT data[256]; + } RC4_KEY; + +#ifndef NOPROTO + +char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, unsigned char *data); +void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata, + unsigned char *outdata); + +#else + +char *RC4_options(); +void RC4_set_key(); +void RC4(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..de57a970bf81013015bdab6b576fbe207b4e7a22 --- /dev/null +++ b/crypto/rc4/rc4_enc.c @@ -0,0 +1,195 @@ +/* crypto/rc4/rc4_enc.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify rc4_enc.org since rc4_enc.c is automatically generated from + * it during SSLeay configuration. + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#include "rc4.h" + +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX + +char *RC4_version="RC4 part of SSLeay 0.8.1a 24-Jun-1998"; + +char *RC4_options() + { +#ifdef RC4_INDEX + if (sizeof(RC4_INT) == 1) + return("rc4(idx,char)"); + else + return("rc4(idx,int)"); +#else + if (sizeof(RC4_INT) == 1) + return("rc4(ptr,char)"); + else + return("rc4(ptr,int)"); +#endif + } + +/* RC4 as implemented from a posting from + * Newsgroups: sci.crypt + * From: sterndark@netcom.com (David Sterndark) + * Subject: RC4 Algorithm revealed. + * Message-ID: + * Date: Wed, 14 Sep 1994 06:35:31 GMT + */ + +void RC4_set_key(key, len, data) +RC4_KEY *key; +int len; +register unsigned char *data; + { + register RC4_INT tmp; + register int id1,id2; + register RC4_INT *d; + unsigned int i; + + d= &(key->data[0]); + for (i=0; i<256; i++) + d[i]=i; + key->x = 0; + key->y = 0; + id1=id2=0; + +#define SK_LOOP(n) { \ + tmp=d[(n)]; \ + id2 = (data[id1] + tmp + id2) & 0xff; \ + if (++id1 == len) id1=0; \ + d[(n)]=d[id2]; \ + d[id2]=tmp; } + + for (i=0; i < 256; i+=4) + { + SK_LOOP(i+0); + SK_LOOP(i+1); + SK_LOOP(i+2); + SK_LOOP(i+3); + } + } + +void RC4(key, len, indata, outdata) +RC4_KEY *key; +unsigned long len; +unsigned char *indata; +unsigned char *outdata; + { + register RC4_INT *d; + register RC4_INT x,y,tx,ty; + int i; + + x=key->x; + y=key->y; + d=key->data; + +#define LOOP(in,out) \ + x=((x+1)&0xff); \ + tx=d[x]; \ + y=(tx+y)&0xff; \ + d[x]=ty=d[y]; \ + d[y]=tx; \ + (out) = d[(tx+ty)&0xff]^ (in); + +#ifndef RC4_INDEX +#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) +#else +#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) +#endif + + i= -(int)len; + i=(int)(len>>3L); + if (i) + { + for (;;) + { + RC4_LOOP(indata,outdata,0); + RC4_LOOP(indata,outdata,1); + RC4_LOOP(indata,outdata,2); + RC4_LOOP(indata,outdata,3); + RC4_LOOP(indata,outdata,4); + RC4_LOOP(indata,outdata,5); + RC4_LOOP(indata,outdata,6); + RC4_LOOP(indata,outdata,7); +#ifdef RC4_INDEX + indata+=8; + outdata+=8; +#endif + if (--i == 0) break; + } + } + i=(int)len&0x07; + if (i) + { + for (;;) + { + RC4_LOOP(indata,outdata,0); if (--i == 0) break; + RC4_LOOP(indata,outdata,1); if (--i == 0) break; + RC4_LOOP(indata,outdata,2); if (--i == 0) break; + RC4_LOOP(indata,outdata,3); if (--i == 0) break; + RC4_LOOP(indata,outdata,4); if (--i == 0) break; + RC4_LOOP(indata,outdata,5); if (--i == 0) break; + RC4_LOOP(indata,outdata,6); if (--i == 0) break; + } + } + key->x=x; + key->y=y; + } diff --git a/crypto/rc4/rc4_enc.org b/crypto/rc4/rc4_enc.org new file mode 100644 index 0000000000000000000000000000000000000000..c83b9aca85fd53e9ed9793f96a787491ecc6eeba --- /dev/null +++ b/crypto/rc4/rc4_enc.org @@ -0,0 +1,195 @@ +/* crypto/rc4/rc4_enc.org */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * Always modify rc4_enc.org since rc4_enc.c is automatically generated from + * it during SSLeay configuration. + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +#include "rc4.h" + +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX + +char *RC4_version="RC4 part of SSLeay 0.8.1b 29-Jun-1998"; + +char *RC4_options() + { +#ifdef RC4_INDEX + if (sizeof(RC4_INT) == 1) + return("rc4(idx,char)"); + else + return("rc4(idx,int)"); +#else + if (sizeof(RC4_INT) == 1) + return("rc4(ptr,char)"); + else + return("rc4(ptr,int)"); +#endif + } + +/* RC4 as implemented from a posting from + * Newsgroups: sci.crypt + * From: sterndark@netcom.com (David Sterndark) + * Subject: RC4 Algorithm revealed. + * Message-ID: + * Date: Wed, 14 Sep 1994 06:35:31 GMT + */ + +void RC4_set_key(key, len, data) +RC4_KEY *key; +int len; +register unsigned char *data; + { + register RC4_INT tmp; + register int id1,id2; + register RC4_INT *d; + unsigned int i; + + d= &(key->data[0]); + for (i=0; i<256; i++) + d[i]=i; + key->x = 0; + key->y = 0; + id1=id2=0; + +#define SK_LOOP(n) { \ + tmp=d[(n)]; \ + id2 = (data[id1] + tmp + id2) & 0xff; \ + if (++id1 == len) id1=0; \ + d[(n)]=d[id2]; \ + d[id2]=tmp; } + + for (i=0; i < 256; i+=4) + { + SK_LOOP(i+0); + SK_LOOP(i+1); + SK_LOOP(i+2); + SK_LOOP(i+3); + } + } + +void RC4(key, len, indata, outdata) +RC4_KEY *key; +unsigned long len; +unsigned char *indata; +unsigned char *outdata; + { + register RC4_INT *d; + register RC4_INT x,y,tx,ty; + int i; + + x=key->x; + y=key->y; + d=key->data; + +#define LOOP(in,out) \ + x=((x+1)&0xff); \ + tx=d[x]; \ + y=(tx+y)&0xff; \ + d[x]=ty=d[y]; \ + d[y]=tx; \ + (out) = d[(tx+ty)&0xff]^ (in); + +#ifndef RC4_INDEX +#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) +#else +#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) +#endif + + i= -(int)len; + i=(int)(len>>3L); + if (i) + { + for (;;) + { + RC4_LOOP(indata,outdata,0); + RC4_LOOP(indata,outdata,1); + RC4_LOOP(indata,outdata,2); + RC4_LOOP(indata,outdata,3); + RC4_LOOP(indata,outdata,4); + RC4_LOOP(indata,outdata,5); + RC4_LOOP(indata,outdata,6); + RC4_LOOP(indata,outdata,7); +#ifdef RC4_INDEX + indata+=8; + outdata+=8; +#endif + if (--i == 0) break; + } + } + i=(int)len&0x07; + if (i) + { + for (;;) + { + RC4_LOOP(indata,outdata,0); if (--i == 0) break; + RC4_LOOP(indata,outdata,1); if (--i == 0) break; + RC4_LOOP(indata,outdata,2); if (--i == 0) break; + RC4_LOOP(indata,outdata,3); if (--i == 0) break; + RC4_LOOP(indata,outdata,4); if (--i == 0) break; + RC4_LOOP(indata,outdata,5); if (--i == 0) break; + RC4_LOOP(indata,outdata,6); if (--i == 0) break; + } + } + key->x=x; + key->y=y; + } diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c new file mode 100644 index 0000000000000000000000000000000000000000..aa4053e64496aa80814d0ef16a5ec1eb8de66ef7 --- /dev/null +++ b/crypto/rc4/rc4test.c @@ -0,0 +1,124 @@ +/* crypto/rc4/rc4test.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "rc4.h" + +unsigned char keys[6][11]={ + {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, + {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, + {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {4,0xef,0x01,0x23,0x45}, + {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, + }; + +unsigned char data[6][11]={ + {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, + {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, + {0}, + }; + +unsigned char output[6][11]={ + {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96}, + {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79}, + {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a}, + {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61}, + {0}, + }; + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,err=0; + unsigned int j; + unsigned char *p; + RC4_KEY key; + unsigned char buf[512],obuf[512]; + + for (i=0; i<512; i++) buf[i]=0x01; + + for (i=0; i<4; i++) + { + RC4_set_key(&key,keys[i][0],&(keys[i][1])); + RC4(&key,data[i][0],&(data[i][1]),obuf); + if (memcmp(obuf,output[i],data[i][0]) != 0) + { + printf("error calculating RC4\n"); + printf("output:"); + for (j=0; j +Sender: sterndark@netcom.com +Organization: NETCOM On-line Communication Services (408 261-4700 guest) +X-Newsreader: TIN [version 1.2 PL1] +Date: Wed, 14 Sep 1994 06:35:31 GMT +Lines: 263 +Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026 + +I am shocked, shocked, I tell you, shocked, to discover +that the cypherpunks have illegaly and criminally revealed +a crucial RSA trade secret and harmed the security of +America by reverse engineering the RC4 algorithm and +publishing it to the world. + +On Saturday morning an anonymous cypherpunk wrote: + + + SUBJECT: RC4 Source Code + + + I've tested this. It is compatible with the RC4 object module + that comes in the various RSA toolkits. + + /* rc4.h */ + typedef struct rc4_key + { + unsigned char state[256]; + unsigned char x; + unsigned char y; + } rc4_key; + void prepare_key(unsigned char *key_data_ptr,int key_data_len, + rc4_key *key); + void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key); + + + /*rc4.c */ + #include "rc4.h" + static void swap_byte(unsigned char *a, unsigned char *b); + void prepare_key(unsigned char *key_data_ptr, int key_data_len, + rc4_key *key) + { + unsigned char swapByte; + unsigned char index1; + unsigned char index2; + unsigned char* state; + short counter; + + state = &key->state[0]; + for(counter = 0; counter < 256; counter++) + state[counter] = counter; + key->x = 0; + key->y = 0; + index1 = 0; + index2 = 0; + for(counter = 0; counter < 256; counter++) + { + index2 = (key_data_ptr[index1] + state[counter] + + index2) % 256; + swap_byte(&state[counter], &state[index2]); + + index1 = (index1 + 1) % key_data_len; + } + } + + void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key) + { + unsigned char x; + unsigned char y; + unsigned char* state; + unsigned char xorIndex; + short counter; + + x = key->x; + y = key->y; + + state = &key->state[0]; + for(counter = 0; counter < buffer_len; counter ++) + { + x = (x + 1) % 256; + y = (state[x] + y) % 256; + swap_byte(&state[x], &state[y]); + + xorIndex = (state[x] + state[y]) % 256; + + buffer_ptr[counter] ^= state[xorIndex]; + } + key->x = x; + key->y = y; + } + + static void swap_byte(unsigned char *a, unsigned char *b) + { + unsigned char swapByte; + + swapByte = *a; + *a = *b; + *b = swapByte; + } + + + +Another cypherpunk, this one not anonymous, tested the +output from this algorithm against the output from +official RC4 object code + + + Date: Tue, 13 Sep 94 18:37:56 PDT + From: ekr@eit.COM (Eric Rescorla) + Message-Id: <9409140137.AA17743@eitech.eit.com> + Subject: RC4 compatibility testing + Cc: cypherpunks@toad.com + + One data point: + + I can't say anything about the internals of RC4 versus the + algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4', + since I don't know anything about RC4's internals. + + However, I do have a (legitimately acquired) copy of BSAFE2 and + so I'm able to compare the output of this algorithm to the output + of genuine RC4 as found in BSAFE. I chose a set of test vectors + and ran them through both algorithms. The algorithms appear to + give identical results, at least with these key/plaintext pairs. + + I note that this is the algorithm _without_ Hal Finney's + proposed modification + + (see <199409130605.XAA24133@jobe.shell.portal.com>). + + The vectors I used (together with the ciphertext they produce) + follow at the end of this message. + + -Ekr + + Disclaimer: This posting does not reflect the opinions of EIT. + + --------------------results follow-------------- + Test vector 0 + Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef + Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef + 0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 + + Test vector 1 + Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef + Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 + 0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 + + Test vector 2 + Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 + Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 + 0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a + + Test vector 3 + Key: 0xef 0x01 0x23 0x45 + Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 + 0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 + + Test vector 4 + Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef + Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 + 0x01 + 0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 + 0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f + 0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca + 0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d + 0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 + 0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 + 0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 + 0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a + 0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 + 0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 + 0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa + 0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd + 0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 + 0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 + 0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a + 0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 + 0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 + 0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 + 0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 + 0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 + 0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 + 0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 + 0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e + 0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef + 0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 + 0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 + 0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b + 0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 + 0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 + 0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 + 0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 + 0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 + 0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 + 0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 + 0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b + 0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 + 0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 + 0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 + 0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 + 0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d + 0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 + 0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c + 0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 + 0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 + 0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd + 0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f + 0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 + 0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 + 0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 + 0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 + 0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 + 0xc0 + + + +-- + --------------------------------------------------------------------- +We have the right to defend ourselves and our +property, because of the kind of animals that we James A. Donald +are. True law derives from this right, not from +the arbitrary power of the omnipotent state. jamesd@netcom.com + + diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..5e04ec4484dc59a2bb824d048d700169b87f5870 --- /dev/null +++ b/crypto/rsa/Makefile.ssl @@ -0,0 +1,84 @@ +# +# SSLeay/crypto/rsa/Makefile +# + +DIR= rsa +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=rsa +ERRC=rsa_err +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c +LIBOBJ= rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o + +SRC= $(LIBSRC) + +EXHEADER= rsa.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err new file mode 100644 index 0000000000000000000000000000000000000000..29f1496693316f62c933726b09dad2a6e97112f5 --- /dev/null +++ b/crypto/rsa/rsa.err @@ -0,0 +1,33 @@ +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 +#define RSA_F_RSA_GENERATE_KEY 104 +#define RSA_F_RSA_NEW_METHOD 105 +#define RSA_F_RSA_PRINT 106 +#define RSA_F_RSA_PRINT_FP 107 +#define RSA_F_RSA_SIGN 108 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 109 +#define RSA_F_RSA_VERIFY 110 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 111 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 106 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 107 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 108 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 109 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 110 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 111 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 113 +#define RSA_R_UNKNOWN_PADDING_TYPE 114 +#define RSA_R_WRONG_SIGNATURE_LENGTH 115 diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h new file mode 100644 index 0000000000000000000000000000000000000000..821e928a1c0ede56d9cb5803cb2e5ec8af4ada5d --- /dev/null +++ b/crypto/rsa/rsa.h @@ -0,0 +1,243 @@ +/* crypto/rsa/rsa.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSA_H +#define HEADER_RSA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "bn.h" + +typedef struct rsa_meth_st + { + char *name; + int (*rsa_pub_enc)(); + int (*rsa_pub_dec)(); + int (*rsa_priv_enc)(); + int (*rsa_priv_dec)(); + int (*rsa_mod_exp)(); + int (*bn_mod_exp)(); + int (*init)(/* RSA * */); /* called at new */ + int (*finish)(/* RSA * */); /* called at free */ + } RSA_METHOD; + +typedef struct rsa_st + { + /* The first parameter is used to pickup errors where + * this is passed instead of aEVP_PKEY, it is set to 0 */ + int pad; + int version; + RSA_METHOD *meth; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + /* be carefull using this if the RSA structure is shared */ + char *app_data; + int references; + } RSA; + +#define RSA_3 0x3L +#define RSA_F4 0x10001L + +#define RSA_PKCS1_PADDING 11 +#define RSA_SSLV23_PADDING 12 + +#ifndef NOPROTO +RSA * RSA_new(void); +RSA * RSA_new_method(RSA_METHOD *method); +int RSA_size(RSA *); +RSA * RSA_generate_key(int bits, unsigned long e,void + (*callback)(int,int)); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +void RSA_free (RSA *r); + +void RSA_set_default_method(RSA_METHOD *meth); + +/* If you have RSAref compiled in. */ +/* RSA_METHOD *RSA_PKCS1_RSAref(void); */ + +/* these are the actual SSLeay RSA functions */ +RSA_METHOD *RSA_PKCS1_SSLeay(void); + +void ERR_load_RSA_strings(void ); + +RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); +int i2d_RSAPublicKey(RSA *a, unsigned char **pp); +RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); +#ifndef WIN16 +int RSA_print_fp(FILE *fp, RSA *r,int offset); +#endif + +#ifdef HEADER_BIO_H +int RSA_print(BIO *bp, RSA *r,int offset); +#endif + +int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); +RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); + +/* The following 2 functions sign and verify a X509_SIG ASN1 object + * inside PKCS#1 padded RSA encryption */ +int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* The following 2 function sign and verify a ASN1_OCTET_STRING + * object inside PKCS#1 padded RSA encryption */ +int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +#else + +RSA * RSA_new(); +RSA * RSA_new_method(); +int RSA_size(); +RSA * RSA_generate_key(); +int RSA_public_encrypt(); +int RSA_private_encrypt(); +int RSA_public_decrypt(); +int RSA_private_decrypt(); +void RSA_free (); + +void RSA_set_default_method(); + +/* RSA_METHOD *RSA_PKCS1_RSAref(); */ +RSA_METHOD *RSA_PKCS1_SSLeay(); + +void ERR_load_RSA_strings(); + +RSA * d2i_RSAPublicKey(); +int i2d_RSAPublicKey(); +RSA * d2i_RSAPrivateKey(); +int i2d_RSAPrivateKey(); +#ifndef WIN16 +int RSA_print_fp(); +#endif + +int RSA_print(); + +int i2d_Netscape_RSA(); +RSA *d2i_Netscape_RSA(); + +int RSA_sign(); +int RSA_verify(); + +int RSA_sign_ASN1_OCTET_STRING(); +int RSA_verify_ASN1_OCTET_STRING(); + + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 +#define RSA_F_RSA_GENERATE_KEY 104 +#define RSA_F_RSA_NEW_METHOD 105 +#define RSA_F_RSA_PRINT 106 +#define RSA_F_RSA_PRINT_FP 107 +#define RSA_F_RSA_SIGN 108 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 109 +#define RSA_F_RSA_VERIFY 110 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 111 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 106 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 107 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 108 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 109 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 110 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 111 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 113 +#define RSA_R_UNKNOWN_PADDING_TYPE 114 +#define RSA_R_WRONG_SIGNATURE_LENGTH 115 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/rsa/rsa_enc.c b/crypto/rsa/rsa_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..c4a4ad5a605c81267b9c8560c2e651b181cd3efc --- /dev/null +++ b/crypto/rsa/rsa_enc.c @@ -0,0 +1,538 @@ +/* crypto/rsa/rsa_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rand.h" + +#ifndef NOPROTO +static int RSA_eay_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +#else +static int RSA_eay_public_encrypt(); +static int RSA_eay_private_encrypt(); +static int RSA_eay_public_decrypt(); +static int RSA_eay_private_decrypt(); +static int RSA_eay_mod_exp(); +#endif + +static RSA_METHOD rsa_pkcs1_eay_meth={ + "Eric Young's PKCS#1 RSA", + RSA_eay_public_encrypt, + RSA_eay_public_decrypt, + RSA_eay_private_encrypt, + RSA_eay_private_decrypt, + RSA_eay_mod_exp, + BN_mod_exp, + NULL, + NULL, + }; + +RSA_METHOD *RSA_PKCS1_SSLeay() + { + return(&rsa_pkcs1_eay_meth); + } + +static int RSA_eay_public_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,k,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if ( (padding != RSA_PKCS1_PADDING) && + (padding != RSA_SSLV23_PADDING)) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + if (flen > (num-11)) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + p=(unsigned char *)buf; + + *(p++)=0; + *(p++)=2; /* Public Key BT (Block Type) */ + + /* pad out with non-zero random data */ + j=num-3-flen; + + RAND_bytes(p,j); + for (i=0; imeth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx)) goto err; + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,k,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if (padding != RSA_PKCS1_PADDING) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + if (flen > (num-11)) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + p=buf; + + *(p++)=0; + *(p++)=1; /* Private Key BT (Block Type) */ + + /* padd out with 0xff data */ + j=num-3-flen; + for (i=0; ip != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) + { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + else + { if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; } + + p=buf; + BN_bn2bin(ret,p); + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (ret != NULL) BN_free(ret); + if (f != NULL) BN_free(f); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_decrypt(flen, from, to, rsa,padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if ((padding != RSA_PKCS1_PADDING) && (padding != RSA_SSLV23_PADDING)) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equallity but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + ret=BN_new(); + f=BN_new(); + if ((ret == NULL) || (f == NULL)) goto err; + if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; + /* do the decrypt */ + if ( (rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) + { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + else + { if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; } + + p=buf; + BN_bn2bin(ret,p); + + /* BT must be 02 */ + if (*(p++) != 02) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_BLOCK_TYPE_IS_NOT_02); + goto err; + } + + /* scan over padding data */ + j=num-2; /* one for type and one for the prepended 0. */ + for (i=0; in); + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equallity but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + f=BN_new(); + ret=BN_new(); + if ((f == NULL) || (ret == NULL)) goto err; + + if (BN_bin2bn(from,flen,f) == NULL) goto err; + /* do the decrypt */ + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx)) goto err; + + p=buf; + i=BN_bn2bin(ret,p); + + /* BT must be 01 */ + if (*(p++) != 01) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BLOCK_TYPE_IS_NOT_01); + goto err; + } + + /* scan over padding data */ + j=num-2; /* one for type and one for the prepended 0. */ + for (i=0; iq,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx)) goto err; + + if (!BN_mod(r1,I,rsa->p,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx)) goto err; + + if (!BN_add(r1,r0,rsa->p)) goto err; + if (!BN_sub(r0,r1,m1)) goto err; + + if (!BN_mul(r1,r0,rsa->iqmp)) goto err; + if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; + if (!BN_mul(r1,r0,rsa->q)) goto err; + if (!BN_add(r0,r1,m1)) goto err; + + ret=1; +err: + if (m1 != NULL) BN_free(m1); + if (r1 != NULL) BN_free(r1); + BN_CTX_free(ctx); + return(ret); + } + + diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c new file mode 100644 index 0000000000000000000000000000000000000000..04a5ba201fc236bb6569bd17c677122040f5d4de --- /dev/null +++ b/crypto/rsa/rsa_err.c @@ -0,0 +1,111 @@ +/* lib/rsa/rsa_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "rsa.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA RSA_str_functs[]= + { +{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, +{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, +{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, +{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, +{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, +{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, +{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, +{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, +{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, +{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, +{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, +{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, +{0,NULL}, + }; + +static ERR_STRING_DATA RSA_str_reasons[]= + { +{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, +{RSA_R_BAD_E_VALUE ,"bad e value"}, +{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, +{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, +{RSA_R_BAD_SIGNATURE ,"bad signature"}, +{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, +{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, +{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, +{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, +{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, +{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, +{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, +{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, +{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, +{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, +{0,NULL}, + }; + +void ERR_load_RSA_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); + ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); + } + } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c new file mode 100644 index 0000000000000000000000000000000000000000..0cab3a5d73f97adc87f4af495338024ed9666d7f --- /dev/null +++ b/crypto/rsa/rsa_gen.c @@ -0,0 +1,186 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" + +RSA *RSA_generate_key(bits, e_value, callback) +int bits; +unsigned long e_value; +void (*callback)(P_I_I); + { + RSA *rsa=NULL; + BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; + int bitsp,bitsq,ok= -1,n=0; + BN_CTX *ctx=NULL,*ctx2=NULL; + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + ctx2=BN_CTX_new(); + if (ctx2 == NULL) goto err; + r0=ctx->bn[0]; + r1=ctx->bn[1]; + r2=ctx->bn[2]; + r3=ctx->bn[3]; + ctx->tos+=4; + + bitsp=(bits+1)/2; + bitsq=bits-bitsp; + rsa=RSA_new(); + if (rsa == NULL) goto err; + + /* set e */ + rsa->e=BN_new(); + if (rsa->e == NULL) goto err; + if (!BN_set_word(rsa->e,e_value)) goto err; + + /* generate p and q */ + for (;;) + { + rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback); + if (rsa->p == NULL) goto err; + if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; + if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; + if (BN_is_one(r1)) break; + if (callback != NULL) callback(2,n++); + BN_free(rsa->p); + } + if (callback != NULL) callback(3,0); + for (;;) + { + rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback); + if (rsa->q == NULL) goto err; + if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; + if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; + if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) + break; + if (callback != NULL) callback(2,n++); + BN_free(rsa->q); + } + if (callback != NULL) callback(3,1); + if (BN_cmp(rsa->p,rsa->q) < 0) + { + tmp=rsa->p; + rsa->p=rsa->q; + rsa->q=tmp; + } + + /* calculate n */ + rsa->n=BN_new(); + if (rsa->n == NULL) goto err; + if (!BN_mul(rsa->n,rsa->p,rsa->q)) goto err; + + /* calculate d */ + if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ + if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ + if (!BN_mul(r0,r1,r2)) goto err; /* (p-1)(q-1) */ + +/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ +/* for (;;) + { + if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; + if (BN_is_one(r3)) break; + + if (1) + { + if (!BN_add_word(rsa->e,2L)) goto err; + continue; + } + RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); + goto err; + } +*/ + rsa->d=(BIGNUM *)BN_mod_inverse(rsa->e,r0,ctx2); /* d */ + if (rsa->d == NULL) goto err; + + /* calculate d mod (p-1) */ + rsa->dmp1=BN_new(); + if (rsa->dmp1 == NULL) goto err; + if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; + + /* calculate d mod (q-1) */ + rsa->dmq1=BN_new(); + if (rsa->dmq1 == NULL) goto err; + if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; + + /* calculate inverse of q mod p */ + rsa->iqmp=BN_mod_inverse(rsa->q,rsa->p,ctx2); + if (rsa->iqmp == NULL) goto err; + + ok=1; +err: + if (ok == -1) + { + RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); + ok=0; + } + BN_CTX_free(ctx); + BN_CTX_free(ctx2); + + if (!ok) + { + if (rsa != NULL) RSA_free(rsa); + return(NULL); + } + else + return(rsa); + } + diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..c49d0ee0c362c684aed8787c19aa6b356222f177 --- /dev/null +++ b/crypto/rsa/rsa_lib.c @@ -0,0 +1,200 @@ +/* crypto/rsa/rsa_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" + +char *RSA_version="RSA part of SSLeay 0.8.1b 29-Jun-1998"; + +static RSA_METHOD *default_RSA_meth=NULL; + +RSA *RSA_new() + { + return(RSA_new_method(NULL)); + } + +void RSA_set_default_method(meth) +RSA_METHOD *meth; + { + default_RSA_meth=meth; + } + +RSA *RSA_new_method(meth) +RSA_METHOD *meth; + { + RSA *ret; + + if (default_RSA_meth == NULL) + { +#ifdef RSAref + default_RSA_meth=RSA_PKCS1_RSAref(); +#else + default_RSA_meth=RSA_PKCS1_SSLeay(); +#endif + } + ret=(RSA *)Malloc(sizeof(RSA)); + if (ret == NULL) + { + RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return(NULL); + } + + if (meth == NULL) + ret->meth=default_RSA_meth; + else + ret->meth=meth; + + ret->pad=0; + ret->version=0; + ret->n=NULL; + ret->e=NULL; + ret->d=NULL; + ret->p=NULL; + ret->q=NULL; + ret->dmp1=NULL; + ret->dmq1=NULL; + ret->iqmp=NULL; + ret->references=1; + ret->app_data=NULL; + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + Free(ret); + ret=NULL; + } + return(ret); + } + +void RSA_free(r) +RSA *r; + { + int i; + + if (r == NULL) return; + + i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"RSA_free, bad reference count\n"); + abort(); + } +#endif + + if (r->meth->finish != NULL) + r->meth->finish(r); + + if (r->n != NULL) BN_clear_free(r->n); + if (r->e != NULL) BN_clear_free(r->e); + if (r->d != NULL) BN_clear_free(r->d); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->dmp1 != NULL) BN_clear_free(r->dmp1); + if (r->dmq1 != NULL) BN_clear_free(r->dmq1); + if (r->iqmp != NULL) BN_clear_free(r->iqmp); + Free(r); + } + +int RSA_size(r) +RSA *r; + { + return(BN_num_bytes(r->n)); + } + +int RSA_public_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + } + +int RSA_private_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + } + +int RSA_private_decrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + } + +int RSA_public_decrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + } + diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c new file mode 100644 index 0000000000000000000000000000000000000000..62c211231afbcc2b369bfb97b145a9a3a11bc2f5 --- /dev/null +++ b/crypto/rsa/rsa_saos.c @@ -0,0 +1,153 @@ +/* crypto/rsa/rsa_saos.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "objects.h" +#include "x509.h" + +int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa) +int type; +unsigned char *m; +unsigned int m_len; +unsigned char *sigret; +unsigned int *siglen; +RSA *rsa; + { + ASN1_OCTET_STRING sig; + int i,j,ret=1; + unsigned char *p,*s; + + sig.type=V_ASN1_OCTET_STRING; + sig.length=m_len; + sig.data=m; + + i=i2d_ASN1_OCTET_STRING(&sig,NULL); + j=RSA_size(rsa); + if ((i-RSA_PKCS1_PADDING) > j) + { + RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return(0); + } + s=(unsigned char *)Malloc((unsigned int)j+1); + if (s == NULL) + { + RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); + return(0); + } + p=s; + i2d_ASN1_OCTET_STRING(&sig,&p); + i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); + if (i <= 0) + ret=0; + else + *siglen=i; + + memset(s,0,(unsigned int)j+1); + Free(s); + return(ret); + } + +int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa) +int dtype; +unsigned char *m; +unsigned int m_len; +unsigned char *sigbuf; +unsigned int siglen; +RSA *rsa; + { + int i,ret=0; + unsigned char *p,*s; + ASN1_OCTET_STRING *sig=NULL; + + if (siglen != (unsigned int)RSA_size(rsa)) + { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH); + return(0); + } + + s=(unsigned char *)Malloc((unsigned int)siglen); + if (s == NULL) + { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); + goto err; + } + i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + + if (i <= 0) goto err; + + p=s; + sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i); + if (sig == NULL) goto err; + + if ( ((unsigned int)sig->length != m_len) || + (memcmp(m,sig->data,m_len) != 0)) + { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE); + } + else + ret=1; +err: + if (sig != NULL) ASN1_OCTET_STRING_free(sig); + memset(s,0,(unsigned int)siglen); + Free(s); + return(ret); + } + diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c new file mode 100644 index 0000000000000000000000000000000000000000..7c815ed257e20f23f0315b0b87c171c1c6c201cb --- /dev/null +++ b/crypto/rsa/rsa_sign.c @@ -0,0 +1,196 @@ +/* crypto/rsa/rsa_sign.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "objects.h" +#include "x509.h" + +int RSA_sign(type,m,m_len,sigret,siglen,rsa) +int type; +unsigned char *m; +unsigned int m_len; +unsigned char *sigret; +unsigned int *siglen; +RSA *rsa; + { + X509_SIG sig; + ASN1_TYPE parameter; + int i,j,ret=1; + unsigned char *p,*s; + X509_ALGOR algor; + ASN1_OCTET_STRING digest; + + sig.algor= &algor; + sig.algor->algorithm=OBJ_nid2obj(type); + if (sig.algor->algorithm == NULL) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + return(0); + } + if (sig.algor->algorithm->length == 0) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + return(0); + } + parameter.type=V_ASN1_NULL; + parameter.value.ptr=NULL; + sig.algor->parameter= ¶meter; + + sig.digest= &digest; + sig.digest->data=m; + sig.digest->length=m_len; + + i=i2d_X509_SIG(&sig,NULL); + j=RSA_size(rsa); + if ((i-RSA_PKCS1_PADDING) > j) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return(0); + } + s=(unsigned char *)Malloc((unsigned int)j+1); + if (s == NULL) + { + RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); + return(0); + } + p=s; + i2d_X509_SIG(&sig,&p); + i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); + if (i <= 0) + ret=0; + else + *siglen=i; + + memset(s,0,(unsigned int)j+1); + Free(s); + return(ret); + } + +int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa) +int dtype; +unsigned char *m; +unsigned int m_len; +unsigned char *sigbuf; +unsigned int siglen; +RSA *rsa; + { + int i,ret=0,sigtype; + unsigned char *p,*s; + X509_SIG *sig=NULL; + + if (siglen != (unsigned int)RSA_size(rsa)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); + return(0); + } + + s=(unsigned char *)Malloc((unsigned int)siglen); + if (s == NULL) + { + RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + + if (i <= 0) goto err; + + p=s; + sig=d2i_X509_SIG(NULL,&p,(long)i); + if (sig == NULL) goto err; + sigtype=OBJ_obj2nid(sig->algor->algorithm); + +#ifdef RSA_DEBUG + /* put a backward compatability flag in EAY */ + fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), + OBJ_nid2ln(dtype)); +#endif + if (sigtype != dtype) + { + if (((dtype == NID_md5) && + (sigtype == NID_md5WithRSAEncryption)) || + ((dtype == NID_md2) && + (sigtype == NID_md2WithRSAEncryption))) + { + /* ok, we will let it through */ +#ifndef WIN16 + fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); +#endif + } + else + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH); + goto err; + } + } + if ( ((unsigned int)sig->digest->length != m_len) || + (memcmp(m,sig->digest->data,m_len) != 0)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + } + else + ret=1; +err: + if (sig != NULL) X509_SIG_free(sig); + memset(s,0,(unsigned int)siglen); + Free(s); + return(ret); + } + diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..3c3a9abd4614749ba650d080d58e75b239fd1a0c --- /dev/null +++ b/crypto/sha/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/sha/Makefile +# + +DIR= sha +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=shatest.c sha1test.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c +LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o + +SRC= $(LIBSRC) + +EXHEADER= sha.h +HEADER= sha_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/sha/sha.c b/crypto/sha/sha.c new file mode 100644 index 0000000000000000000000000000000000000000..2fcd9636ee2c99a9e9530a290d3089ca7cf41c93 --- /dev/null +++ b/crypto/sha/sha.c @@ -0,0 +1,135 @@ +/* crypto/sha/sha.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "sha.h" + +#define BUFSIZE 1024*16 + +#ifndef NOPROTO +void do_fp(FILE *f); +void pt(unsigned char *md); +int read(int, void *, unsigned int); +#else +void do_fp(); +void pt(); +int read(); +#endif + +int main(argc, argv) +int argc; +char **argv; + { + int i,err=0; + FILE *IN; + + if (argc == 1) + { + do_fp(stdin); + } + else + { + for (i=1; i +#include "cryptlib.h" +#include "sha.h" + +unsigned char *SHA1(d, n, md) +unsigned char *d; +unsigned long n; +unsigned char *md; + { + SHA_CTX c; + static unsigned char m[SHA_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA1_Init(&c); + SHA1_Update(&c,d,n); + SHA1_Final(md,&c); + memset(&c,0,sizeof(c)); + return(md); + } diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c new file mode 100644 index 0000000000000000000000000000000000000000..1a181263ad321973438ae0285a5a5b2542a71b75 --- /dev/null +++ b/crypto/sha/sha1dgst.c @@ -0,0 +1,373 @@ +/* crypto/sha/sha1dgst.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#undef SHA_0 +#define SHA_1 +#include "sha.h" +#include "sha_locl.h" + +char *SHA1_version="SHA1 part of SSLeay 0.8.1b 29-Jun-1998"; + +/* Implemented from SHA-1 document - The Secure Hash Algorithm + */ + +#define INIT_DATA_h0 (unsigned long)0x67452301L +#define INIT_DATA_h1 (unsigned long)0xefcdab89L +#define INIT_DATA_h2 (unsigned long)0x98badcfeL +#define INIT_DATA_h3 (unsigned long)0x10325476L +#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L + +#define K_00_19 0x5a827999L +#define K_20_39 0x6ed9eba1L +#define K_40_59 0x8f1bbcdcL +#define K_60_79 0xca62c1d6L + +#ifndef NOPROTO +static void sha1_block(SHA_CTX *c, register unsigned long *p); +#else +static void sha1_block(); +#endif + +void SHA1_Init(c) +SHA_CTX *c; + { + c->h0=INIT_DATA_h0; + c->h1=INIT_DATA_h1; + c->h2=INIT_DATA_h2; + c->h3=INIT_DATA_h3; + c->h4=INIT_DATA_h4; + c->Nl=0; + c->Nh=0; + c->num=0; + } + +void SHA1_Update(c, data, len) +SHA_CTX *c; +register unsigned char *data; +unsigned long len; + { + register ULONG *p; + int ew,ec,sw,sc; + ULONG l; + + if (len == 0) return; + + l=(c->Nl+(len<<3))&0xffffffff; + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh+=(len>>29); + c->Nl=l; + + if (c->num != 0) + { + p=c->data; + sw=c->num>>2; + sc=c->num&0x03; + + if ((c->num+len) >= SHA_CBLOCK) + { + l= p[sw]; + p_c2nl(data,l,sc); + p[sw++]=l; + for (; swnum); + + sha1_block(c,p); + c->num=0; + /* drop through and do the rest */ + } + else + { + c->num+=(int)len; + if ((sc+len) < 4) /* ugly, add char's to a word */ + { + l= p[sw]; + p_c2nl_p(data,l,sc,len); + p[sw]=l; + } + else + { + ew=(c->num>>2); + ec=(c->num&0x03); + l= p[sw]; + p_c2nl(data,l,sc); + p[sw++]=l; + for (; sw < ew; sw++) + { c2nl(data,l); p[sw]=l; } + if (ec) + { + c2nl_p(data,l,ec); + p[sw]=l; + } + } + return; + } + } + /* we now can process the input data in blocks of SHA_CBLOCK + * chars and save the leftovers to c->data. */ + p=c->data; + while (len >= SHA_CBLOCK) + { +#if defined(B_ENDIAN) || defined(L_ENDIAN) + memcpy(p,data,SHA_CBLOCK); + data+=SHA_CBLOCK; +#ifdef L_ENDIAN + for (sw=(SHA_LBLOCK/4); sw; sw--) + { + Endian_Reverse32(p[0]); + Endian_Reverse32(p[1]); + Endian_Reverse32(p[2]); + Endian_Reverse32(p[3]); + p+=4; + } +#endif +#else + for (sw=(SHA_BLOCK/4); sw; sw--) + { + c2nl(data,l); *(p++)=l; + c2nl(data,l); *(p++)=l; + c2nl(data,l); *(p++)=l; + c2nl(data,l); *(p++)=l; + } +#endif + p=c->data; + sha1_block(c,p); + len-=SHA_CBLOCK; + } + ec=(int)len; + c->num=ec; + ew=(ec>>2); + ec&=0x03; + + for (sw=0; sw < ew; sw++) + { c2nl(data,l); p[sw]=l; } + c2nl_p(data,l,ec); + p[sw]=l; + } + +static void sha1_block(c, X) +SHA_CTX *c; +register unsigned long *X; + { + register ULONG A,B,C,D,E,T; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + BODY_00_15( 0,A,B,C,D,E,T); + BODY_00_15( 1,T,A,B,C,D,E); + BODY_00_15( 2,E,T,A,B,C,D); + BODY_00_15( 3,D,E,T,A,B,C); + BODY_00_15( 4,C,D,E,T,A,B); + BODY_00_15( 5,B,C,D,E,T,A); + BODY_00_15( 6,A,B,C,D,E,T); + BODY_00_15( 7,T,A,B,C,D,E); + BODY_00_15( 8,E,T,A,B,C,D); + BODY_00_15( 9,D,E,T,A,B,C); + BODY_00_15(10,C,D,E,T,A,B); + BODY_00_15(11,B,C,D,E,T,A); + BODY_00_15(12,A,B,C,D,E,T); + BODY_00_15(13,T,A,B,C,D,E); + BODY_00_15(14,E,T,A,B,C,D); + BODY_00_15(15,D,E,T,A,B,C); + BODY_16_19(16,C,D,E,T,A,B); + BODY_16_19(17,B,C,D,E,T,A); + BODY_16_19(18,A,B,C,D,E,T); + BODY_16_19(19,T,A,B,C,D,E); + + BODY_20_39(20,E,T,A,B,C,D); + BODY_20_39(21,D,E,T,A,B,C); + BODY_20_39(22,C,D,E,T,A,B); + BODY_20_39(23,B,C,D,E,T,A); + BODY_20_39(24,A,B,C,D,E,T); + BODY_20_39(25,T,A,B,C,D,E); + BODY_20_39(26,E,T,A,B,C,D); + BODY_20_39(27,D,E,T,A,B,C); + BODY_20_39(28,C,D,E,T,A,B); + BODY_20_39(29,B,C,D,E,T,A); + BODY_20_39(30,A,B,C,D,E,T); + BODY_20_39(31,T,A,B,C,D,E); + BODY_20_39(32,E,T,A,B,C,D); + BODY_20_39(33,D,E,T,A,B,C); + BODY_20_39(34,C,D,E,T,A,B); + BODY_20_39(35,B,C,D,E,T,A); + BODY_20_39(36,A,B,C,D,E,T); + BODY_20_39(37,T,A,B,C,D,E); + BODY_20_39(38,E,T,A,B,C,D); + BODY_20_39(39,D,E,T,A,B,C); + + BODY_40_59(40,C,D,E,T,A,B); + BODY_40_59(41,B,C,D,E,T,A); + BODY_40_59(42,A,B,C,D,E,T); + BODY_40_59(43,T,A,B,C,D,E); + BODY_40_59(44,E,T,A,B,C,D); + BODY_40_59(45,D,E,T,A,B,C); + BODY_40_59(46,C,D,E,T,A,B); + BODY_40_59(47,B,C,D,E,T,A); + BODY_40_59(48,A,B,C,D,E,T); + BODY_40_59(49,T,A,B,C,D,E); + BODY_40_59(50,E,T,A,B,C,D); + BODY_40_59(51,D,E,T,A,B,C); + BODY_40_59(52,C,D,E,T,A,B); + BODY_40_59(53,B,C,D,E,T,A); + BODY_40_59(54,A,B,C,D,E,T); + BODY_40_59(55,T,A,B,C,D,E); + BODY_40_59(56,E,T,A,B,C,D); + BODY_40_59(57,D,E,T,A,B,C); + BODY_40_59(58,C,D,E,T,A,B); + BODY_40_59(59,B,C,D,E,T,A); + + BODY_60_79(60,A,B,C,D,E,T); + BODY_60_79(61,T,A,B,C,D,E); + BODY_60_79(62,E,T,A,B,C,D); + BODY_60_79(63,D,E,T,A,B,C); + BODY_60_79(64,C,D,E,T,A,B); + BODY_60_79(65,B,C,D,E,T,A); + BODY_60_79(66,A,B,C,D,E,T); + BODY_60_79(67,T,A,B,C,D,E); + BODY_60_79(68,E,T,A,B,C,D); + BODY_60_79(69,D,E,T,A,B,C); + BODY_60_79(70,C,D,E,T,A,B); + BODY_60_79(71,B,C,D,E,T,A); + BODY_60_79(72,A,B,C,D,E,T); + BODY_60_79(73,T,A,B,C,D,E); + BODY_60_79(74,E,T,A,B,C,D); + BODY_60_79(75,D,E,T,A,B,C); + BODY_60_79(76,C,D,E,T,A,B); + BODY_60_79(77,B,C,D,E,T,A); + BODY_60_79(78,A,B,C,D,E,T); + BODY_60_79(79,T,A,B,C,D,E); + + c->h0=(c->h0+E)&0xffffffff; + c->h1=(c->h1+T)&0xffffffff; + c->h2=(c->h2+A)&0xffffffff; + c->h3=(c->h3+B)&0xffffffff; + c->h4=(c->h4+C)&0xffffffff; + } + +void SHA1_Final(md, c) +unsigned char *md; +SHA_CTX *c; + { + register int i,j; + register ULONG l; + register ULONG *p; + static unsigned char end[4]={0x80,0x00,0x00,0x00}; + unsigned char *cp=end; + + /* c->num should definitly have room for at least one more byte. */ + p=c->data; + j=c->num; + i=j>>2; +#ifdef PURIFY + if ((j&0x03) == 0) p[i]=0; +#endif + l=p[i]; + p_c2nl(cp,l,j&0x03); + p[i]=l; + i++; + /* i is the next 'undefined word' */ + if (c->num >= SHA_LAST_BLOCK) + { + for (; iNh; + p[SHA_LBLOCK-1]=c->Nl; + sha1_block(c,p); + cp=md; + l=c->h0; nl2c(l,cp); + l=c->h1; nl2c(l,cp); + l=c->h2; nl2c(l,cp); + l=c->h3; nl2c(l,cp); + l=c->h4; nl2c(l,cp); + + /* clear stuff, sha1_block may be leaving some stuff on the stack + * but I'm not worried :-) */ + c->num=0; +/* memset((char *)&c,0,sizeof(c));*/ + } + +#ifdef undef +int printit(l) +unsigned long *l; + { + int i,ii; + + for (i=0; i<2; i++) + { + for (ii=0; ii<8; ii++) + { + fprintf(stderr,"%08lx ",l[i*8+ii]); + } + fprintf(stderr,"\n"); + } + } +#endif diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c new file mode 100644 index 0000000000000000000000000000000000000000..9c172c024113d15922cbe3a8a1c0073a2e87c67f --- /dev/null +++ b/crypto/sha/sha1test.c @@ -0,0 +1,155 @@ +/* crypto/sha/sha1test.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "sha.h" + +#undef SHA_0 /* FIPS 180 */ +#define SHA_1 /* FIPS 180-1 */ + +char *test[]={ + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL, + }; + +#ifdef SHA_0 +char *ret[]={ + "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", + "d2516ee1acfa5baf33dfc1c471e438449ef134c8", + }; +char *bigret= + "3232affa48628a26653b5aaa44541fd90d690603"; +#endif +#ifdef SHA_1 +char *ret[]={ + "a9993e364706816aba3e25717850c26c9cd0d89d", + "84983e441c3bd26ebaae4aa1f95129e5e54670f1", + }; +char *bigret= + "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; +#endif + +#ifndef NOPROTO +static char *pt(unsigned char *md); +#else +static char *pt(); +#endif + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,err=0; + unsigned char **P,**R; + static unsigned char buf[1000]; + char *p,*r; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + + P=(unsigned char **)test; + R=(unsigned char **)ret; + i=1; + while (*P != NULL) + { + p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL)); + if (strcmp(p,(char *)*R) != 0) + { + printf("error calculating SHA1 on '%s'\n",*P); + printf("got %s instead of %s\n",p,*R); + err++; + } + else + printf("test %d ok\n",i); + i++; + R++; + P++; + } + + memset(buf,'a',1000); + SHA1_Init(&c); + for (i=0; i<1000; i++) + SHA1_Update(&c,buf,1000); + SHA1_Final(md,&c); + p=pt(md); + + r=bigret; + if (strcmp(p,r) != 0) + { + printf("error calculating SHA1 on '%s'\n",p); + printf("got %s instead of %s\n",p,r); + err++; + } + else + printf("test 3 ok\n"); + exit(err); + return(0); + } + +static char *pt(md) +unsigned char *md; + { + int i; + static char buf[80]; + + for (i=0; i +#define SHA_0 +#undef SHA_1 +#include "sha.h" +#include "sha_locl.h" + +char *SHA_version="SHA part of SSLeay 0.8.1b 29-Jun-1998"; + +/* Implemented from SHA document - The Secure Hash Algorithm + */ + +#define INIT_DATA_h0 (unsigned long)0x67452301L +#define INIT_DATA_h1 (unsigned long)0xefcdab89L +#define INIT_DATA_h2 (unsigned long)0x98badcfeL +#define INIT_DATA_h3 (unsigned long)0x10325476L +#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L + +#define K_00_19 0x5a827999L +#define K_20_39 0x6ed9eba1L +#define K_40_59 0x8f1bbcdcL +#define K_60_79 0xca62c1d6L + +#ifndef NOPROTO +static void sha_block(SHA_CTX *c, register unsigned long *p); +#else +static void sha_block(); +#endif + +void SHA_Init(c) +SHA_CTX *c; + { + c->h0=INIT_DATA_h0; + c->h1=INIT_DATA_h1; + c->h2=INIT_DATA_h2; + c->h3=INIT_DATA_h3; + c->h4=INIT_DATA_h4; + c->Nl=0; + c->Nh=0; + c->num=0; + } + +void SHA_Update(c, data, len) +SHA_CTX *c; +register unsigned char *data; +unsigned long len; + { + register ULONG *p; + int sw,sc,ew,ec; + ULONG l; + + if (len == 0) return; + + l=(c->Nl+(len<<3))&0xffffffff; + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh+=(len>>29); + c->Nl=l; + + if (c->num != 0) + { + p=c->data; + sw=c->num>>2; + sc=c->num&0x03; + + if ((c->num+len) >= SHA_CBLOCK) + { + l= p[sw]; + p_c2nl(data,l,sc); + p[sw++]=l; + for (; swnum); + + sha_block(c,p); + c->num=0; + /* drop through and do the rest */ + } + else + { + c->num+=(int)len; + if ((sc+len) < 4) /* ugly, add char's to a word */ + { + l= p[sw]; + p_c2nl_p(data,l,sc,len); + p[sw]=l; + } + else + { + ew=(c->num>>2); + ec=(c->num&0x03); + l= p[sw]; + p_c2nl(data,l,sc); + p[sw++]=l; + for (; sw < ew; sw++) + { c2nl(data,l); p[sw]=l; } + if (ec) + { + c2nl_p(data,l,ec); + p[sw]=l; + } + } + return; + } + } + /* we now can process the input data in blocks of SHA_CBLOCK + * chars and save the leftovers to c->data. */ + p=c->data; + while (len >= SHA_CBLOCK) + { +#if defined(B_ENDIAN) || defined(L_ENDIAN) + memcpy(p,data,SHA_CBLOCK); + data+=SHA_CBLOCK; +#ifdef L_ENDIAN + for (sw=(SHA_LBLOCK/4); sw; sw--) + { + Endian_Reverse32(p[0]); + Endian_Reverse32(p[1]); + Endian_Reverse32(p[2]); + Endian_Reverse32(p[3]); + p+=4; + } +#endif +#else + for (sw=(SHA_LBLOCK/4); sw; sw--) + { + c2nl(data,l); *(p++)=l; + c2nl(data,l); *(p++)=l; + c2nl(data,l); *(p++)=l; + c2nl(data,l); *(p++)=l; + } +#endif + p=c->data; + sha_block(c,p); + len-=SHA_CBLOCK; + } + ec=(int)len; + c->num=ec; + ew=(ec>>2); + ec&=0x03; + + for (sw=0; sw < ew; sw++) + { c2nl(data,l); p[sw]=l; } + c2nl_p(data,l,ec); + p[sw]=l; + } + +static void sha_block(c, X) +SHA_CTX *c; +register unsigned long *X; + { + register ULONG A,B,C,D,E,T; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + BODY_00_15( 0,A,B,C,D,E,T); + BODY_00_15( 1,T,A,B,C,D,E); + BODY_00_15( 2,E,T,A,B,C,D); + BODY_00_15( 3,D,E,T,A,B,C); + BODY_00_15( 4,C,D,E,T,A,B); + BODY_00_15( 5,B,C,D,E,T,A); + BODY_00_15( 6,A,B,C,D,E,T); + BODY_00_15( 7,T,A,B,C,D,E); + BODY_00_15( 8,E,T,A,B,C,D); + BODY_00_15( 9,D,E,T,A,B,C); + BODY_00_15(10,C,D,E,T,A,B); + BODY_00_15(11,B,C,D,E,T,A); + BODY_00_15(12,A,B,C,D,E,T); + BODY_00_15(13,T,A,B,C,D,E); + BODY_00_15(14,E,T,A,B,C,D); + BODY_00_15(15,D,E,T,A,B,C); + BODY_16_19(16,C,D,E,T,A,B); + BODY_16_19(17,B,C,D,E,T,A); + BODY_16_19(18,A,B,C,D,E,T); + BODY_16_19(19,T,A,B,C,D,E); + + BODY_20_39(20,E,T,A,B,C,D); + BODY_20_39(21,D,E,T,A,B,C); + BODY_20_39(22,C,D,E,T,A,B); + BODY_20_39(23,B,C,D,E,T,A); + BODY_20_39(24,A,B,C,D,E,T); + BODY_20_39(25,T,A,B,C,D,E); + BODY_20_39(26,E,T,A,B,C,D); + BODY_20_39(27,D,E,T,A,B,C); + BODY_20_39(28,C,D,E,T,A,B); + BODY_20_39(29,B,C,D,E,T,A); + BODY_20_39(30,A,B,C,D,E,T); + BODY_20_39(31,T,A,B,C,D,E); + BODY_20_39(32,E,T,A,B,C,D); + BODY_20_39(33,D,E,T,A,B,C); + BODY_20_39(34,C,D,E,T,A,B); + BODY_20_39(35,B,C,D,E,T,A); + BODY_20_39(36,A,B,C,D,E,T); + BODY_20_39(37,T,A,B,C,D,E); + BODY_20_39(38,E,T,A,B,C,D); + BODY_20_39(39,D,E,T,A,B,C); + + BODY_40_59(40,C,D,E,T,A,B); + BODY_40_59(41,B,C,D,E,T,A); + BODY_40_59(42,A,B,C,D,E,T); + BODY_40_59(43,T,A,B,C,D,E); + BODY_40_59(44,E,T,A,B,C,D); + BODY_40_59(45,D,E,T,A,B,C); + BODY_40_59(46,C,D,E,T,A,B); + BODY_40_59(47,B,C,D,E,T,A); + BODY_40_59(48,A,B,C,D,E,T); + BODY_40_59(49,T,A,B,C,D,E); + BODY_40_59(50,E,T,A,B,C,D); + BODY_40_59(51,D,E,T,A,B,C); + BODY_40_59(52,C,D,E,T,A,B); + BODY_40_59(53,B,C,D,E,T,A); + BODY_40_59(54,A,B,C,D,E,T); + BODY_40_59(55,T,A,B,C,D,E); + BODY_40_59(56,E,T,A,B,C,D); + BODY_40_59(57,D,E,T,A,B,C); + BODY_40_59(58,C,D,E,T,A,B); + BODY_40_59(59,B,C,D,E,T,A); + + BODY_60_79(60,A,B,C,D,E,T); + BODY_60_79(61,T,A,B,C,D,E); + BODY_60_79(62,E,T,A,B,C,D); + BODY_60_79(63,D,E,T,A,B,C); + BODY_60_79(64,C,D,E,T,A,B); + BODY_60_79(65,B,C,D,E,T,A); + BODY_60_79(66,A,B,C,D,E,T); + BODY_60_79(67,T,A,B,C,D,E); + BODY_60_79(68,E,T,A,B,C,D); + BODY_60_79(69,D,E,T,A,B,C); + BODY_60_79(70,C,D,E,T,A,B); + BODY_60_79(71,B,C,D,E,T,A); + BODY_60_79(72,A,B,C,D,E,T); + BODY_60_79(73,T,A,B,C,D,E); + BODY_60_79(74,E,T,A,B,C,D); + BODY_60_79(75,D,E,T,A,B,C); + BODY_60_79(76,C,D,E,T,A,B); + BODY_60_79(77,B,C,D,E,T,A); + BODY_60_79(78,A,B,C,D,E,T); + BODY_60_79(79,T,A,B,C,D,E); + + c->h0=(c->h0+E)&0xffffffff; + c->h1=(c->h1+T)&0xffffffff; + c->h2=(c->h2+A)&0xffffffff; + c->h3=(c->h3+B)&0xffffffff; + c->h4=(c->h4+C)&0xffffffff; + } + +void SHA_Final(md, c) +unsigned char *md; +SHA_CTX *c; + { + register int i,j; + register ULONG l; + register ULONG *p; + static unsigned char end[4]={0x80,0x00,0x00,0x00}; + unsigned char *cp=end; + + /* c->num should definitly have room for at least one more byte. */ + p=c->data; + j=c->num; + i=j>>2; +#ifdef PURIFY + if ((j&0x03) == 0) p[i]=0; +#endif + l=p[i]; + p_c2nl(cp,l,j&0x03); + p[i]=l; + i++; + /* i is the next 'undefined word' */ + if (c->num >= SHA_LAST_BLOCK) + { + for (; iNh; + p[SHA_LBLOCK-1]=c->Nl; + sha_block(c,p); + cp=md; + l=c->h0; nl2c(l,cp); + l=c->h1; nl2c(l,cp); + l=c->h2; nl2c(l,cp); + l=c->h3; nl2c(l,cp); + l=c->h4; nl2c(l,cp); + /* clear stuff, sha_block may be leaving some stuff on the stack + * but I'm not worried :-) */ + c->num=0; +/* memset((char *)&c,0,sizeof(c));*/ + } + + +#ifdef undef +int printit(l) +unsigned long *l; + { + int i,ii; + + for (i=0; i<2; i++) + { + for (ii=0; ii<8; ii++) + { + fprintf(stderr,"%08lx ",l[i*8+ii]); + } + fprintf(stderr,"\n"); + } + } +#endif + diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h new file mode 100644 index 0000000000000000000000000000000000000000..0a5cf46990b20aef9bb4dcad02e91b7dacee9637 --- /dev/null +++ b/crypto/sha/sha_locl.h @@ -0,0 +1,198 @@ +/* crypto/sha/sha_locl.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +#ifdef undef +/* one or the other needs to be defined */ +#ifndef SHA_1 /* FIPE 180-1 */ +#define SHA_0 /* FIPS 180 */ +#endif +#endif + +#define ULONG unsigned long +#define UCHAR unsigned char +#define UINT unsigned int + +#ifdef NOCONST +#define const +#endif + +#undef c2nl +#define c2nl(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++))) )) + +#undef p_c2nl +#define p_c2nl(c,l,n) { \ + switch (n) { \ + case 0: l =((unsigned long)(*((c)++)))<<24; \ + case 1: l|=((unsigned long)(*((c)++)))<<16; \ + case 2: l|=((unsigned long)(*((c)++)))<< 8; \ + case 3: l|=((unsigned long)(*((c)++))); \ + } \ + } + +#undef c2nl_p +/* NOTE the pointer is not incremented at the end of this */ +#define c2nl_p(c,l,n) { \ + l=0; \ + (c)+=n; \ + switch (n) { \ + case 3: l =((unsigned long)(*(--(c))))<< 8; \ + case 2: l|=((unsigned long)(*(--(c))))<<16; \ + case 1: l|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +#undef p_c2nl_p +#define p_c2nl_p(c,l,sc,len) { \ + switch (sc) \ + { \ + case 0: l =((unsigned long)(*((c)++)))<<24; \ + if (--len == 0) break; \ + case 1: l|=((unsigned long)(*((c)++)))<<16; \ + if (--len == 0) break; \ + case 2: l|=((unsigned long)(*((c)++)))<< 8; \ + } \ + } + +#undef nl2c +#define nl2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* I have taken some of this code from my MD5 implementation */ + +#undef ROTATE +#if defined(WIN32) +#define ROTATE(a,n) _lrotl(a,n) +#else +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +#endif + +/* A nice byte order reversal from Wei Dai */ +#if defined(WIN32) +/* 5 instructions with rotate instruction, else 9 */ +#define Endian_Reverse32(a) \ + { \ + unsigned long l=(a); \ + (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \ + } +#else +/* 6 instructions with rotate instruction, else 8 */ +#define Endian_Reverse32(a) \ + { \ + unsigned long l=(a); \ + l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \ + (a)=ROTATE(l,16L); \ + } +#endif + +/* As pointed out by Wei Dai , F() below can be + * simplified to the code in F_00_19. Wei attributes these optimisations + * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. + * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) + * I've just become aware of another tweak to be made, again from Wei Dai, + * in F_40_59, (x&a)|(y&a) -> (x|y)&a + */ +#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) +#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) +#define F_60_79(b,c,d) F_20_39(b,c,d) + +#ifdef SHA_0 +#undef Xupdate +#define Xupdate(a,i) \ + X[(i)&0x0f]=(a)=\ + (X[(i)&0x0f]^X[((i)+2)&0x0f]^X[((i)+8)&0x0f]^X[((i)+13)&0x0f]); +#endif +#ifdef SHA_1 +#undef Xupdate +#define Xupdate(a,i) \ + (a)=(X[(i)&0x0f]^X[((i)+2)&0x0f]^X[((i)+8)&0x0f]^X[((i)+13)&0x0f]); \ + X[(i)&0x0f]=(a)=ROTATE((a),1); +#endif + +#define BODY_00_15(i,a,b,c,d,e,f) \ + (f)=X[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_16_19(i,a,b,c,d,e,f) \ + Xupdate(f,i); \ + (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_20_39(i,a,b,c,d,e,f) \ + Xupdate(f,i); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_40_59(i,a,b,c,d,e,f) \ + Xupdate(f,i); \ + (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_60_79(i,a,b,c,d,e,f) \ + Xupdate(f,i); \ + (f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ + (b)=ROTATE((b),30); + diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c new file mode 100644 index 0000000000000000000000000000000000000000..87da617bec0d0ad8756be71ffbd43cebe871e870 --- /dev/null +++ b/crypto/sha/sha_one.c @@ -0,0 +1,77 @@ +/* crypto/sha/sha_one.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "sha.h" + +unsigned char *SHA(d, n, md) +unsigned char *d; +unsigned long n; +unsigned char *md; + { + SHA_CTX c; + static unsigned char m[SHA_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA_Init(&c); + SHA_Update(&c,d,n); + SHA_Final(md,&c); + memset(&c,0,sizeof(c)); + return(md); + } diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c new file mode 100644 index 0000000000000000000000000000000000000000..28c2e19236d3c8ea302ab332776e8ac77a551174 --- /dev/null +++ b/crypto/sha/shatest.c @@ -0,0 +1,155 @@ +/* crypto/sha/shatest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "sha.h" + +#define SHA_0 /* FIPS 180 */ +#undef SHA_1 /* FIPS 180-1 */ + +char *test[]={ + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL, + }; + +#ifdef SHA_0 +char *ret[]={ + "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", + "d2516ee1acfa5baf33dfc1c471e438449ef134c8", + }; +char *bigret= + "3232affa48628a26653b5aaa44541fd90d690603"; +#endif +#ifdef SHA_1 +char *ret[]={ + "a9993e364706816aba3e25717850c26c9cd0d89d", + "84983e441c3bd26ebaae4aa1f95129e5e54670f1", + }; +char *bigret= + "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; +#endif + +#ifndef NOPROTO +static char *pt(unsigned char *md); +#else +static char *pt(); +#endif + +int main(argc,argv) +int argc; +char *argv[]; + { + int i,err=0; + unsigned char **P,**R; + static unsigned char buf[1000]; + char *p,*r; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + + P=(unsigned char **)test; + R=(unsigned char **)ret; + i=1; + while (*P != NULL) + { + p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL)); + if (strcmp(p,(char *)*R) != 0) + { + printf("error calculating SHA on '%s'\n",*P); + printf("got %s instead of %s\n",p,*R); + err++; + } + else + printf("test %d ok\n",i); + i++; + R++; + P++; + } + + memset(buf,'a',1000); + SHA_Init(&c); + for (i=0; i<1000; i++) + SHA_Update(&c,buf,1000); + SHA_Final(md,&c); + p=pt(md); + + r=bigret; + if (strcmp(p,r) != 0) + { + printf("error calculating SHA on '%s'\n",p); + printf("got %s instead of %s\n",p,r); + err++; + } + else + printf("test 3 ok\n"); + exit(err); + return(0); + } + +static char *pt(md) +unsigned char *md; + { + int i; + static char buf[80]; + + for (i=0; i> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c new file mode 100644 index 0000000000000000000000000000000000000000..712089ef3179d5b7742aaec83aed01666bd7421d --- /dev/null +++ b/crypto/stack/stack.c @@ -0,0 +1,299 @@ +/* crypto/stack/stack.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Code for stacks + * Author - Eric Young v 1.0 + * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the + * lowest index for the seached item. + * + * 1.1 eay - Take from netdb and added to SSLeay + * + * 1.0 eay - First version 29/07/92 + */ +#include +#include "cryptlib.h" +#include "stack.h" + +#undef MIN_NODES +#define MIN_NODES 4 + +char *STACK_version="STACK part of SSLeay 0.8.1b 29-Jun-1998"; + +#ifndef NOPROTO +#define FP_ICC (int (*)(const void *,const void *)) +#else +#define FP_ICC +#endif + +#include + +void sk_set_cmp_func(sk,c) +STACK *sk; +int (*c)(); + { + if (sk->comp != c) + sk->sorted=0; + sk->comp=c; + } + +STACK *sk_dup(sk) +STACK *sk; + { + STACK *ret; + char **s; + + if ((ret=sk_new(sk->comp)) == NULL) goto err; + s=(char **)Realloc((char *)ret->data, + (unsigned int)sizeof(char *)*sk->num_alloc); + if (s == NULL) goto err; + ret->data=s; + + ret->num=sk->num; + memcpy(ret->data,sk->data,sizeof(char *)*sk->num); + ret->sorted=sk->sorted; + ret->num_alloc=sk->num_alloc; + ret->comp=sk->comp; + return(ret); +err: + return(NULL); + } + +STACK *sk_new(c) +int (*c)(); + { + STACK *ret; + int i; + + if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL) + goto err0; + if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL) + goto err1; + for (i=0; idata[i]=NULL; + ret->comp=c; + ret->num_alloc=MIN_NODES; + ret->num=0; + ret->sorted=0; + return(ret); +err1: + Free((char *)ret); +err0: + return(NULL); + } + +int sk_insert(st,data,loc) +STACK *st; +char *data; +int loc; + { + char **s; + + if (st->num_alloc <= st->num+1) + { + s=(char **)Realloc((char *)st->data, + (unsigned int)sizeof(char *)*st->num_alloc*2); + if (s == NULL) + return(0); + st->data=s; + st->num_alloc*=2; + } + if ((loc >= (int)st->num) || (loc < 0)) + st->data[st->num]=data; + else + { + int i; + char **f,**t; + + f=(char **)st->data; + t=(char **)&(st->data[1]); + for (i=st->num; i>loc; i--) + t[i]=f[i]; + +#ifdef undef /* no memmove on sunos :-( */ + memmove( (char *)&(st->data[loc+1]), + (char *)&(st->data[loc]), + sizeof(char *)*(st->num-loc)); +#endif + st->data[loc]=data; + } + st->num++; + st->sorted=0; + return(st->num); + } + +char *sk_delete_ptr(st,p) +STACK *st; +char *p; + { + int i; + + for (i=0; inum; i++) + if (st->data[i] == p) + return(sk_delete(st,i)); + return(NULL); + } + +char *sk_delete(st,loc) +STACK *st; +int loc; + { + char *ret; + + if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL); + + ret=st->data[loc]; + if (loc != st->num-1) + memcpy( &(st->data[loc]), + &(st->data[loc+1]), + sizeof(char *)*(st->num-loc-1)); + st->num--; + return(ret); + } + +int sk_find(st,data) +STACK *st; +char *data; + { + char **r; + int i; + int (*comp_func)(); + + if (st->comp == NULL) + { + for (i=0; inum; i++) + if (st->data[i] == data) + return(i); + return(-1); + } + comp_func=(int (*)())st->comp; + if (!st->sorted) + { + qsort((char *)st->data,st->num,sizeof(char *),FP_ICC comp_func); + st->sorted=1; + } + if (data == NULL) return(-1); + r=(char **)bsearch(&data,(char *)st->data, + st->num,sizeof(char *),FP_ICC comp_func); + if (r == NULL) return(-1); + i=(int)(r-st->data); + for ( ; i>0; i--) + if ((*st->comp)(&(st->data[i-1]),&data) < 0) + break; + return(i); + } + +int sk_push(st,data) +STACK *st; +char *data; + { + return(sk_insert(st,data,st->num)); + } + +int sk_unshift(st,data) +STACK *st; +char *data; + { + return(sk_insert(st,data,0)); + } + +char *sk_shift(st) +STACK *st; + { + if (st == NULL) return(NULL); + if (st->num <= 0) return(NULL); + return(sk_delete(st,0)); + } + +char *sk_pop(st) +STACK *st; + { + if (st == NULL) return(NULL); + if (st->num <= 0) return(NULL); + return(sk_delete(st,st->num-1)); + } + +void sk_zero(st) +STACK *st; + { + if (st == NULL) return; + if (st->num <= 0) return; + memset((char *)st->data,0,sizeof(st->data)*st->num); + st->num=0; + } + +void sk_pop_free(st,func) +STACK *st; +void (*func)(); + { + int i; + + if (st == NULL) return; + for (i=0; inum; i++) + if (st->data[i] != NULL) + func(st->data[i]); + sk_free(st); + } + +void sk_free(st) +STACK *st; + { + if (st == NULL) return; + if (st->data != NULL) Free((char *)st->data); + Free((char *)st); + } + diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h new file mode 100644 index 0000000000000000000000000000000000000000..66ba83ec40ca8bfdce3b6eb72b3db7f96fc3953e --- /dev/null +++ b/crypto/stack/stack.h @@ -0,0 +1,120 @@ +/* crypto/stack/stack.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_STACK_H +#define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st + { + int num; + char **data; + int sorted; + + int num_alloc; + int (*comp)(); + } STACK; + +#define sk_num(sk) ((sk)->num) +#define sk_value(sk,n) ((sk)->data[n]) + +#define sk_new_null() sk_new(NULL) +#ifndef NOPROTO + +STACK *sk_new(int (*cmp)()); +void sk_free(STACK *); +void sk_pop_free(STACK *st, void (*func)()); +int sk_insert(STACK *sk,char *data,int where); +char *sk_delete(STACK *st,int loc); +char *sk_delete_ptr(STACK *st, char *p); +int sk_find(STACK *st,char *data); +int sk_push(STACK *st,char *data); +int sk_unshift(STACK *st,char *data); +char *sk_shift(STACK *st); +char *sk_pop(STACK *st); +void sk_zero(STACK *st); +void sk_set_cmp_func(STACK *sk, int (*c)()); +STACK *sk_dup(STACK *st); + +#else + +STACK *sk_new(); +void sk_free(); +void sk_pop_free(); +int sk_insert(); +char *sk_delete(); +char *sk_delete_ptr(); +int sk_find(); +int sk_push(); +int sk_unshift(); +char *sk_shift(); +char *sk_pop(); +void sk_zero(); +void sk_set_cmp_func(); +STACK *sk_dup(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/txt_db/Makefile.ssl b/crypto/txt_db/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..76e511534f16b9f59ddb21426b6a4487ea2459ad --- /dev/null +++ b/crypto/txt_db/Makefile.ssl @@ -0,0 +1,80 @@ +# +# SSLeay/crypto/txt_db/Makefile +# + +DIR= txt_db +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=txt_db.c +LIBOBJ=txt_db.o + +SRC= $(LIBSRC) + +EXHEADER= txt_db.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c new file mode 100644 index 0000000000000000000000000000000000000000..ae8db3917bfeaee3f4c2b40a0f72b3925214072a --- /dev/null +++ b/crypto/txt_db/txt_db.c @@ -0,0 +1,394 @@ +/* crypto/txt_db/txt_db.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "cryptlib.h" +#include "buffer.h" +#include "txt_db.h" + +#undef BUFSIZE +#define BUFSIZE 512 + +char *TXT_DB_version="TXT_DB part of SSLeay 0.8.1b 29-Jun-1998"; + +TXT_DB *TXT_DB_read(in,num) +BIO *in; +int num; + { + TXT_DB *ret=NULL; + int er=1; + int esc=0; + long ln=0; + int i,add,n; + int size=BUFSIZE; + int offset=0; + char *p,**pp,*f; + BUF_MEM *buf=NULL; + + if ((buf=BUF_MEM_new()) == NULL) goto err; + if (!BUF_MEM_grow(buf,size)) goto err; + + if ((ret=(TXT_DB *)Malloc(sizeof(TXT_DB))) == NULL) + goto err; + ret->num_fields=num; + ret->index=NULL; + ret->qual=NULL; + if ((ret->data=sk_new_null()) == NULL) + goto err; + if ((ret->index=(LHASH **)Malloc(sizeof(LHASH *)*num)) == NULL) + goto err; + if ((ret->qual=(int (**)())Malloc(sizeof(int (**)())*num)) == NULL) + goto err; + for (i=0; iindex[i]=NULL; + ret->qual[i]=NULL; + } + + add=(num+1)*sizeof(char *); + buf->data[size-1]='\0'; + offset=0; + for (;;) + { + if (offset != 0) + { + size+=BUFSIZE; + if (!BUF_MEM_grow(buf,size)) goto err; + } + buf->data[offset]='\0'; + BIO_gets(in,&(buf->data[offset]),size-offset); + ln++; + if (buf->data[offset] == '\0') break; + if ((offset == 0) && (buf->data[0] == '#')) continue; + i=strlen(&(buf->data[offset])); + offset+=i; + if (buf->data[offset-1] != '\n') + continue; + else + { + buf->data[offset-1]='\0'; /* blat the '\n' */ + p=(char *)Malloc(add+offset); + offset=0; + } + pp=(char **)p; + p+=add; + n=0; + pp[n++]=p; + i=0; + f=buf->data; + + esc=0; + for (;;) + { + if (*f == '\0') break; + if (*f == '\t') + { + if (esc) + p--; + else + { + *(p++)='\0'; + f++; + if (n >= num) break; + pp[n++]=p; + continue; + } + } + esc=(*f == '\\'); + *(p++)= *(f++); + } + *(p++)='\0'; + if ((n != num) || (*f != '\0')) + { +#ifndef WIN16 /* temporaty fix :-( */ + fprintf(stderr,"wrong number of fields on line %ld\n",ln); +#endif + er=2; + goto err; + } + pp[n]=p; + if (!sk_push(ret->data,(char *)pp)) + { +#ifndef WIN16 /* temporaty fix :-( */ + fprintf(stderr,"failure in sk_push\n"); +#endif + er=2; + goto err; + } + } + er=0; +err: + BUF_MEM_free(buf); + if (er) + { +#ifndef WIN16 + if (er == 1) fprintf(stderr,"Malloc failure\n"); +#endif + if (ret->data != NULL) sk_free(ret->data); + if (ret->index != NULL) Free(ret->index); + if (ret->qual != NULL) Free((char *)ret->qual); + if (ret != NULL) Free(ret); + return(NULL); + } + else + return(ret); + } + +char **TXT_DB_get_by_index(db,idx,value) +TXT_DB *db; +int idx; +char **value; + { + char **ret; + LHASH *lh; + + if (idx >= db->num_fields) + { + db->error=DB_ERROR_INDEX_OUT_OF_RANGE; + return(NULL); + } + lh=db->index[idx]; + if (lh == NULL) + { + db->error=DB_ERROR_NO_INDEX; + return(NULL); + } + ret=(char **)lh_retrieve(lh,(char *)value); + db->error=DB_ERROR_OK; + return(ret); + } + +int TXT_DB_create_index(db,field,qual,hash,cmp) +TXT_DB *db; +int field; +int (*qual)(); +unsigned long (*hash)(); +int (*cmp)(); + { + LHASH *idx; + char *r; + int i,n; + + if (field >= db->num_fields) + { + db->error=DB_ERROR_INDEX_OUT_OF_RANGE; + return(0); + } + if ((idx=lh_new(hash,cmp)) == NULL) + { + db->error=DB_ERROR_MALLOC; + return(0); + } + n=sk_num(db->data); + for (i=0; idata,i); + if ((qual != NULL) && (qual(r) == 0)) continue; + if ((r=lh_insert(idx,r)) != NULL) + { + db->error=DB_ERROR_INDEX_CLASH; + db->arg1=sk_find(db->data,r); + db->arg2=i; + lh_free(idx); + return(0); + } + } + if (db->index[field] != NULL) lh_free(db->index[field]); + db->index[field]=idx; + db->qual[field]=qual; + return(1); + } + +long TXT_DB_write(out,db) +BIO *out; +TXT_DB *db; + { + long i,j,n,nn,l,tot=0; + char *p,**pp,*f; + BUF_MEM *buf=NULL; + long ret= -1; + + if ((buf=BUF_MEM_new()) == NULL) + goto err; + n=sk_num(db->data); + nn=db->num_fields; + for (i=0; idata,i); + + l=0; + for (j=0; jdata; + for (j=0; jdata; + if (BIO_write(out,buf->data,(int)j) != j) + goto err; + tot+=j; + } + ret=tot; +err: + if (buf != NULL) BUF_MEM_free(buf); + return(ret); + } + +int TXT_DB_insert(db,row) +TXT_DB *db; +char **row; + { + int i; + char **r; + + for (i=0; inum_fields; i++) + { + if (db->index[i] != NULL) + { + if ((db->qual[i] != NULL) && + (db->qual[i](row) == 0)) continue; + r=(char **)lh_retrieve(db->index[i],(char *)row); + if (r != NULL) + { + db->error=DB_ERROR_INDEX_CLASH; + db->arg1=i; + db->arg_row=r; + goto err; + } + } + } + /* We have passed the index checks, now just append and insert */ + if (!sk_push(db->data,(char *)row)) + { + db->error=DB_ERROR_MALLOC; + goto err; + } + + for (i=0; inum_fields; i++) + { + if (db->index[i] != NULL) + { + if ((db->qual[i] != NULL) && + (db->qual[i](row) == 0)) continue; + lh_insert(db->index[i],(char *)row); + } + } + return(1); +err: + return(0); + } + +void TXT_DB_free(db) +TXT_DB *db; + { + int i,n; + char **p,*max; + + if (db->index != NULL) + { + for (i=db->num_fields-1; i>=0; i--) + if (db->index[i] != NULL) lh_free(db->index[i]); + Free(db->index); + } + if (db->qual != NULL) + Free(db->qual); + if (db->data != NULL) + { + for (i=sk_num(db->data)-1; i>=0; i--) + { + /* check if any 'fields' have been allocated + * from outside of the initial block */ + p=(char **)sk_value(db->data,i); + max=p[db->num_fields]; /* last address */ + if (max == NULL) /* new row */ + { + for (n=0; nnum_fields; n++) + if (p[n] != NULL) Free(p[n]); + } + else + { + for (n=0; nnum_fields; n++) + { + if (((p[n] < (char *)p) || (p[n] > max)) + && (p[n] != NULL)) + Free(p[n]); + } + } + Free(sk_value(db->data,i)); + } + sk_free(db->data); + } + Free(db); + } diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h new file mode 100644 index 0000000000000000000000000000000000000000..4775d5ecce2349b9a020bc8f04580c25f39b9126 --- /dev/null +++ b/crypto/txt_db/txt_db.h @@ -0,0 +1,117 @@ +/* crypto/txt_db/txt_db.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_TXT_DB_H +#define HEADER_TXT_DB_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "stack.h" +#include "lhash.h" + +#define DB_ERROR_OK 0 +#define DB_ERROR_MALLOC 1 +#define DB_ERROR_INDEX_CLASH 2 +#define DB_ERROR_INDEX_OUT_OF_RANGE 3 +#define DB_ERROR_NO_INDEX 4 +#define DB_ERROR_INSERT_INDEX_CLASH 5 + +typedef struct txt_db_st + { + int num_fields; + STACK /* char ** */ *data; + LHASH **index; + int (**qual)(); + long error; + long arg1; + long arg2; + char **arg_row; + } TXT_DB; + +#ifndef NOPROTO +#ifdef HEADER_BIO_H +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +#else +TXT_DB *TXT_DB_read(char *in, int num); +long TXT_DB_write(char *out, TXT_DB *db); +#endif +int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), + unsigned long (*hash)(),int (*cmp)()); +void TXT_DB_free(TXT_DB *db); +char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); +int TXT_DB_insert(TXT_DB *db,char **value); + +#else + +TXT_DB *TXT_DB_read(); +long TXT_DB_write(); +int TXT_DB_create_index(); +void TXT_DB_free(); +char **TXT_DB_get_by_index(); +int TXT_DB_insert(); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..e54a74d1e8104d67e2dc0dfd474bbca436e5e8cc --- /dev/null +++ b/crypto/x509/Makefile.ssl @@ -0,0 +1,96 @@ +# +# SSLeay/crypto/x509/Makefile +# + +DIR= x509 +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=x509 +ERRC=x509_err +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ + x509_obj.c x509_req.c x509_vfy.c \ + x509_set.c x509rset.c $(ERRC).c \ + x509name.c x509_v3.c x509_ext.c x509pack.c \ + x509type.c x509_lu.c x_all.c x509_txt.c \ + by_file.c by_dir.c \ + v3_net.c v3_x509.c +LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ + x509_obj.o x509_req.o x509_vfy.o \ + x509_set.o x509rset.o $(ERRC).o \ + x509name.o x509_v3.o x509_ext.o x509pack.o \ + x509type.o x509_lu.o x_all.o x509_txt.o \ + by_file.o by_dir.o \ + v3_net.o v3_x509.o + +SRC= $(LIBSRC) + +EXHEADER= x509.h x509_vfy.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/x509/attrib b/crypto/x509/attrib new file mode 100644 index 0000000000000000000000000000000000000000..37f6cd755ffcba98c9797f334992edb94ae650f8 --- /dev/null +++ b/crypto/x509/attrib @@ -0,0 +1,38 @@ + +PKCS7 + STACK of X509_ATTRIBUTES + ASN1_OBJECT + STACK of ASN1_TYPE + +So it is + +p7.xa[].obj +p7.xa[].data[] + +get_obj_by_nid(STACK , nid) +get_num_by_nid(STACK , nid) +get_data_by_nid(STACK , nid, index) + +X509_ATTRIBUTE *X509_ATTRIBUTE_new(void ); +void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); + +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex, + int nid, STACK *value); + +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex, + int nid, STACK *value); + +int X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj); +int X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index, + ASN1_TYPE *value); + +ASN1_OBJECT * X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex); +int X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne); +ASN1_TYPE * X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index); + +ASN1_TYPE * X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne, + ASN1_OBJECT *obj); + +X509_ATTRUBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid); +X509_ATTRUBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid); + diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c new file mode 100644 index 0000000000000000000000000000000000000000..6676a2e4042ae17dcb85295f59f85eb198f88cf5 --- /dev/null +++ b/crypto/x509/by_dir.c @@ -0,0 +1,320 @@ +/* crypto/x509/by_dir.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include + +#include "cryptlib.h" +#include "lhash.h" +#include "x509.h" +#include "pem.h" + +typedef struct lookup_dir_st + { + BUF_MEM *buffer; + int num_dirs; + char **dirs; + int *dirs_type; + int num_dirs_alloced; + } BY_DIR; + +#ifndef NOPROTO +static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret); +static int new_dir(X509_LOOKUP *lu); +static void free_dir(X509_LOOKUP *lu); +static int add_cert_dir(BY_DIR *ctx,char *dir,int type); +static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, + X509_OBJECT *ret); +#else +static int dir_ctrl(); +static int new_dir(); +static void free_dir(); +static int add_cert_dir(); +static int get_cert_by_subject(); +#endif + +X509_LOOKUP_METHOD x509_dir_lookup= + { + "Load certs from files in a directory", + new_dir, /* new */ + free_dir, /* free */ + NULL, /* init */ + NULL, /* shutdown */ + dir_ctrl, /* ctrl */ + get_cert_by_subject, /* get_by_subject */ + NULL, /* get_by_issuer_serial */ + NULL, /* get_by_fingerprint */ + NULL, /* get_by_alias */ + }; + +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir() + { + return(&x509_dir_lookup); + } + +static int dir_ctrl(ctx,cmd,argp,argl,retp) +X509_LOOKUP *ctx; +int cmd; +long argl; +char *argp; +char **retp; + { + int ret=0; + BY_DIR *ld; + char *dir; + + ld=(BY_DIR *)ctx->method_data; + + switch (cmd) + { + case X509_L_ADD_DIR: + if (argl == X509_FILETYPE_DEFAULT) + { + ret=add_cert_dir(ld,X509_get_default_cert_dir(), + X509_FILETYPE_PEM); + if (!ret) + { + X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); + } + else + { + dir=(char *)Getenv(X509_get_default_cert_dir_env()); + ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); + } + } + else + ret=add_cert_dir(ld,argp,(int)argl); + break; + } + return(ret); + } + +static int new_dir(lu) +X509_LOOKUP *lu; + { + BY_DIR *a; + + if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL) + return(0); + if ((a->buffer=BUF_MEM_new()) == NULL) + { + Free(a); + return(0); + } + a->num_dirs=0; + a->dirs=NULL; + a->dirs_type=NULL; + a->num_dirs_alloced=0; + lu->method_data=(char *)a; + return(1); + } + +static void free_dir(lu) +X509_LOOKUP *lu; + { + BY_DIR *a; + int i; + + a=(BY_DIR *)lu->method_data; + for (i=0; inum_dirs; i++) + if (a->dirs[i] != NULL) Free(a->dirs[i]); + if (a->dirs != NULL) Free(a->dirs); + if (a->dirs_type != NULL) Free(a->dirs_type); + if (a->buffer != NULL) BUF_MEM_free(a->buffer); + Free(a); + } + +static int add_cert_dir(ctx,dir, type) +BY_DIR *ctx; +char *dir; +int type; + { + int j,len; + int *ip; + char *s,*ss,*p; + char **pp; + + if (dir == NULL) return(0); + + s=dir; + p=s; + for (;;) + { + if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) + { + ss=s; + s=p+1; + len=(int)(p-ss); + if (len == 0) continue; + for (j=0; jnum_dirs; j++) + if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) + continue; + if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) + { + ctx->num_dirs_alloced+=10; + pp=(char **)Malloc(ctx->num_dirs_alloced* + sizeof(char *)); + ip=(int *)Malloc(ctx->num_dirs_alloced* + sizeof(int)); + if ((pp == NULL) || (ip == NULL)) + { + X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE); + return(0); + } + memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)* + sizeof(char *)); + memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* + sizeof(int)); + if (ctx->dirs != NULL) + Free((char *)ctx->dirs); + if (ctx->dirs_type != NULL) + Free((char *)ctx->dirs_type); + ctx->dirs=pp; + ctx->dirs_type=ip; + } + ctx->dirs_type[ctx->num_dirs]=type; + ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1); + if (ctx->dirs[ctx->num_dirs] == NULL) return(0); + strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); + ctx->dirs[ctx->num_dirs][len]='\0'; + ctx->num_dirs++; + } + if (*p == '\0') break; + p++; + } + return(1); + } + +static int get_cert_by_subject(xl,type,name,ret) +X509_LOOKUP *xl; +int type; +X509_NAME *name; +X509_OBJECT *ret; + { + BY_DIR *ctx; + X509 st_x509; + X509_CINF st_x509_cinf; + int ok=0; + int i,j,k; + unsigned long h; + BUF_MEM *b=NULL; + struct stat st; + X509_OBJECT stmp,*tmp; + + if (name == NULL) return(0); + + st_x509.cert_info= &st_x509_cinf; + st_x509_cinf.subject=name; + stmp.data.x509= &st_x509; + stmp.type=type; + + if ((b=BUF_MEM_new()) == NULL) + { + X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB); + goto finish; + } + + ctx=(BY_DIR *)xl->method_data; + + h=X509_NAME_hash(name); + for (i=0; inum_dirs; i++) + { + j=strlen(ctx->dirs[i])+1+8+6+1; + if (!BUF_MEM_grow(b,j)) + { + X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); + goto finish; + } + k=0; + for (;;) + { + sprintf(b->data,"%s/%08lx.%d",ctx->dirs[i],h,k); + k++; + if (stat(b->data,&st) < 0) + break; + /* found one. */ + if ((X509_load_cert_file(xl,b->data, + ctx->dirs_type[i])) == 0) + break; + } + + /* we have added it to the cache so now pull + * it out again */ + CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs, + (char *)&stmp); + CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + + if (tmp != NULL) + { + ok=1; + ret->type=tmp->type; + ret->data.x509=tmp->data.x509; + /* CRYPTO_add(&tmp->data.x509->references,1, + CRYPTO_LOCK_X509);*/ + goto finish; + } + } +finish: + if (b != NULL) BUF_MEM_free(b); + return(ok); + } + diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c new file mode 100644 index 0000000000000000000000000000000000000000..2dac28f542ff1e8e9010ac7c08c9c86f7a6a5332 --- /dev/null +++ b/crypto/x509/by_file.c @@ -0,0 +1,205 @@ +/* crypto/x509/by_file.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include + +#include "cryptlib.h" +#include "lhash.h" +#include "buffer.h" +#include "x509.h" +#include "pem.h" + +#ifndef NOPROTO +static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc, + long argl,char **ret); +#else +static int by_file_ctrl(); +#endif + +X509_LOOKUP_METHOD x509_file_lookup= + { + "Load file into cache", + NULL, /* new */ + NULL, /* free */ + NULL, /* init */ + NULL, /* shutdown */ + by_file_ctrl, /* ctrl */ + NULL, /* get_by_subject */ + NULL, /* get_by_issuer_serial */ + NULL, /* get_by_fingerprint */ + NULL, /* get_by_alias */ + }; + +X509_LOOKUP_METHOD *X509_LOOKUP_file() + { + return(&x509_file_lookup); + } + +static int by_file_ctrl(ctx,cmd,argp,argl,ret) +X509_LOOKUP *ctx; +int cmd; +char *argp; +long argl; +char **ret; + { + int ok=0; + char *file; + + switch (cmd) + { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) + { + ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), + X509_FILETYPE_PEM); + if (!ok) + { + X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); + } + else + { + file=(char *)Getenv(X509_get_default_cert_file_env()); + ok=X509_load_cert_file(ctx,file, + X509_FILETYPE_PEM); + } + } + else + ok=X509_load_cert_file(ctx,argp,(int)argl); + break; + } + return(ok); + } + +int X509_load_cert_file(ctx,file,type) +X509_LOOKUP *ctx; +char *file; +int type; + { + int ret=0; + BIO *in=NULL; + int i,count=0; + X509 *x=NULL; + + if (file == NULL) return(1); +#ifndef WIN16 + in=BIO_new(BIO_s_file()); +#else + in=BIO_new(BIO_s_file_internal_w16()); +#endif + + if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) + { + X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB); + goto err; + } + + if (type == X509_FILETYPE_PEM) + { + for (;;) + { + x=PEM_read_bio_X509(in,NULL,NULL); + if (x == NULL) + { + if ((ERR_GET_REASON(ERR_peek_error()) == + PEM_R_NO_START_LINE) && (count > 0)) + { + ERR_clear_error(); + break; + } + else + { + X509err(X509_F_X509_LOAD_CERT_FILE, + ERR_R_PEM_LIB); + goto err; + } + } + i=X509_STORE_add_cert(ctx->store_ctx,x); + if (!i) goto err; + count++; + X509_free(x); + x=NULL; + } + ret=count; + } + else if (type == X509_FILETYPE_ASN1) + { + x=d2i_X509_bio(in,NULL); + if (x == NULL) + { + X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB); + goto err; + } + i=X509_STORE_add_cert(ctx->store_ctx,x); + if (!i) goto err; + ret=i; + } + else + { + X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE); + goto err; + } +err: + if (x != NULL) X509_free(x); + if (in != NULL) BIO_free(in); + return(ret); + } + diff --git a/crypto/x509/f b/crypto/x509/f new file mode 100644 index 0000000000000000000000000000000000000000..6ec986db873d5399aabcbec3075b2cfcfc3b9a74 --- /dev/null +++ b/crypto/x509/f @@ -0,0 +1,465 @@ +*** x509name.c Wed Jul 2 09:35:35 1997 +--- /home/eay/play/x Sat Jul 5 01:39:56 1997 +*************** +*** 1,202 **** +! /* crypto/x509/x509name.c */ +! /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +! * All rights reserved. +! * +! * This package is an SSL implementation written +! * by Eric Young (eay@cryptsoft.com). +! * The implementation was written so as to conform with Netscapes SSL. +! * +! * This library is free for commercial and non-commercial use as long as +! * the following conditions are aheared to. The following conditions +! * apply to all code found in this distribution, be it the RC4, RSA, +! * lhash, DES, etc., code; not just the SSL code. The SSL documentation +! * included with this distribution is covered by the same copyright terms +! * except that the holder is Tim Hudson (tjh@cryptsoft.com). +! * +! * Copyright remains Eric Young's, and as such any Copyright notices in +! * the code are not to be removed. +! * If this package is used in a product, Eric Young should be given attribution +! * as the author of the parts of the library used. +! * This can be in the form of a textual message at program startup or +! * in documentation (online or textual) provided with the package. +! * +! * Redistribution and use in source and binary forms, with or without +! * modification, are permitted provided that the following conditions +! * are met: +! * 1. Redistributions of source code must retain the copyright +! * notice, this list of conditions and the following disclaimer. +! * 2. Redistributions in binary form must reproduce the above copyright +! * notice, this list of conditions and the following disclaimer in the +! * documentation and/or other materials provided with the distribution. +! * 3. All advertising materials mentioning features or use of this software +! * must display the following acknowledgement: +! * "This product includes cryptographic software written by +! * Eric Young (eay@cryptsoft.com)" +! * The word 'cryptographic' can be left out if the rouines from the library +! * being used are not cryptographic related :-). +! * 4. If you include any Windows specific code (or a derivative thereof) from +! * the apps directory (application code) you must include an acknowledgement: +! * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +! * +! * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +! * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +! * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +! * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +! * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +! * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +! * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +! * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +! * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +! * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +! * SUCH DAMAGE. +! * +! * The licence and distribution terms for any publically available version or +! * derivative of this code cannot be changed. i.e. this code cannot simply be +! * copied and put under another distribution licence +! * [including the GNU Public Licence.] +! */ +! +! #include +! #include "stack.h" +! #include "cryptlib.h" +! #include "asn1.h" +! #include "objects.h" +! #include "evp.h" +! #include "x509.h" +! +! int X509_NAME_get_text_by_NID(name,nid,buf,len) +! X509_NAME *name; +! int nid; +! char *buf; +! int len; + { + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); +! if (obj == NULL) return(-1); +! return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); + } + +- int X509_NAME_get_text_by_OBJ(name,obj,buf,len) +- X509_NAME *name; +- ASN1_OBJECT *obj; +- char *buf; +- int len; +- { +- int i; +- ASN1_STRING *data; + +! i=X509_NAME_get_index_by_OBJ(name,obj,0); +! if (i < 0) return(-1); +! data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i)); +! i=(data->length > (len-1))?(len-1):data->length; +! if (buf == NULL) return(data->length); +! memcpy(buf,data->data,i); +! buf[i]='\0'; +! return(i); +! } + +! int X509_NAME_entry_count(name) +! X509_NAME *name; + { +! if (name == NULL) return(0); +! return(sk_num(name->entries)); + } + +! int X509_NAME_get_index_by_NID(name,nid,oldpos) +! X509_NAME *name; +! int nid; +! int oldpos; +! { +! ASN1_OBJECT *obj; + +! obj=OBJ_nid2obj(nid); +! if (obj == NULL) return(-2); +! return(X509_NAME_get_index_by_OBJ(name,obj,oldpos)); + } + +- int X509_NAME_get_index_by_OBJ(name,obj,oldpos) +- X509_NAME *name; +- ASN1_OBJECT *obj; +- int oldpos; +- { +- int n; +- X509_NAME_ENTRY *ne; +- STACK *sk; + +! if (name == NULL) return(-1); +! if (oldpos < 0) +! oldpos= -1; +! sk=name->entries; +! n=sk_num(sk); +! for (oldpos++; oldpos < n; oldpos++) + { +! ne=(X509_NAME_ENTRY *)sk_value(sk,oldpos); +! if (OBJ_cmp(ne->object,obj) == 0) +! return(oldpos); + } +! return(-1); + } + +- X509_NAME_ENTRY *X509_NAME_get_entry(name,loc) +- X509_NAME *name; +- int loc; +- { +- if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) +- return(NULL); +- else +- return((X509_NAME_ENTRY *)sk_value(name->entries,loc)); +- } + +! X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc) +! X509_NAME *name; +! int loc; + { +! X509_NAME_ENTRY *ret; +! int i,j,n,set_prev,set_next; +! STACK *sk; +! +! if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) +! return(NULL); +! sk=name->entries; +! ret=(X509_NAME_ENTRY *)sk_delete(sk,loc); +! n=sk_num(sk); +! name->modified=1; +! if (loc == n) return(ret); +! +! /* else we need to fixup the set field */ +! if (loc != 0) +! set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; +! else +! set_prev=ret->set-1; +! set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; + +! /* set_prev is the previous set +! * set is the current set +! * set_next is the following +! * prev 1 1 1 1 1 1 1 1 +! * set 1 1 2 2 +! * next 1 1 2 2 2 2 3 2 +! * so basically only if prev and next differ by 2, then +! * re-number down by 1 */ +! if (set_prev+1 < set_next) +! { +! j=set_next-set_prev-1; +! for (i=loc; iset-=j; +! } +! return(ret); + } + + /* if set is -1, append to previous set, 0 'a new one', and 1, + * prepend to the guy we are about to stomp on. */ +! int X509_NAME_add_entry(name,ne,loc,set) +! X509_NAME *name; +! X509_NAME_ENTRY *ne; +! int loc; +! int set; + { +! X509_NAME_ENTRY *new_name=NULL; + int n,i,inc; + STACK *sk; + +--- 1,77 ---- +! X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +! int type,unsigned char *bytes, int len) + { + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); +! if (obj == NULL) +! { +! X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); +! return(NULL); +! } +! return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); + } + + +! X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +! ASN1_OBJECT *obj, int type,unsigned char *bytes, +! int len) +! { +! X509_NAME_ENTRY *ret; + +! if ((ne == NULL) || (*ne == NULL)) + { +! if ((ret=X509_NAME_ENTRY_new()) == NULL) +! return(NULL); + } ++ else ++ ret= *ne; + +! if (!X509_NAME_ENTRY_set_object(ret,obj)) +! goto err; +! if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) +! goto err; + +! if ((ne != NULL) && (*ne == NULL)) *ne=ret; +! return(ret); +! err: +! if ((ne == NULL) || (ret != *ne)) +! X509_NAME_ENTRY_free(ret); +! return(NULL); + } + + +! int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) +! { +! if ((ne == NULL) || (obj == NULL)) + { +! X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); +! return(0); + } +! ASN1_OBJECT_free(ne->object); +! ne->object=OBJ_dup(obj); +! return((ne->object == NULL)?0:1); + } + + +! int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne,int type,unsigned char *bytes,int len) + { +! int i; + +! if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); +! if (len < 0) len=strlen((char *)bytes); +! i=ASN1_STRING_set(ne->value,bytes,len); +! if (!i) return(0); +! ne->value->type=ASN1_PRINTABLE_type(bytes,len); +! return(1); + } + + /* if set is -1, append to previous set, 0 'a new one', and 1, + * prepend to the guy we are about to stomp on. */ +! int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,int loc,int set) + { +! /* ERIC: renamed new to nenew for C++ users --tjh */ +! X509_NAME_ENTRY *nenew; + int n,i,inc; + STACK *sk; + +*************** +*** 206,213 **** + if (loc > n) loc=n; + else if (loc < 0) loc=n; + +- name->modified=1; +- + if (set == -1) + { + if (loc == 0) +--- 81,86 ---- +*************** +*** 223,245 **** + } + else /* if (set >= 0) */ + { +- inc=(set == 0)?1:0; + if (loc >= n) + { + if (loc != 0) + set=((X509_NAME_ENTRY *) +! sk_value(sk,n-1))->set+1; + else + set=0; + } + else + set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; + } + +! if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) + goto err; +! new_name->set=set; +! if (!sk_insert(sk,(char *)new_name,loc)) + { + X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); + goto err; +--- 96,122 ---- + } + else /* if (set >= 0) */ + { + if (loc >= n) + { + if (loc != 0) + set=((X509_NAME_ENTRY *) +! sk_value(sk,loc-1))->set+1; + else + set=0; + } + else + set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; ++ inc=(set == 0)?1:0; + } + +! if ((nenew=X509_NAME_ENTRY_dup(ne)) == NULL) + goto err; +! /* eric forgot to put this in when he cut the nice +! * interface so that I don't have to do the icky things +! * that req.c does --tjh :-) +! */ +! nenew->set=set; +! if (!sk_insert(sk,(char *)nenew,loc)) + { + X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); + goto err; +*************** +*** 252,357 **** + } + return(1); + err: +! if (new_name != NULL) + X509_NAME_ENTRY_free(ne); + return(0); +- } +- +- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len) +- X509_NAME_ENTRY **ne; +- int nid; +- int type; +- unsigned char *bytes; +- int len; +- { +- ASN1_OBJECT *obj; +- +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) +- { +- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); +- return(NULL); +- } +- return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); +- } +- +- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len) +- X509_NAME_ENTRY **ne; +- ASN1_OBJECT *obj; +- int type; +- unsigned char *bytes; +- int len; +- { +- X509_NAME_ENTRY *ret; +- +- if ((ne == NULL) || (*ne == NULL)) +- { +- if ((ret=X509_NAME_ENTRY_new()) == NULL) +- return(NULL); +- } +- else +- ret= *ne; +- +- if (!X509_NAME_ENTRY_set_object(ret,obj)) +- goto err; +- if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) +- goto err; +- +- if ((ne != NULL) && (*ne == NULL)) *ne=ret; +- return(ret); +- err: +- if ((ne == NULL) || (ret != *ne)) +- X509_NAME_ENTRY_free(ret); +- return(NULL); +- } +- +- int X509_NAME_ENTRY_set_object(ne,obj) +- X509_NAME_ENTRY *ne; +- ASN1_OBJECT *obj; +- { +- if ((ne == NULL) || (obj == NULL)) +- { +- X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- ASN1_OBJECT_free(ne->object); +- ne->object=OBJ_dup(obj); +- return((ne->object == NULL)?0:1); +- } +- +- int X509_NAME_ENTRY_set_data(ne,type,bytes,len) +- X509_NAME_ENTRY *ne; +- int type; +- unsigned char *bytes; +- int len; +- { +- int i; +- +- if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); +- if (len < 0) len=strlen((char *)bytes); +- i=ASN1_STRING_set(ne->value,bytes,len); +- if (!i) return(0); +- if (type != V_ASN1_UNDEF) +- { +- if (type == V_ASN1_APP_CHOOSE) +- ne->value->type=ASN1_PRINTABLE_type(bytes,len); +- else +- ne->value->type=type; +- } +- return(1); +- } +- +- ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne) +- X509_NAME_ENTRY *ne; +- { +- if (ne == NULL) return(NULL); +- return(ne->object); +- } +- +- ASN1_STRING *X509_NAME_ENTRY_get_data(ne) +- X509_NAME_ENTRY *ne; +- { +- if (ne == NULL) return(NULL); +- return(ne->value); + } + +--- 129,136 ---- + } + return(1); + err: +! if (nenew != NULL) + X509_NAME_ENTRY_free(ne); + return(0); + } + diff --git a/crypto/x509/v3_net.c b/crypto/x509/v3_net.c new file mode 100644 index 0000000000000000000000000000000000000000..5e79a57f0317e13fc3aa56a00f10747fce6ecb6f --- /dev/null +++ b/crypto/x509/v3_net.c @@ -0,0 +1,87 @@ +/* crypto/x509/v3_net.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "stack.h" +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "x509.h" + +#define NETSCAPE_X509_EXT_NUM 8 + +static X509_EXTENSION_METHOD netscape_x509_ext[NETSCAPE_X509_EXT_NUM]={ +{NID_netscape_ca_policy_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_ssl_server_name,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_base_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_cert_type,V_ASN1_BIT_STRING,X509_EXT_PACK_STRING}, +{NID_netscape_ca_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_renewal_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_comment,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, + }; + +int X509v3_add_netscape_extensions() + { + int i; + + for (i=0; i +#include "stack.h" +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "x509.h" + +#define STD_X509_EXT_NUM 9 + +static X509_EXTENSION_METHOD std_x509_ext[STD_X509_EXT_NUM]={ +{NID_subject_key_identifier, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_key_usage, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_private_key_usage_period, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_subject_alt_name, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_issuer_alt_name, V_ASN1_BIT_STRING,X509_EXT_PACK_STRING}, +{NID_basic_constraints, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_crl_number, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_certificate_policies, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_authority_key_identifier, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, + }; + +int X509v3_add_standard_extensions() + { + int i; + + for (i=0; i and are used to manipulate + * Netscapes spki strucutres - usefull if you are writing a CA web page + */ +typedef struct Netscape_spkac_st + { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ + } NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st + { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; + } NETSCAPE_SPKI; + +#ifndef HEADER_BN_H +#define BIGNUM char +#endif + +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; + +#include "x509_vfy.h" +#include "pkcs7.h" + +#ifdef SSLEAY_MACROS +#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ + a->signature,(char *)a->cert_info,r) +#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ + a->sig_alg,a->signature,(char *)a->req_info,r) +#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ + a->sig_alg, a->signature,(char *)a->crl,r) +#define NETSCAPE_SPKI_verify(a,r) ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC, \ + a->sig_algor,a->signature, (char *)a->spkac,r) + +#define X509_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ + x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) +#define X509_REQ_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ + x->signature, (char *)x->req_info,pkey,md) +#define X509_CRL_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ + x->signature, (char *)x->crl,pkey,md) +#define NETSCAPE_SPKI_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ + x->signature, (char *)x->spkac,pkey,md) + +#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ + (char *(*)())d2i_X509,(char *)x509) +#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ + (int (*)())i2d_X509_EXTENSION, \ + (char *(*)())d2i_X509_EXTENSION,(char *)ex) +#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ + (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) +#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) +#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ + (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) +#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) + +#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ + (char *(*)())d2i_X509_CRL,(char *)crl) +#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ + X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ + (unsigned char **)(crl)) +#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ + (unsigned char *)crl) +#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ + X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ + (unsigned char **)(crl)) +#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ + (unsigned char *)crl) + +#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ + (char *(*)())d2i_PKCS7,(char *)p7) +#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ + PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ + (unsigned char **)(p7)) +#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ + (unsigned char *)p7) +#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ + PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ + (unsigned char **)(p7)) +#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ + (unsigned char *)p7) + +#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ + (char *(*)())d2i_X509_REQ,(char *)req) +#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ + X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ + (unsigned char **)(req)) +#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ + (unsigned char *)req) +#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ + X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ + (unsigned char **)(req)) +#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ + (unsigned char *)req) + +#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ + (char *(*)())d2i_RSAPublicKey,(char *)rsa) +#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ + (char *(*)())d2i_RSAPrivateKey,(char *)rsa) + +#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ + (unsigned char *)rsa) +#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ + (unsigned char *)rsa) + +#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ + (unsigned char *)rsa) +#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ + (unsigned char *)rsa) + +#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ + DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ + (unsigned char **)(dsa)) +#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ + (unsigned char *)dsa) +#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ + DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ + (unsigned char **)(dsa)) +#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ + (unsigned char *)dsa) + +#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ + (char *(*)())d2i_X509_NAME,(char *)xn) +#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ + (int (*)())i2d_X509_NAME_ENTRY, \ + (char *(*)())d2i_X509_NAME_ENTRY,\ + (char *)ne) + +#define X509_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) +#define X509_NAME_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) +#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ + (char *)data,md,len) +#endif + +#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) +/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ +#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) +#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) +#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) +#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) + +/* This one is only used so that a binary form can output, as in + * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ +#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) + +#ifndef NOPROTO + +#ifndef SSLEAY_MACROS +#ifdef HEADER_ENVELOPE_H +int X509_verify(X509 *a, EVP_PKEY *r); +char *X509_verify_cert_error_string(int n); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md); + +int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len); +int X509_NAME_digest(X509_NAME *data,EVP_MD *type, + unsigned char *md,unsigned int *len); +#endif + +#ifndef WIN16 +X509 *d2i_X509_fp(FILE *fp, X509 *x509); +int i2d_X509_fp(FILE *fp,X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl); +int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req); +int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); +RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa); +int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa); +int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); +#endif + +#ifdef HEADER_BIO_H +X509 *d2i_X509_bio(BIO *bp,X509 *x509); +int i2d_X509_bio(BIO *bp,X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl); +int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req); +int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); +RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa); +int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa); +int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); +#endif + +X509 *X509_dup(X509 *x509); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +#endif /* !SSLEAY_MACROS */ + +int X509_cmp_current_time(ASN1_UTCTIME *s); +ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj); + +char * X509_get_default_cert_area(void ); +char * X509_get_default_cert_dir(void ); +char * X509_get_default_cert_file(void ); +char * X509_get_default_cert_dir_env(void ); +char * X509_get_default_cert_file_env(void ); +char * X509_get_default_private_dir(void ); + +X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey); +X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); +void ERR_load_X509_strings(void ); + +X509_ALGOR * X509_ALGOR_new(void ); +void X509_ALGOR_free(X509_ALGOR *a); +int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp); +X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp, + long length); + +X509_VAL * X509_VAL_new(void ); +void X509_VAL_free(X509_VAL *a); +int i2d_X509_VAL(X509_VAL *a,unsigned char **pp); +X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp, + long length); + +X509_PUBKEY * X509_PUBKEY_new(void ); +void X509_PUBKEY_free(X509_PUBKEY *a); +int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp); +X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp, + long length); +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain); + + +X509_SIG * X509_SIG_new(void ); +void X509_SIG_free(X509_SIG *a); +int i2d_X509_SIG(X509_SIG *a,unsigned char **pp); +X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length); + +X509_REQ_INFO *X509_REQ_INFO_new(void); +void X509_REQ_INFO_free(X509_REQ_INFO *a); +int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp); +X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp, + long length); + +X509_REQ * X509_REQ_new(void); +void X509_REQ_free(X509_REQ *a); +int i2d_X509_REQ(X509_REQ *a,unsigned char **pp); +X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length); + +X509_ATTRIBUTE *X509_ATTRIBUTE_new(void ); +void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); +int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp); +X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp, + long length); + +X509_EXTENSION *X509_EXTENSION_new(void ); +void X509_EXTENSION_free(X509_EXTENSION *a); +int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp); +X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp, + long length); + +X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); +void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); +int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp); +X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp, + long length); + +X509_NAME * X509_NAME_new(void); +void X509_NAME_free(X509_NAME *a); +int i2d_X509_NAME(X509_NAME *a,unsigned char **pp); +X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length); +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + + +X509_CINF * X509_CINF_new(void); +void X509_CINF_free(X509_CINF *a); +int i2d_X509_CINF(X509_CINF *a,unsigned char **pp); +X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length); + +X509 * X509_new(void); +void X509_free(X509 *a); +int i2d_X509(X509 *a,unsigned char **pp); +X509 * d2i_X509(X509 **a,unsigned char **pp,long length); + +X509_REVOKED * X509_REVOKED_new(void); +void X509_REVOKED_free(X509_REVOKED *a); +int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp); +X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length); + +X509_CRL_INFO *X509_CRL_INFO_new(void); +void X509_CRL_INFO_free(X509_CRL_INFO *a); +int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp); +X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp, + long length); + +X509_CRL * X509_CRL_new(void); +void X509_CRL_free(X509_CRL *a); +int i2d_X509_CRL(X509_CRL *a,unsigned char **pp); +X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length); + +X509_PKEY * X509_PKEY_new(void ); +void X509_PKEY_free(X509_PKEY *a); +int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); +X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); + +NETSCAPE_SPKI * NETSCAPE_SPKI_new(void ); +void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); +int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp); +NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp, + long length); + +NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void ); +void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a); +int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp); +NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp, + long length); + +#ifdef HEADER_ENVELOPE_H +X509_INFO * X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); + +int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, + ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); + +int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data, + unsigned char *md,unsigned int *len); + +int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, + char *data,EVP_PKEY *pkey, EVP_MD *type); +#endif + +int X509_set_version(X509 *x,long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER * X509_get_serialNumber(X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_issuer_name(X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_subject_name(X509 *a); +int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm); +int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +EVP_PKEY * X509_get_pubkey(X509 *x); +int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); + +int X509_REQ_set_version(X509_REQ *x,long version); +int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); + +int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); + +int X509_issuer_and_serial_cmp(X509 *a, X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(X509 *a, X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(X509 *a,X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); + +int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); +#ifndef WIN16 +int X509_print_fp(FILE *bp,X509 *x); +int X509_REQ_print_fp(FILE *bp,X509_REQ *req); +#endif + +#ifdef HEADER_BIO_H +int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +int X509_print(BIO *bp,X509 *x); +int X509_REQ_print(BIO *bp,X509_REQ *req); +#endif + +int X509_NAME_entry_count(X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, + char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + char *buf,int len); + +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int oldpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, + int oldpos); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, + int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + ASN1_OBJECT *obj, int type,unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, + ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + unsigned char *bytes, int len); +ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + +int X509v3_get_ext_count(STACK *x); +int X509v3_get_ext_by_NID(STACK *x, int nid, int oldpos); +int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int oldpos); +int X509v3_get_ext_by_critical(STACK *x, int crit, int oldpos); +X509_EXTENSION *X509v3_get_ext(STACK *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc); +STACK * X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc); +int X509v3_data_type_by_OBJ(ASN1_OBJECT *obj); +int X509v3_data_type_by_NID(int nid); +int X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj); +int X509v3_pack_type_by_NID(int nid); + +int X509_get_ext_count(X509 *x); +int X509_get_ext_by_NID(X509 *x, int nid, int oldpos); +int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int oldpos); +int X509_get_ext_by_critical(X509 *x, int crit, int oldpos); +X509_EXTENSION *X509_get_ext(X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); + +int X509_CRL_get_ext_count(X509_CRL *x); +int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int oldpos); +int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int oldpos); +int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int oldpos); +X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); + +int X509_REVOKED_get_ext_count(X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int oldpos); +int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int oldpos); +int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int oldpos); +X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, + ASN1_OCTET_STRING *data); +ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type, + unsigned char *bytes, int len); +ASN1_STRING * X509v3_unpack_string(ASN1_STRING **ex,int type, + ASN1_OCTET_STRING *os); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK *sk,X509_NAME *name); + +#else + +#ifndef SSLEAY_MACROS +#ifdef HEADER_ENVELOPE_H +int X509_verify(); +int X509_REQ_verify(); +int X509_CRL_verify(); +int NETSCAPE_SPKI_verify(); + +int X509_sign(); +int X509_REQ_sign(); +int X509_CRL_sign(); +int NETSCAPE_SPKI_sign(); + +int X509_digest(); +int X509_NAME_digest(); +#endif + +#ifndef WIN16 +X509 *d2i_X509_fp(); +int i2d_X509_fp(); +X509_CRL *d2i_X509_CRL_fp(); +int i2d_X509_CRL_fp(); +X509_REQ *d2i_X509_REQ_fp(); +int i2d_X509_REQ_fp(); +RSA *d2i_RSAPrivateKey_fp(); +int i2d_RSAPrivateKey_fp(); +DSA *d2i_DSAPrivateKey_fp(); +int i2d_DSAPrivateKey_fp(); +RSA *d2i_RSAPublicKey_fp(); +int i2d_RSAPublicKey_fp(); +#endif + +X509 *d2i_X509_bio(); +int i2d_X509_bio(); +X509_CRL *d2i_X509_CRL_bio(); +int i2d_X509_CRL_bio(); +X509_REQ *d2i_X509_REQ_bio(); +int i2d_X509_REQ_bio(); +RSA *d2i_RSAPrivateKey_bio(); +int i2d_RSAPrivateKey_bio(); +DSA *d2i_DSAPrivateKey_bio(); +int i2d_DSAPrivateKey_bio(); +RSA *d2i_RSAPublicKey_bio(); +int i2d_RSAPublicKey_bio(); + +X509 *X509_dup(); +X509_EXTENSION *X509_EXTENSION_dup(); +X509_CRL *X509_CRL_dup(); +X509_REQ *X509_REQ_dup(); +X509_NAME *X509_NAME_dup(); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(); +RSA *RSAPublicKey_dup(); +RSA *RSAPrivateKey_dup(); + +#endif /* !SSLEAY_MACROS */ + +int X509_cmp_current_time(); +ASN1_UTCTIME * X509_gmtime_adj(); + +char * X509_get_default_cert_area(); +char * X509_get_default_cert_dir(); +char * X509_get_default_cert_file(); +char * X509_get_default_cert_dir_env(); +char * X509_get_default_cert_file_env(); +char * X509_get_default_private_dir(); + +X509_REQ * X509_to_X509_REQ(); +X509 * X509_REQ_to_X509(); +void ERR_load_X509_strings(); + +X509_ALGOR * X509_ALGOR_new(); +void X509_ALGOR_free(); +int i2d_X509_ALGOR(); +X509_ALGOR * d2i_X509_ALGOR(); + +X509_VAL * X509_VAL_new(); +void X509_VAL_free(); +int i2d_X509_VAL(); +X509_VAL * d2i_X509_VAL(); + +X509_PUBKEY * X509_PUBKEY_new(); +void X509_PUBKEY_free(); +int i2d_X509_PUBKEY(); +X509_PUBKEY * d2i_X509_PUBKEY(); +int X509_PUBKEY_set(); +EVP_PKEY * X509_PUBKEY_get(); +int X509_get_pubkey_parameters(); + +X509_SIG * X509_SIG_new(); +void X509_SIG_free(); +int i2d_X509_SIG(); +X509_SIG * d2i_X509_SIG(); + +X509_REQ_INFO *X509_REQ_INFO_new(); +void X509_REQ_INFO_free(); +int i2d_X509_REQ_INFO(); +X509_REQ_INFO *d2i_X509_REQ_INFO(); + +X509_REQ * X509_REQ_new(); +void X509_REQ_free(); +int i2d_X509_REQ(); +X509_REQ * d2i_X509_REQ(); + +X509_ATTRIBUTE *X509_ATTRIBUTE_new(); +void X509_ATTRIBUTE_free(); +int i2d_X509_ATTRIBUTE(); +X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(); + +X509_EXTENSION *X509_EXTENSION_new(); +void X509_EXTENSION_free(); +int i2d_X509_EXTENSION(); +X509_EXTENSION *d2i_X509_EXTENSION(); + +X509_NAME_ENTRY *X509_NAME_ENTRY_new(); +void X509_NAME_ENTRY_free(); +int i2d_X509_NAME_ENTRY(); +X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(); + +X509_NAME * X509_NAME_new(); +void X509_NAME_free(); +int i2d_X509_NAME(); +X509_NAME * d2i_X509_NAME(); +int X509_NAME_set(); + + +X509_CINF * X509_CINF_new(); +void X509_CINF_free(); +int i2d_X509_CINF(); +X509_CINF * d2i_X509_CINF(); + +X509 * X509_new(); +void X509_free(); +int i2d_X509(); +X509 * d2i_X509(); + +X509_REVOKED * X509_REVOKED_new(); +void X509_REVOKED_free(); +int i2d_X509_REVOKED(); +X509_REVOKED * d2i_X509_REVOKED(); + +X509_CRL_INFO *X509_CRL_INFO_new(); +void X509_CRL_INFO_free(); +int i2d_X509_CRL_INFO(); +X509_CRL_INFO *d2i_X509_CRL_INFO(); + +X509_CRL * X509_CRL_new(); +void X509_CRL_free(); +int i2d_X509_CRL(); +X509_CRL * d2i_X509_CRL(); + +X509_PKEY * X509_PKEY_new(); +void X509_PKEY_free(); +int i2d_X509_PKEY(); +X509_PKEY * d2i_X509_PKEY(); + +NETSCAPE_SPKI * NETSCAPE_SPKI_new(); +void NETSCAPE_SPKI_free(); +int i2d_NETSCAPE_SPKI(); +NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(); + +NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(); +void NETSCAPE_SPKAC_free(); +int i2d_NETSCAPE_SPKAC(); +NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(); + +#ifdef HEADER_ENVELOPE_H +X509_INFO * X509_INFO_new(); +void X509_INFO_free(); +#endif + +char * X509_NAME_oneline(); + +int ASN1_verify(); +int ASN1_digest(); +int ASN1_sign(); + +int X509_set_version(); +int X509_set_serialNumber(); +ASN1_INTEGER * X509_get_serialNumber(); +int X509_set_issuer_name(); +X509_NAME * X509_get_issuer_name(); +int X509_set_subject_name(); +X509_NAME * X509_get_subject_name(); +int X509_set_notBefore(); +int X509_set_notAfter(); +int X509_set_pubkey(); +EVP_PKEY * X509_get_pubkey(); +int X509_certificate_type(); + +int X509_REQ_set_version(); +int X509_REQ_set_subject_name(); +int X509_REQ_set_pubkey(); +EVP_PKEY * X509_REQ_get_pubkey(); + +int X509_check_private_key(); + +int X509_issuer_and_serial_cmp(); +unsigned long X509_issuer_and_serial_hash(); + +int X509_issuer_name_cmp(); +unsigned long X509_issuer_name_hash(); + +int X509_subject_name_cmp(); +unsigned long X509_subject_name_hash(); + +int X509_NAME_cmp (); +unsigned long X509_NAME_hash(); + +int X509_CRL_cmp(); +#ifndef WIN16 +int X509_print_fp(); +int X509_REQ_print_fp(); +#endif + +int X509_NAME_print(); +int X509_print(); +int X509_REQ_print(); + +int X509_NAME_entry_count(); +int X509_NAME_get_text_by_NID(); +int X509_NAME_get_text_by_OBJ(); + +int X509_NAME_get_index_by_NID(); +int X509_NAME_get_index_by_OBJ(); +X509_NAME_ENTRY *X509_NAME_get_entry(); +X509_NAME_ENTRY *X509_NAME_delete_entry(); +int X509_NAME_add_entry(); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(); +int X509_NAME_ENTRY_set_object(); +int X509_NAME_ENTRY_set_data(); +ASN1_OBJECT * X509_NAME_ENTRY_get_object(); +ASN1_STRING * X509_NAME_ENTRY_get_data(); + +int X509v3_get_ext_count(); +int X509v3_get_ext_by_NID(); +int X509v3_get_ext_by_OBJ(); +int X509v3_get_ext_by_critical(); +X509_EXTENSION *X509v3_get_ext(); +X509_EXTENSION *X509v3_delete_ext(); +STACK * X509v3_add_ext(); +int X509v3_data_type_by_OBJ(); +int X509v3_data_type_by_NID(); +int X509v3_pack_type_by_OBJ(); +int X509v3_pack_type_by_NID(); + + +int X509_get_ext_count(); +int X509_get_ext_by_NID(); +int X509_get_ext_by_OBJ(); +int X509_get_ext_by_critical(); +X509_EXTENSION *X509_get_ext(); +X509_EXTENSION *X509_delete_ext(); +int X509_add_ext(); + +int X509_CRL_get_ext_count(); +int X509_CRL_get_ext_by_NID(); +int X509_CRL_get_ext_by_OBJ(); +int X509_CRL_get_ext_by_critical(); +X509_EXTENSION *X509_CRL_get_ext(); +X509_EXTENSION *X509_CRL_delete_ext(); +int X509_CRL_add_ext(); + +int X509_REVOKED_get_ext_count(); +int X509_REVOKED_get_ext_by_NID(); +int X509_REVOKED_get_ext_by_OBJ(); +int X509_REVOKED_get_ext_by_critical(); +X509_EXTENSION *X509_REVOKED_get_ext(); +X509_EXTENSION *X509_REVOKED_delete_ext(); +int X509_REVOKED_add_ext(); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(); +int X509_EXTENSION_set_object(); +int X509_EXTENSION_set_critical(); +int X509_EXTENSION_set_data(); +ASN1_OBJECT * X509_EXTENSION_get_object(); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(); +int X509_EXTENSION_get_critical(); +ASN1_OCTET_STRING *X509v3_pack_string(); +ASN1_STRING * X509v3_unpack_string(); + +int X509_verify_cert(); +char * X509_verify_cert_error_string(); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(); +X509 *X509_find_by_subject(); + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the X509 functions. */ + +/* Function codes. */ +#define X509_F_ADD_CERT_DIR 100 +#define X509_F_BY_FILE_CTRL 101 +#define X509_F_DIR_CTRL 102 +#define X509_F_GET_CERT_BY_SUBJECT 103 +#define X509_F_X509V3_ADD_EXT 104 +#define X509_F_X509V3_ADD_EXTENSION 105 +#define X509_F_X509V3_PACK_STRING 106 +#define X509_F_X509V3_UNPACK_STRING 107 +#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +#define X509_F_X509_LOAD_CERT_FILE 111 +#define X509_F_X509_NAME_ADD_ENTRY 112 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 113 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 114 +#define X509_F_X509_NAME_ONELINE 115 +#define X509_F_X509_NAME_PRINT 116 +#define X509_F_X509_PRINT_FP 117 +#define X509_F_X509_PUBKEY_GET 118 +#define X509_F_X509_PUBKEY_SET 119 +#define X509_F_X509_REQ_PRINT 120 +#define X509_F_X509_REQ_PRINT_FP 121 +#define X509_F_X509_REQ_TO_X509 122 +#define X509_F_X509_STORE_ADD_CERT 123 +#define X509_F_X509_TO_X509_REQ 124 +#define X509_F_X509_VERIFY_CERT 125 + +/* Reason codes. */ +#define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_ERR_ASN1_LIB 102 +#define X509_R_LOADING_CERT_DIR 103 +#define X509_R_LOADING_DEFAULTS 104 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_SHOULD_RETRY 106 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_NID 109 +#define X509_R_UNKNOWN_STRING_TYPE 110 +#define X509_R_UNSUPPORTED_ALGORITHM 111 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c new file mode 100644 index 0000000000000000000000000000000000000000..14eebbfcb8bbaec5fbc91f1d46e7651c281aedf5 --- /dev/null +++ b/crypto/x509/x509_cmp.c @@ -0,0 +1,247 @@ +/* crypto/x509/x509_cmp.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "x509.h" + +int X509_issuer_and_serial_cmp(a,b) +X509 *a; +X509 *b; + { + int i; + X509_CINF *ai,*bi; + + ai=a->cert_info; + bi=b->cert_info; + i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); + if (i) return(i); + return(X509_NAME_cmp(ai->issuer,bi->issuer)); + } + +#ifndef NO_MD5 +unsigned long X509_issuer_and_serial_hash(a) +X509 *a; + { + unsigned long ret=0; + MD5_CTX ctx; + unsigned char md[16]; + char str[256]; + + X509_NAME_oneline(a->cert_info->issuer,str,256); + ret=strlen(str); + MD5_Init(&ctx); + MD5_Update(&ctx,(unsigned char *)str,ret); + MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, + (unsigned long)a->cert_info->serialNumber->length); + MD5_Final(&(md[0]),&ctx); + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) + )&0xffffffffL; + return(ret); + } +#endif + +int X509_issuer_name_cmp(a, b) +X509 *a; +X509 *b; + { + return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); + } + +int X509_subject_name_cmp(a, b) +X509 *a; +X509 *b; + { + return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); + } + +int X509_CRL_cmp(a, b) +X509_CRL *a; +X509_CRL *b; + { + return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); + } + +X509_NAME *X509_get_issuer_name(a) +X509 *a; + { + return(a->cert_info->issuer); + } + +unsigned long X509_issuer_name_hash(x) +X509 *x; + { + return(X509_NAME_hash(x->cert_info->issuer)); + } + +X509_NAME *X509_get_subject_name(a) +X509 *a; + { + return(a->cert_info->subject); + } + +ASN1_INTEGER *X509_get_serialNumber(a) +X509 *a; + { + return(a->cert_info->serialNumber); + } + +unsigned long X509_subject_name_hash(x) +X509 *x; + { + return(X509_NAME_hash(x->cert_info->subject)); + } + +int X509_NAME_cmp(a, b) +X509_NAME *a; +X509_NAME *b; + { + int i,j; + X509_NAME_ENTRY *na,*nb; + + if (sk_num(a->entries) != sk_num(b->entries)) + return(sk_num(a->entries)-sk_num(b->entries)); + for (i=sk_num(a->entries)-1; i>=0; i--) + { + na=(X509_NAME_ENTRY *)sk_value(a->entries,i); + nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); + j=na->value->length-nb->value->length; + if (j) return(j); + j=memcmp(na->value->data,nb->value->data, + na->value->length); + if (j) return(j); + j=na->set-nb->set; + if (j) return(j); + } + + /* We will check the object types after checking the values + * since the values will more often be different than the object + * types. */ + for (i=sk_num(a->entries)-1; i>=0; i--) + { + na=(X509_NAME_ENTRY *)sk_value(a->entries,i); + nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); + j=OBJ_cmp(na->object,nb->object); + if (j) return(j); + } + return(0); + } + +#ifndef NO_MD5 +/* I should do a DER encoding of the name and then hash it. */ +unsigned long X509_NAME_hash(x) +X509_NAME *x; + { + unsigned long ret=0; + unsigned char md[16]; + char str[256]; + + X509_NAME_oneline(x,str,256); + ret=strlen(str); + MD5((unsigned char *)str,ret,&(md[0])); + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) + )&0xffffffffL; + return(ret); + } +#endif + +/* Search a stack of X509 for a match */ +X509 *X509_find_by_issuer_and_serial(sk,name,serial) +STACK *sk; +X509_NAME *name; +ASN1_INTEGER *serial; + { + int i; + X509_CINF cinf; + X509 x,*x509=NULL; + + x.cert_info= &cinf; + cinf.serialNumber=serial; + cinf.issuer=name; + + for (i=0; i +#include +#include +#include "cryptlib.h" +#include "crypto.h" +#include "x509.h" + +int X509_STORE_set_default_paths(ctx) +X509_STORE *ctx; + { + X509_LOOKUP *lookup; + + lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); + if (lookup == NULL) return(0); + X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + + lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); + if (lookup == NULL) return(0); + X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + + /* clear any errors */ + ERR_clear_error(); + + return(1); + } + +int X509_STORE_load_locations(ctx,file,path) +X509_STORE *ctx; +char *file; +char *path; + { + X509_LOOKUP *lookup; + + if (file != NULL) + { + lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); + if (lookup == NULL) return(0); + X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM); + } + if (path != NULL) + { + lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); + if (lookup == NULL) return(0); + X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM); + } + return(1); + } + diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c new file mode 100644 index 0000000000000000000000000000000000000000..497923828c95363d4b6d899bc06cf0d97671c5fb --- /dev/null +++ b/crypto/x509/x509_def.c @@ -0,0 +1,83 @@ +/* crypto/x509/x509_def.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "cryptlib.h" +#include "crypto.h" +#include "x509.h" + +char *X509_get_default_private_dir() + { return(X509_PRIVATE_DIR); } + +char *X509_get_default_cert_area() + { return(X509_CERT_AREA); } + +char *X509_get_default_cert_dir() + { return(X509_CERT_DIR); } + +char *X509_get_default_cert_file() + { return(X509_CERT_FILE); } + +char *X509_get_default_cert_dir_env() + { return(X509_CERT_DIR_EVP); } + +char *X509_get_default_cert_file_env() + { return(X509_CERT_FILE_EVP); } + diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c new file mode 100644 index 0000000000000000000000000000000000000000..bfcc47fe03dff73c588df76bbbb1b28bea4e0e9e --- /dev/null +++ b/crypto/x509/x509_err.c @@ -0,0 +1,121 @@ +/* lib/x509/x509_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "x509.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA X509_str_functs[]= + { +{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, +{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, +{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, +{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, +{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, +{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"}, +{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"}, +{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"}, +{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, +{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, +{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, +{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_LOAD_CERT_FILE"}, +{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, +{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, +{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, +{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, +{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, +{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, +{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, +{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, +{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, +{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, +{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, +{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_ADD_CERT"}, +{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, +{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, +{0,NULL}, + }; + +static ERR_STRING_DATA X509_str_reasons[]= + { +{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, +{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, +{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, +{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, +{X509_R_LOADING_DEFAULTS ,"loading defaults"}, +{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, +{X509_R_SHOULD_RETRY ,"should retry"}, +{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, +{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, +{X509_R_UNKNOWN_NID ,"unknown nid"}, +{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"}, +{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, +{0,NULL}, + }; + +void ERR_load_X509_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_X509,X509_str_functs); + ERR_load_strings(ERR_LIB_X509,X509_str_reasons); + } + } diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c new file mode 100644 index 0000000000000000000000000000000000000000..7495183e88801cb12c6bf3782f425e9a0e74f608 --- /dev/null +++ b/crypto/x509/x509_ext.c @@ -0,0 +1,222 @@ +/* crypto/x509/x509_ext.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "stack.h" +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" + +int X509_CRL_get_ext_count(x) +X509_CRL *x; + { + return(X509v3_get_ext_count(x->crl->extensions)); + } + +int X509_CRL_get_ext_by_NID(x,nid,oldpos) +X509_CRL *x; +int nid; +int oldpos; + { + return(X509v3_get_ext_by_NID(x->crl->extensions,nid,oldpos)); + } + +int X509_CRL_get_ext_by_OBJ(x,obj,oldpos) +X509_CRL *x; +ASN1_OBJECT *obj; +int oldpos; + { + return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,oldpos)); + } + +int X509_CRL_get_ext_by_critical(x,crit,oldpos) +X509_CRL *x; +int crit; +int oldpos; + { + return(X509v3_get_ext_by_critical(x->crl->extensions,crit,oldpos)); + } + +X509_EXTENSION *X509_CRL_get_ext(x,loc) +X509_CRL *x; +int loc; + { + return(X509v3_get_ext(x->crl->extensions,loc)); + } + +X509_EXTENSION *X509_CRL_delete_ext(x,loc) +X509_CRL *x; +int loc; + { + return(X509v3_delete_ext(x->crl->extensions,loc)); + } + +int X509_CRL_add_ext(x,ex,loc) +X509_CRL *x; +X509_EXTENSION *ex; +int loc; + { + return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); + } + +int X509_get_ext_count(x) +X509 *x; + { + return(X509v3_get_ext_count(x->cert_info->extensions)); + } + +int X509_get_ext_by_NID(x,nid,oldpos) +X509 *x; +int nid; +int oldpos; + { + return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,oldpos)); + } + +int X509_get_ext_by_OBJ(x,obj,oldpos) +X509 *x; +ASN1_OBJECT *obj; +int oldpos; + { + return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,oldpos)); + } + +int X509_get_ext_by_critical(x,crit,oldpos) +X509 *x; +int crit; +int oldpos; + { + return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,oldpos)); + } + +X509_EXTENSION *X509_get_ext(x,loc) +X509 *x; +int loc; + { + return(X509v3_get_ext(x->cert_info->extensions,loc)); + } + +X509_EXTENSION *X509_delete_ext(x,loc) +X509 *x; +int loc; + { + return(X509v3_delete_ext(x->cert_info->extensions,loc)); + } + +int X509_add_ext(x,ex,loc) +X509 *x; +X509_EXTENSION *ex; +int loc; + { + return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); + } + +int X509_REVOKED_get_ext_count(x) +X509_REVOKED *x; + { + return(X509v3_get_ext_count(x->extensions)); + } + +int X509_REVOKED_get_ext_by_NID(x,nid,oldpos) +X509_REVOKED *x; +int nid; +int oldpos; + { + return(X509v3_get_ext_by_NID(x->extensions,nid,oldpos)); + } + +int X509_REVOKED_get_ext_by_OBJ(x,obj,oldpos) +X509_REVOKED *x; +ASN1_OBJECT *obj; +int oldpos; + { + return(X509v3_get_ext_by_OBJ(x->extensions,obj,oldpos)); + } + +int X509_REVOKED_get_ext_by_critical(x,crit,oldpos) +X509_REVOKED *x; +int crit; +int oldpos; + { + return(X509v3_get_ext_by_critical(x->extensions,crit,oldpos)); + } + +X509_EXTENSION *X509_REVOKED_get_ext(x,loc) +X509_REVOKED *x; +int loc; + { + return(X509v3_get_ext(x->extensions,loc)); + } + +X509_EXTENSION *X509_REVOKED_delete_ext(x,loc) +X509_REVOKED *x; +int loc; + { + return(X509v3_delete_ext(x->extensions,loc)); + } + +int X509_REVOKED_add_ext(x,ex,loc) +X509_REVOKED *x; +X509_EXTENSION *ex; +int loc; + { + return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); + } + diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c new file mode 100644 index 0000000000000000000000000000000000000000..455ad5af45adf0522ca51cc8d13be1089b65c963 --- /dev/null +++ b/crypto/x509/x509_lu.c @@ -0,0 +1,439 @@ +/* crypto/x509/x509_lu.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "lhash.h" +#include "x509.h" + +X509_LOOKUP *X509_LOOKUP_new(method) +X509_LOOKUP_METHOD *method; + { + X509_LOOKUP *ret; + + ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP)); + if (ret == NULL) return(NULL); + + ret->init=0; + ret->skip=0; + ret->method=method; + ret->method_data=NULL; + ret->store_ctx=NULL; + if ((method->new_item != NULL) && !method->new_item(ret)) + { + Free(ret); + return(NULL); + } + return(ret); + } + +void X509_LOOKUP_free(ctx) +X509_LOOKUP *ctx; + { + if (ctx == NULL) return; + if ( (ctx->method != NULL) && + (ctx->method->free != NULL)) + ctx->method->free(ctx); + Free(ctx); + } + +int X509_LOOKUP_init(ctx) +X509_LOOKUP *ctx; + { + if (ctx->method == NULL) return(0); + if (ctx->method->init != NULL) + return(ctx->method->init(ctx)); + else + return(1); + } + +int X509_LOOKUP_shutdown(ctx) +X509_LOOKUP *ctx; + { + if (ctx->method == NULL) return(0); + if (ctx->method->init != NULL) + return(ctx->method->shutdown(ctx)); + else + return(1); + } + +int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret) +X509_LOOKUP *ctx; +int cmd; +char *argc; +long argl; +char **ret; + { + if (ctx->method == NULL) return(-1); + if (ctx->method->ctrl != NULL) + return(ctx->method->ctrl(ctx,cmd,argc,argl,ret)); + else + return(1); + } + +int X509_LOOKUP_by_subject(ctx,type,name,ret) +X509_LOOKUP *ctx; +int type; +X509_NAME *name; +X509_OBJECT *ret; + { + if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) + return(X509_LU_FAIL); + if (ctx->skip) return(0); + return(ctx->method->get_by_subject(ctx,type,name,ret)); + } + +int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret) +X509_LOOKUP *ctx; +int type; +X509_NAME *name; +ASN1_INTEGER *serial; +X509_OBJECT *ret; + { + if ((ctx->method == NULL) || + (ctx->method->get_by_issuer_serial == NULL)) + return(X509_LU_FAIL); + return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret)); + } + +int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret) +X509_LOOKUP *ctx; +int type; +unsigned char *bytes; +int len; +X509_OBJECT *ret; + { + if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) + return(X509_LU_FAIL); + return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret)); + } + +int X509_LOOKUP_by_alias(ctx,type,str,len,ret) +X509_LOOKUP *ctx; +int type; +char *str; +int len; +X509_OBJECT *ret; + { + if ((ctx->method == NULL) || (ctx->method->get_by_alias)) + return(X509_LU_FAIL); + return(ctx->method->get_by_alias(ctx,str,len,ret)); + } + +static unsigned long x509_object_hash(a) +X509_OBJECT *a; + { + unsigned long h; + + switch (a->type) + { + case X509_LU_X509: + h=X509_NAME_hash(a->data.x509->cert_info->subject); + break; + case X509_LU_CRL: + h=X509_NAME_hash(a->data.crl->crl->issuer); + break; + default: + abort(); + } + return(h); + } + +static int x509_object_cmp(a,b) +X509_OBJECT *a,*b; + { + int ret; + + ret=(a->type - b->type); + if (ret) return(ret); + switch (a->type) + { + case X509_LU_X509: + ret=X509_subject_name_cmp(a->data.x509,b->data.x509); + break; + case X509_LU_CRL: + ret=X509_CRL_cmp(a->data.crl,b->data.crl); + break; + default: + abort(); + } + return(ret); + } + +X509_STORE *X509_STORE_new() + { + X509_STORE *ret; + + if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL) + return(NULL); + ret->certs=lh_new(x509_object_hash,x509_object_cmp); + ret->cache=1; + ret->get_cert_methods=sk_new_null(); + ret->verify=NULL; + ret->verify_cb=NULL; + ret->app_data=NULL; + ret->references=1; + return(ret); + } + +static void cleanup(a) +X509_OBJECT *a; + { + if (a->type == X509_LU_X509) + { + X509_free(a->data.x509); + } + else if (a->type == X509_LU_CRL) + { + X509_CRL_free(a->data.crl); + } + else + abort(); + + Free(a); + } + +void X509_STORE_free(vfy) +X509_STORE *vfy; + { + int i; + STACK *sk; + X509_LOOKUP *lu; + + sk=vfy->get_cert_methods; + for (i=0; icerts,cleanup); + lh_free(vfy->certs); + Free(vfy); + } + +X509_LOOKUP *X509_STORE_add_lookup(v,m) +X509_STORE *v; +X509_LOOKUP_METHOD *m; + { + int i; + STACK *sk; + X509_LOOKUP *lu; + + sk=v->get_cert_methods; + for (i=0; imethod) + { + return(lu); + } + } + /* a new one */ + lu=X509_LOOKUP_new(m); + if (lu == NULL) + return(NULL); + else + { + lu->store_ctx=v; + if (sk_push(v->get_cert_methods,(char *)lu)) + return(lu); + else + { + X509_LOOKUP_free(lu); + return(NULL); + } + } + } + +int X509_STORE_get_by_subject(vs,type,name,ret) +X509_STORE_CTX *vs; +int type; +X509_NAME *name; +X509_OBJECT *ret; + { + X509_STORE *ctx=vs->ctx; + X509_LOOKUP *lu; + X509_OBJECT stmp,*tmp; + int i,j; + + tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name); + + if (tmp == NULL) + { + for (i=vs->current_method; iget_cert_methods); i++) + { + lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i); + j=X509_LOOKUP_by_subject(lu,type,name,&stmp); + if (j < 0) + { + vs->current_method=j; + return(j); + } + else if (j) + { + tmp= &stmp; + break; + } + } + vs->current_method=0; + if (tmp == NULL) + return(0); + } + +/* if (ret->data.ptr != NULL) + X509_OBJECT_free_contents(ret); */ + + ret->type=tmp->type; + ret->data.ptr=tmp->data.ptr; + + X509_OBJECT_up_ref_count(ret); + + return(1); + } + +void X509_OBJECT_up_ref_count(a) +X509_OBJECT *a; + { + switch (a->type) + { + case X509_LU_X509: + CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); + break; + case X509_LU_CRL: + CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); + break; + } + } + +void X509_OBJECT_free_contents(a) +X509_OBJECT *a; + { + switch (a->type) + { + case X509_LU_X509: + X509_free(a->data.x509); + break; + case X509_LU_CRL: + X509_CRL_free(a->data.crl); + break; + } + } + +X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name) +LHASH *h; +int type; +X509_NAME *name; + { + X509_OBJECT stmp,*tmp; + X509 x509_s; + X509_CINF cinf_s; + X509_CRL crl_s; + X509_CRL_INFO crl_info_s; + + stmp.type=type; + switch (type) + { + case X509_LU_X509: + stmp.data.x509= &x509_s; + x509_s.cert_info= &cinf_s; + cinf_s.subject=name; + break; + case X509_LU_CRL: + stmp.data.crl= &crl_s; + crl_s.crl= &crl_info_s; + crl_info_s.issuer=name; + break; + default: + abort(); + } + + tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp); + return(tmp); + } + +void X509_STORE_CTX_init(ctx,store,x509,chain) +X509_STORE_CTX *ctx; +X509_STORE *store; +X509 *x509; +STACK *chain; + { + ctx->ctx=store; + ctx->current_method=0; + ctx->cert=x509; + ctx->untrusted=chain; + ctx->last_untrusted=0; + ctx->valid=0; + ctx->chain=NULL; + ctx->depth=10; + ctx->error=0; + ctx->current_cert=NULL; + } + +void X509_STORE_CTX_cleanup(ctx) +X509_STORE_CTX *ctx; + { + if (ctx->chain != NULL) + { + sk_pop_free(ctx->chain,X509_free); + ctx->chain=NULL; + } + } + diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c new file mode 100644 index 0000000000000000000000000000000000000000..2b53af1e6122ef09c9b5f5d2fbf703d7c8eed67a --- /dev/null +++ b/crypto/x509/x509_obj.c @@ -0,0 +1,180 @@ +/* crypto/x509/x509_obj.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "lhash.h" +#include "objects.h" +#include "x509.h" +#include "buffer.h" + +char *X509_NAME_oneline(a,buf,len) +X509_NAME *a; +char *buf; +int len; + { + X509_NAME_ENTRY *ne; + unsigned int i; + int n,lold,l,l1,l2,num,j,type; + char *s,*p; + unsigned char *q; + BUF_MEM *b=NULL; + static char hex[17]="0123456789ABCDEF"; + int gs_doit[4]; + + if (a == NULL) return("NO X509_NAME"); + if (buf == NULL) + { + if ((b=BUF_MEM_new()) == NULL) goto err; + if (!BUF_MEM_grow(b,200)) goto err; + b->data[0]='\0'; + len=200; + } + + len--; /* space for '\0' */ + l=0; + for (i=0; (int)ientries); i++) + { + ne=(X509_NAME_ENTRY *)sk_value(a->entries,i); + n=OBJ_obj2nid(ne->object); + if (n == NID_undef) + s="UNKNOWN"; + else + { + s=OBJ_nid2sn(n); + if (s == NULL) s="UNKNOWN2"; + } + l1=strlen(s); + + type=ne->value->type; + num=ne->value->length; + q=ne->value->data; + + if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) + { + gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; + for (j=0; j '~')) l2+=3; + } + + lold=l; + l+=1+l1+1+l2; + if (b != NULL) + { + if (!BUF_MEM_grow(b,l+1)) goto err; + p= &(b->data[lold]); + } + else if (l > len) + { + break; + } + else + p= &(buf[lold]); + *(p++)='/'; + memcpy(p,s,(unsigned int)l1); p+=l1; + *(p++)='='; + + q=ne->value->data; + + for (j=0; j '~')) + { + *(p++)='\\'; + *(p++)='x'; + *(p++)=hex[(n>>4)&0x0f]; + *(p++)=hex[n&0x0f]; + } + else + *(p++)=n; + } + *p='\0'; + } + if (b != NULL) + { + p=b->data; + Free((char *)b); + } + else + p=buf; + return(p); +err: + X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); + if (b != NULL) BUF_MEM_free(b); + return(NULL); + } + diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c new file mode 100644 index 0000000000000000000000000000000000000000..7e79959c8a0bd24bd2d667f495a163c608bfe0a8 --- /dev/null +++ b/crypto/x509/x509_r2x.c @@ -0,0 +1,122 @@ +/* crypto/x509/x509_r2x.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "evp.h" +#include "asn1.h" +#include "x509.h" +#include "objects.h" +#include "buffer.h" +#include "pem.h" + +X509 *X509_REQ_to_X509(r,days,pkey) +X509_REQ *r; +int days; +EVP_PKEY *pkey; + { + X509 *ret=NULL; + int er=1; + X509_REQ_INFO *ri=NULL; + X509_CINF *xi=NULL; + X509_NAME *xn; + + if ((ret=X509_new()) == NULL) + { + X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* duplicate the request */ + ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO, + (char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info); + if (ri == NULL) goto err; + + xi=ret->cert_info; + + if (sk_num(ri->attributes) != 0) + { + if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err; + if (!ASN1_INTEGER_set(xi->version,2)) goto err; +/* xi->extensions=ri->attributes; <- bad, should not ever be done + ri->attributes=NULL; */ + } + + xn=X509_REQ_get_subject_name(r); + X509_set_subject_name(ret,X509_NAME_dup(xn)); + X509_set_issuer_name(ret,X509_NAME_dup(xn)); + + X509_gmtime_adj(xi->validity->notBefore,0); + X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days); + + X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); + + if (!X509_sign(ret,pkey,EVP_md5())) + goto err; + er=0; +err: + if (er) + { + X509_free(ret); + X509_REQ_INFO_free(ri); + return(NULL); + } + return(ret); + } + diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c new file mode 100644 index 0000000000000000000000000000000000000000..c1f10c2428616a64fd5b93fede1be217aeebd81a --- /dev/null +++ b/crypto/x509/x509_req.c @@ -0,0 +1,111 @@ +/* crypto/x509/x509_req.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "evp.h" +#include "asn1.h" +#include "x509.h" +#include "objects.h" +#include "buffer.h" +#include "pem.h" + +X509_REQ *X509_to_X509_REQ(x,pkey) +X509 *x; +EVP_PKEY *pkey; + { + X509_REQ *ret; + X509_REQ_INFO *ri; + int i; + + ret=X509_REQ_new(); + if (ret == NULL) + { + X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); + goto err; + } + + ri=ret->req_info; + + ri->version->length=1; + ri->version->data=(unsigned char *)Malloc(1); + if (ri->version->data == NULL) goto err; + ri->version->data[0]=0; /* version == 0 */ + + if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) + goto err; + + i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x)); + if (!i) goto err; + +/* NEEDS FIXING EAY EAY EAY */ + if (!X509_REQ_sign(ret,pkey,EVP_md5())) + goto err; + return(ret); +err: + X509_REQ_free(ret); + return(NULL); + } + +EVP_PKEY *X509_REQ_get_pubkey(req) +X509_REQ *req; + { + return(X509_PUBKEY_get(req->req_info->pubkey)); + } + diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c new file mode 100644 index 0000000000000000000000000000000000000000..f65ae91f53e26ca6b7ff3a73437a82e15beb4133 --- /dev/null +++ b/crypto/x509/x509_set.c @@ -0,0 +1,164 @@ +/* crypto/x509/x509_set.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" + +int X509_set_version(x,version) +X509 *x; +long version; + { + if (x == NULL) return(0); + if (x->cert_info->version == NULL) + { + if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL) + return(0); + } + return(ASN1_INTEGER_set(x->cert_info->version,version)); + } + +int X509_set_serialNumber(x,serial) +X509 *x; +ASN1_INTEGER *serial; + { + ASN1_INTEGER *in; + + if (x == NULL) return(0); + in=x->cert_info->serialNumber; + if (in != serial) + { + in=ASN1_INTEGER_dup(serial); + if (in != NULL) + { + ASN1_INTEGER_free(x->cert_info->serialNumber); + x->cert_info->serialNumber=in; + } + } + return(in != NULL); + } + +int X509_set_issuer_name(x,name) +X509 *x; +X509_NAME *name; + { + if ((x == NULL) || (x->cert_info == NULL)) return(0); + return(X509_NAME_set(&x->cert_info->issuer,name)); + } + +int X509_set_subject_name(x,name) +X509 *x; +X509_NAME *name; + { + if ((x == NULL) || (x->cert_info == NULL)) return(0); + return(X509_NAME_set(&x->cert_info->subject,name)); + } + +int X509_set_notBefore(x,tm) +X509 *x; +ASN1_UTCTIME *tm; + { + ASN1_UTCTIME *in; + + if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); + in=x->cert_info->validity->notBefore; + if (in != tm) + { + in=ASN1_UTCTIME_dup(tm); + if (in != NULL) + { + ASN1_UTCTIME_free(x->cert_info->validity->notBefore); + x->cert_info->validity->notBefore=in; + } + } + return(in != NULL); + } + +int X509_set_notAfter(x,tm) +X509 *x; +ASN1_UTCTIME *tm; + { + ASN1_UTCTIME *in; + + if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); + in=x->cert_info->validity->notAfter; + if (in != tm) + { + in=ASN1_UTCTIME_dup(tm); + if (in != NULL) + { + ASN1_UTCTIME_free(x->cert_info->validity->notAfter); + x->cert_info->validity->notAfter=in; + } + } + return(in != NULL); + } + +int X509_set_pubkey(x,pkey) +X509 *x; +EVP_PKEY *pkey; + { + if ((x == NULL) || (x->cert_info == NULL)) return(0); + return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); + } + + + diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c new file mode 100644 index 0000000000000000000000000000000000000000..d5fc5839a1008166857275c3cd4f476806adff58 --- /dev/null +++ b/crypto/x509/x509_txt.c @@ -0,0 +1,130 @@ +/* crypto/x509/x509_txt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include + +#include "cryptlib.h" +#include "lhash.h" +#include "buffer.h" +#include "evp.h" +#include "asn1.h" +#include "x509.h" +#include "objects.h" +#include "pem.h" + +char *X509_verify_cert_error_string(n) +int n; + { + static char buf[100]; + + switch (n) + { + case X509_V_OK: + return("ok"); + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + return("unable to get issuer certificate"); + case X509_V_ERR_UNABLE_TO_GET_CRL: + return("unable to get certificate CRL"); + case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: + return("unable to decrypt certificate's signature"); + case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: + return("unable to decrypt CRL's's signature"); + case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: + return("unable to decode issuer public key"); + case X509_V_ERR_CERT_SIGNATURE_FAILURE: + return("certificate signature failure"); + case X509_V_ERR_CRL_SIGNATURE_FAILURE: + return("CRL signature failure"); + case X509_V_ERR_CERT_NOT_YET_VALID: + return("certificate is not yet valid"); + case X509_V_ERR_CRL_NOT_YET_VALID: + return("CRL is not yet valid"); + case X509_V_ERR_CERT_HAS_EXPIRED: + return("Certificate has expired"); + case X509_V_ERR_CRL_HAS_EXPIRED: + return("CRL has expired"); + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + return("format error in certificate's notBefore field"); + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + return("format error in certificate's notAfter field"); + case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FILED: + return("format error in CRL's lastUpdate field"); + case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FILED: + return("format error in CRL's nextUpdate field"); + case X509_V_ERR_OUT_OF_MEM: + return("out of memory"); + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + return("self signed certificate"); + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + return("self signed certificate in certificate chain"); + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + return("unable to get local issuer certificate"); + case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + return("unable to verify the first certificate"); + case X509_V_ERR_CERT_CHAIN_TOO_LONG: + return("certificate chain too long"); + default: + sprintf(buf,"error number %d",n); + return(buf); + } + } + + diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c new file mode 100644 index 0000000000000000000000000000000000000000..388130b1d776c14cc70ac23611d2445b30a484c8 --- /dev/null +++ b/crypto/x509/x509_v3.c @@ -0,0 +1,409 @@ +/* crypto/x509/x509_v3.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "stack.h" +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" + +#ifndef NOPROTO +static X509_EXTENSION_METHOD *find_by_nid(int nid); +static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b); +#else +static X509_EXTENSION_METHOD *find_by_nid(); +static int xem_cmp(); +#endif + +static STACK *extensions=NULL; + +int X509v3_get_ext_count(x) +STACK *x; + { + if (x == NULL) return(0); + return(sk_num(x)); + } + +int X509v3_get_ext_by_NID(x,nid,oldpos) +STACK *x; +int nid; +int oldpos; + { + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) return(-2); + return(X509v3_get_ext_by_OBJ(x,obj,oldpos)); + } + +int X509v3_get_ext_by_OBJ(sk,obj,oldpos) +STACK *sk; +ASN1_OBJECT *obj; +int oldpos; + { + int n; + X509_EXTENSION *ex; + + if (sk == NULL) return(-1); + oldpos++; + if (oldpos < 0) + oldpos=0; + n=sk_num(sk); + for ( ; oldpos < n; oldpos++) + { + ex=(X509_EXTENSION *)sk_value(sk,oldpos); + if (OBJ_cmp(ex->object,obj) == 0) + return(oldpos); + } + return(-1); + } + +int X509v3_get_ext_by_critical(sk,crit,oldpos) +STACK *sk; +int crit; +int oldpos; + { + int n; + X509_EXTENSION *ex; + + if (sk == NULL) return(-1); + oldpos++; + if (oldpos < 0) + oldpos=0; + n=sk_num(sk); + for ( ; oldpos < n; oldpos++) + { + ex=(X509_EXTENSION *)sk_value(sk,oldpos); + if ( (ex->critical && crit) || + (!ex->critical && !crit)) + return(oldpos); + } + return(-1); + } + +X509_EXTENSION *X509v3_get_ext(x,loc) +STACK *x; +int loc; + { + if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) + return(NULL); + else + return((X509_EXTENSION *)sk_value(x,loc)); + } + +X509_EXTENSION *X509v3_delete_ext(x,loc) +STACK *x; +int loc; + { + X509_EXTENSION *ret; + + if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) + return(NULL); + ret=(X509_EXTENSION *)sk_delete(x,loc); + return(ret); + } + +STACK *X509v3_add_ext(x,ex,loc) +STACK **x; +X509_EXTENSION *ex; +int loc; + { + X509_EXTENSION *new_ex=NULL; + int n; + STACK *sk=NULL; + + if ((x != NULL) && (*x == NULL)) + { + if ((sk=sk_new_null()) == NULL) + goto err; + } + else + sk= *x; + + n=sk_num(sk); + if (loc > n) loc=n; + else if (loc < 0) loc=n; + + if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) + goto err2; + if (!sk_insert(sk,(char *)new_ex,loc)) + goto err; + if ((x != NULL) && (*x == NULL)) + *x=sk; + return(sk); +err: + X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); +err2: + if (new_ex != NULL) X509_EXTENSION_free(new_ex); + if (sk != NULL) sk_free(sk); + return(NULL); + } + +X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data) +X509_EXTENSION **ex; +int nid; +int crit; +ASN1_OCTET_STRING *data; + { + ASN1_OBJECT *obj; + X509_EXTENSION *ret; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) + { + X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID); + return(NULL); + } + ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); + if (ret == NULL) ASN1_OBJECT_free(obj); + return(ret); + } + +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data) +X509_EXTENSION **ex; +ASN1_OBJECT *obj; +int crit; +ASN1_OCTET_STRING *data; + { + X509_EXTENSION *ret; + + if ((ex == NULL) || (*ex == NULL)) + { + if ((ret=X509_EXTENSION_new()) == NULL) + { + X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); + return(NULL); + } + } + else + ret= *ex; + + if (!X509_EXTENSION_set_object(ret,obj)) + goto err; + if (!X509_EXTENSION_set_critical(ret,crit)) + goto err; + if (!X509_EXTENSION_set_data(ret,data)) + goto err; + + if ((ex != NULL) && (*ex == NULL)) *ex=ret; + return(ret); +err: + if ((ex == NULL) || (ret != *ex)) + X509_EXTENSION_free(ret); + return(NULL); + } + +int X509_EXTENSION_set_object(ex,obj) +X509_EXTENSION *ex; +ASN1_OBJECT *obj; + { + if ((ex == NULL) || (obj == NULL)) + return(0); + ASN1_OBJECT_free(ex->object); + ex->object=OBJ_dup(obj); + return(1); + } + +int X509_EXTENSION_set_critical(ex,crit) +X509_EXTENSION *ex; +int crit; + { + if (ex == NULL) return(0); + ex->critical=(crit)?0xFF:0; + return(1); + } + +int X509_EXTENSION_set_data(ex,data) +X509_EXTENSION *ex; +ASN1_OCTET_STRING *data; + { + int i; + + if (ex == NULL) return(0); + i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length); + if (!i) return(0); + return(1); + } + +ASN1_OBJECT *X509_EXTENSION_get_object(ex) +X509_EXTENSION *ex; + { + if (ex == NULL) return(NULL); + return(ex->object); + } + +ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex) +X509_EXTENSION *ex; + { + if (ex == NULL) return(NULL); + return(ex->value); + } + +int X509_EXTENSION_get_critical(ex) +X509_EXTENSION *ex; + { + if (ex == NULL) return(0); + return(ex->critical); + } + +int X509v3_data_type_by_OBJ(obj) +ASN1_OBJECT *obj; + { + int nid; + + nid=OBJ_obj2nid(obj); + if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF); + return(X509v3_data_type_by_NID(nid)); + } + +int X509v3_data_type_by_NID(nid) +int nid; + { + X509_EXTENSION_METHOD *x; + + x=find_by_nid(nid); + if (x == NULL) + return(V_ASN1_UNDEF); + else + return(x->data_type); + } + +int X509v3_pack_type_by_OBJ(obj) +ASN1_OBJECT *obj; + { + int nid; + + nid=OBJ_obj2nid(obj); + if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN); + return(X509v3_pack_type_by_NID(nid)); + } + +int X509v3_pack_type_by_NID(nid) +int nid; + { + X509_EXTENSION_METHOD *x; + + x=find_by_nid(nid); + if (x == NULL) + return(X509_EXT_PACK_UNKNOWN); + else + return(x->pack_type); + } + +static X509_EXTENSION_METHOD *find_by_nid(nid) +int nid; + { + X509_EXTENSION_METHOD x; + int i; + + x.nid=nid; + if (extensions == NULL) return(NULL); + i=sk_find(extensions,(char *)&x); + if (i < 0) + return(NULL); + else + return((X509_EXTENSION_METHOD *)sk_value(extensions,i)); + } + +static int xem_cmp(a,b) +X509_EXTENSION_METHOD **a,**b; + { + return((*a)->nid-(*b)->nid); + } + +void X509v3_cleanup_extensions() + { + int i; + + if (extensions != NULL) + { + for (i=0; inid=x->nid; + newx->data_type=x->data_type; + newx->pack_type=x->pack_type; + if (!sk_push(extensions,(char *)newx)) + { + Free(newx); + goto err; + } + return(1); +err: + X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE); + return(0); + } + diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c new file mode 100644 index 0000000000000000000000000000000000000000..f6dba6f9ef97a7ce73e60265a7350dd5e4ec429c --- /dev/null +++ b/crypto/x509/x509_vfy.c @@ -0,0 +1,585 @@ +/* crypto/x509/x509_vfy.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include + +#include "cryptlib.h" +#include "lhash.h" +#include "buffer.h" +#include "evp.h" +#include "asn1.h" +#include "x509.h" +#include "objects.h" +#include "pem.h" + +#ifndef NOPROTO +static int null_callback(int ok,X509_STORE_CTX *e); +static int internal_verify(X509_STORE_CTX *ctx); +#else +static int null_callback(); +static int internal_verify(); +#endif + +char *X509_version="X509 part of SSLeay 0.8.1b 29-Jun-1998"; + +static int null_callback(ok,e) +int ok; +X509_STORE_CTX *e; + { + return(ok); + } + +#if 0 +static int x509_subject_cmp(a,b) +X509 **a,**b; + { + return(X509_subject_name_cmp(*a,*b)); + } +#endif + +int X509_verify_cert(ctx) +X509_STORE_CTX *ctx; + { + X509 *x,*xtmp,*chain_ss=NULL; + X509_NAME *xn; + X509_OBJECT obj; + int depth,i,ok=0; + int num; + int (*cb)(); + STACK *sktmp=NULL; + + if (ctx->cert == NULL) + { + X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + return(-1); + } + + cb=ctx->ctx->verify_cb; + if (cb == NULL) cb=null_callback; + + /* first we make sure the chain we are going to build is + * present and that the first entry is in place */ + if (ctx->chain == NULL) + { + if ( ((ctx->chain=sk_new_null()) == NULL) || + (!sk_push(ctx->chain,(char *)ctx->cert))) + { + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + goto end; + } + CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); + ctx->last_untrusted=1; + } + + /* We use a temporary so we can chop and hack at it */ + if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL) + { + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + goto end; + } + + num=sk_num(ctx->chain); + x=(X509 *)sk_value(ctx->chain,num-1); + depth=ctx->depth; + + + for (;;) + { + /* If we have enough, we break */ + if (depth <= num) break; + + /* If we are self signed, we break */ + xn=X509_get_issuer_name(x); + if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) + break; + + /* If we were passed a cert chain, use it first */ + if (ctx->untrusted != NULL) + { + xtmp=X509_find_by_subject(sktmp,xn); + if (xtmp != NULL) + { + if (!sk_push(ctx->chain,(char *)xtmp)) + { + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + goto end; + } + CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); + sk_delete_ptr(sktmp,(char *)xtmp); + ctx->last_untrusted++; + x=xtmp; + num++; + /* reparse the full chain for + * the next one */ + continue; + } + } + break; + } + + /* at this point, chain should contain a list of untrusted + * certificates. We now need to add at least one trusted one, + * if possible, otherwise we complain. */ + + i=sk_num(ctx->chain); + x=(X509 *)sk_value(ctx->chain,i-1); + if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x)) + == 0) + { + /* we have a self signed certificate */ + if (sk_num(ctx->chain) == 1) + { + ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert=x; + ctx->error_depth=i-1; + ok=cb(0,ctx); + if (!ok) goto end; + } + else + { + /* worry more about this one elsewhere */ + chain_ss=(X509 *)sk_pop(ctx->chain); + ctx->last_untrusted--; + num--; + x=(X509 *)sk_value(ctx->chain,num-1); + } + } + + /* We now lookup certs from the certificate store */ + for (;;) + { + /* If we have enough, we break */ + if (depth <= num) break; + + /* If we are self signed, we break */ + xn=X509_get_issuer_name(x); + if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) + break; + + ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); + if (ok != X509_LU_X509) + { + if (ok == X509_LU_RETRY) + { + X509_OBJECT_free_contents(&obj); + X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); + return(ok); + } + else if (ok != X509_LU_FAIL) + { + X509_OBJECT_free_contents(&obj); + /* not good :-(, break anyway */ + return(ok); + } + break; + } + x=obj.data.x509; + if (!sk_push(ctx->chain,(char *)obj.data.x509)) + { + X509_OBJECT_free_contents(&obj); + X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + return(0); + } + num++; + } + + /* we now have our chain, lets check it... */ + xn=X509_get_issuer_name(x); + if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0) + { + if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0)) + { + if (ctx->last_untrusted >= num) + ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; + else + ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + ctx->current_cert=x; + } + else + { + + sk_push(ctx->chain,(char *)chain_ss); + num++; + ctx->last_untrusted=num; + ctx->current_cert=chain_ss; + ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + chain_ss=NULL; + } + + ctx->error_depth=num-1; + ok=cb(0,ctx); + if (!ok) goto end; + } + + /* We may as well copy down any DSA parameters that are required */ + X509_get_pubkey_parameters(NULL,ctx->chain); + + /* At this point, we have a chain and just need to verify it */ + if (ctx->ctx->verify != NULL) + ok=ctx->ctx->verify(ctx); + else + ok=internal_verify(ctx); +end: + if (sktmp != NULL) sk_free(sktmp); + if (chain_ss != NULL) X509_free(chain_ss); + return(ok); + } + +static int internal_verify(ctx) +X509_STORE_CTX *ctx; + { + int i,ok=0,n; + X509 *xs,*xi; + EVP_PKEY *pkey=NULL; + int (*cb)(); + + cb=ctx->ctx->verify_cb; + if (cb == NULL) cb=null_callback; + + n=sk_num(ctx->chain); + ctx->error_depth=n-1; + n--; + xi=(X509 *)sk_value(ctx->chain,n); + if (X509_NAME_cmp(X509_get_subject_name(xi), + X509_get_issuer_name(xi)) == 0) + xs=xi; + else + { + if (n <= 0) + { + ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; + ctx->current_cert=xi; + ok=cb(0,ctx); + goto end; + } + else + { + n--; + ctx->error_depth=n; + xs=(X509 *)sk_value(ctx->chain,n); + } + } + +/* ctx->error=0; not needed */ + while (n >= 0) + { + ctx->error_depth=n; + if (!xs->valid) + { + if ((pkey=X509_get_pubkey(xi)) == NULL) + { + ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + ctx->current_cert=xi; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + if (X509_verify(xs,pkey) <= 0) + { + ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; + ctx->current_cert=xs; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + pkey=NULL; + + i=X509_cmp_current_time(X509_get_notBefore(xs)); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; + ctx->current_cert=xs; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + if (i > 0) + { + ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; + ctx->current_cert=xs; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + xs->valid=1; + } + + i=X509_cmp_current_time(X509_get_notAfter(xs)); + if (i == 0) + { + ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; + ctx->current_cert=xs; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + + if (i < 0) + { + ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; + ctx->current_cert=xs; + ok=(*cb)(0,ctx); + if (!ok) goto end; + } + + /* CRL CHECK */ + + /* The last error (if any) is still in the error value */ + ctx->current_cert=xs; + ok=(*cb)(1,ctx); + if (!ok) goto end; + + n--; + if (n >= 0) + { + xi=xs; + xs=(X509 *)sk_value(ctx->chain,n); + } + } + ok=1; +end: + return(ok); + } + +int X509_cmp_current_time(ctm) +ASN1_UTCTIME *ctm; + { + char *str; + ASN1_UTCTIME atm; + time_t offset; + char buff1[24],buff2[24],*p; + int i,j; + + p=buff1; + i=ctm->length; + str=(char *)ctm->data; + if ((i < 11) || (i > 17)) return(0); + memcpy(p,str,10); + p+=10; + str+=10; + + if ((*str == 'Z') || (*str == '-') || (*str == '+')) + { *(p++)='0'; *(p++)='0'; } + else { *(p++)= *(str++); *(p++)= *(str++); } + *(p++)='Z'; + *(p++)='\0'; + + if (*str == 'Z') + offset=0; + else + { + if ((*str != '+') && (str[5] != '-')) + return(0); + offset=((str[1]-'0')*10+(str[2]-'0'))*60; + offset+=(str[3]-'0')*10+(str[4]-'0'); + if (*str == '-') + offset-=offset; + } + atm.type=V_ASN1_UTCTIME; + atm.length=sizeof(buff2); + atm.data=(unsigned char *)buff2; + + X509_gmtime_adj(&atm,offset); + + i=(buff1[0]-'0')*10+(buff1[1]-'0'); + if (i < 70) i+=100; + j=(buff2[0]-'0')*10+(buff2[1]-'0'); + if (j < 70) j+=100; + + if (i < j) return (-1); + if (i > j) return (1); + i=strcmp(buff1,buff2); + if (i == 0) /* wait a second then return younger :-) */ + return(-1); + else + return(i); + } + +ASN1_UTCTIME *X509_gmtime_adj(s, adj) +ASN1_UTCTIME *s; +long adj; + { + time_t t; + + time(&t); + t+=adj; + return(ASN1_UTCTIME_set(s,t)); + } + +int X509_get_pubkey_parameters(pkey,chain) +EVP_PKEY *pkey; +STACK *chain; + { + EVP_PKEY *ktmp=NULL,*ktmp2; + int i,j; + + if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1); + + for (i=0; i= 0; j--) + { + ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j)); + EVP_PKEY_copy_parameters(ktmp2,ktmp); + } + + if (pkey != NULL) + EVP_PKEY_copy_parameters(pkey,ktmp); + return(1); + } + +EVP_PKEY *X509_get_pubkey(x) +X509 *x; + { + return(X509_PUBKEY_get(x->cert_info->key)); + } + +int X509_check_private_key(x,k) +X509 *x; +EVP_PKEY *k; + { + EVP_PKEY *xk=NULL; + int ok=0; + + xk=X509_get_pubkey(x); + if (xk->type != k->type) goto err; + switch (k->type) + { +#ifndef NO_RSA + case EVP_PKEY_RSA: + if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err; + if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err; + break; +#endif +#ifndef NO_DSA + case EVP_PKEY_DSA: + if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) + goto err; + break; +#endif +#ifndef NO_DH + case EVP_PKEY_DH: + /* No idea */ + goto err; +#endif + default: + goto err; + } + + ok=1; +err: + return(ok); + } + +int X509_STORE_add_cert(ctx,x) +X509_STORE *ctx; +X509 *x; + { + X509_OBJECT *obj,*r; + int ret=1; + + if (x == NULL) return(0); + obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); + if (obj == NULL) + { + X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); + return(0); + } + obj->type=X509_LU_X509; + obj->data.x509=x; + + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + + X509_OBJECT_up_ref_count(obj); + + r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); + if (r != NULL) + { /* oops, put it back */ + lh_delete(ctx->certs,(char *)obj); + X509_OBJECT_free_contents(obj); + Free(obj); + lh_insert(ctx->certs,(char *)r); + X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + return(ret); + } + + diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h new file mode 100644 index 0000000000000000000000000000000000000000..b92e1ba4328def44c64801e1515d5e4955960e39 --- /dev/null +++ b/crypto/x509/x509_vfy.h @@ -0,0 +1,341 @@ +/* crypto/x509/x509_vfy.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_X509_VFY_H +#define HEADER_X509_VFY_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Outer object */ +typedef struct x509_hash_dir_st + { + int num_dirs; + char **dirs; + int *dirs_type; + int num_dirs_alloced; + } X509_HASH_DIR_CTX; + +typedef struct x509_file_st + { + int num_paths; /* number of paths to files or directories */ + int num_alloced; + char **paths; /* the list of paths or directories */ + int *path_type; + } X509_CERT_FILE_CTX; + +/*******************************/ +/* +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#define X509_LU_X509 1 +#define X509_LU_CRL 2 +#define X509_LU_PKEY 3 + +typedef struct x509_object_st + { + /* one of the above types */ + int type; + union { + char *ptr; + X509 *x509; + X509_CRL *crl; + EVP_PKEY *pkey; + } data; + } X509_OBJECT; + +/* This is a static that defines the function interface */ +typedef struct x509_lookup_method_st + { + char *name; + int (*new_item)(); + void (*free)(); + int (*init)(/* meth, char ** */); + int (*shutdown)( /* meth, char ** */); + int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */); + int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */); + int (*get_by_issuer_serial)(); + int (*get_by_fingerprint)(); + int (*get_by_alias)(); + } X509_LOOKUP_METHOD; + +/* This is used to hold everything. It is used for all certificate + * validation. Once we have a certificate chain, the 'verify' + * function is then called to actually check the cert chain. */ +typedef struct x509_store_st + { + /* The following is a cache of trusted certs */ + int cache; /* if true, stash any hits */ +#ifdef HEADER_LHASH_H + LHASH *certs; /* cached certs; */ +#else + char *certs; +#endif + + /* These are external lookup methods */ + STACK *get_cert_methods;/* X509_LOOKUP */ + int (*verify)(); /* called to verify a certificate */ + int (*verify_cb)(); /* error callback */ + + char *app_data; + int references; + int depth; /* how deep to look */ + } X509_STORE; + +#define X509_STORE_set_depth(ctx,depth) ((ctx)->depth=(depth)) + +#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) +#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) + +/* This is the functions plus an instance of the local variables. */ +typedef struct x509_lookup_st + { + int init; /* have we been started */ + int skip; /* don't use us. */ + X509_LOOKUP_METHOD *method; /* the functions */ + char *method_data; /* method data */ + + X509_STORE *store_ctx; /* who owns us */ + } X509_LOOKUP; + +/* This is a temporary used when processing cert chains. Since the + * gathering of the cert chain can take some time (and have to be + * 'retried', this needs to be kept and passed around. */ +typedef struct x509_store_state_st + { + X509_STORE *ctx; + int current_method; /* used when looking up certs */ + + /* The following are set by the caller */ + X509 *cert; /* The cert to check */ + STACK *untrusted; /* chain of X509s - untrusted - passed in */ + + /* The following is built up */ + int depth; /* how far to go looking up certs */ + int valid; /* if 0, rebuild chain */ + int last_untrusted; /* index of last untrusted cert */ + STACK *chain; /* chain of X509s - built up and trusted */ + + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + + char *app_data; + } X509_STORE_CTX; + +#define X509_STORE_CTX_set_app_data(ctx,data) ((ctx)->app_data=(data)) +#define X509_STORE_CTX_get_app_data(ctx) ((ctx)->app_data) +#define X509_STORE_CTX_get_error(ctx) ((ctx)->error) +#define X509_STORE_CTX_set_error(ctx,s) ((ctx)->error=(s)) +#define X509_STORE_CTX_get_error_depth(ctx) ((ctx)->error_depth) +#define X509_STORE_CTX_get_current_cert(ctx) ((ctx)->current_cert) +#define X509_STORE_CTX_get_chain(ctx) ((ctx)->chain) + +#define X509_STORE_CTX_set_cert(c,ch) ((c)->cert=(ch)) +#define X509_STORE_CTX_set_chain(c,ch) ((c)->untrusted=(ch)) + +#define X509_L_FILE_LOAD 1 +#define X509_L_ADD_DIR 2 + +X509_LOOKUP_METHOD *X509_LOOKUP_file(); +#define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +X509_LOOKUP_METHOD *X509_LOOKUP_dir(); +#define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +#define X509_V_OK 0 + +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_CRL_HAS_EXPIRED 12 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FILED 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FILED 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 + +#ifndef NOPROTO +#ifdef HEADER_LHASH_H +X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name); +#endif +void X509_OBJECT_up_ref_count(X509_OBJECT *a); +void X509_OBJECT_free_contents(X509_OBJECT *a); +X509_STORE *X509_STORE_new(void ); +void X509_STORE_free(X509_STORE *v); + +void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK *chain); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); + +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); + +int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, + X509_OBJECT *ret); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret); +int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type); + +void X509v3_cleanup_extensions(void ); +int X509v3_add_extension(X509_EXTENSION_METHOD *x); +int X509v3_add_netscape_extensions(void ); +int X509v3_add_standard_extensions(void ); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, + unsigned char *bytes, int len, X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, + int len, X509_OBJECT *ret); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_locations (X509_STORE *ctx, + char *file, char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#else + +#ifdef HEADER_LHASH_H +X509_OBJECT *X509_OBJECT_retrive_by_subject(); +#endif +void X509_OBJECT_up_ref_count(); +void X509_OBJECT_free_contents(); +X509_STORE *X509_STORE_new(); +void X509_STORE_free(); + +void X509_STORE_CTX_init(); +void X509_STORE_CTX_cleanup(); + +X509_LOOKUP *X509_STORE_add_lookup(); + +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(); +X509_LOOKUP_METHOD *X509_LOOKUP_file(); + +int X509_STORE_add_cert(); + +int X509_STORE_get_by_subject(); + +int X509_LOOKUP_ctrl(); +int X509_load_cert_file(); + +void X509v3_cleanup_extensions(); +int X509v3_add_extension(); +int X509v3_add_netscape_extensions(); +int X509v3_add_standard_extensions(); + +X509_LOOKUP *X509_LOOKUP_new(); +void X509_LOOKUP_free(); +int X509_LOOKUP_init(); +int X509_LOOKUP_by_subject(); +int X509_LOOKUP_by_issuer_serial(); +int X509_LOOKUP_by_fingerprint(); +int X509_LOOKUP_by_alias(); +int X509_LOOKUP_shutdown(); + +int X509_STORE_load_locations (); +int X509_STORE_set_default_paths(); + +#endif + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c new file mode 100644 index 0000000000000000000000000000000000000000..8223ec069d48a29c755f31fbccc0e5c7d0821f18 --- /dev/null +++ b/crypto/x509/x509name.c @@ -0,0 +1,357 @@ +/* crypto/x509/x509name.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "stack.h" +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" + +int X509_NAME_get_text_by_NID(name,nid,buf,len) +X509_NAME *name; +int nid; +char *buf; +int len; + { + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) return(-1); + return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); + } + +int X509_NAME_get_text_by_OBJ(name,obj,buf,len) +X509_NAME *name; +ASN1_OBJECT *obj; +char *buf; +int len; + { + int i; + ASN1_STRING *data; + + i=X509_NAME_get_index_by_OBJ(name,obj,-1); + if (i < 0) return(-1); + data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i)); + i=(data->length > (len-1))?(len-1):data->length; + if (buf == NULL) return(data->length); + memcpy(buf,data->data,i); + buf[i]='\0'; + return(i); + } + +int X509_NAME_entry_count(name) +X509_NAME *name; + { + if (name == NULL) return(0); + return(sk_num(name->entries)); + } + +int X509_NAME_get_index_by_NID(name,nid,oldpos) +X509_NAME *name; +int nid; +int oldpos; + { + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) return(-2); + return(X509_NAME_get_index_by_OBJ(name,obj,oldpos)); + } + +int X509_NAME_get_index_by_OBJ(name,obj,oldpos) +X509_NAME *name; +ASN1_OBJECT *obj; +int oldpos; + { + int n; + X509_NAME_ENTRY *ne; + STACK *sk; + + if (name == NULL) return(-1); + if (oldpos < 0) + oldpos= -1; + sk=name->entries; + n=sk_num(sk); + for (oldpos++; oldpos < n; oldpos++) + { + ne=(X509_NAME_ENTRY *)sk_value(sk,oldpos); + if (OBJ_cmp(ne->object,obj) == 0) + return(oldpos); + } + return(-1); + } + +X509_NAME_ENTRY *X509_NAME_get_entry(name,loc) +X509_NAME *name; +int loc; + { + if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) + return(NULL); + else + return((X509_NAME_ENTRY *)sk_value(name->entries,loc)); + } + +X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc) +X509_NAME *name; +int loc; + { + X509_NAME_ENTRY *ret; + int i,j,n,set_prev,set_next; + STACK *sk; + + if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) + return(NULL); + sk=name->entries; + ret=(X509_NAME_ENTRY *)sk_delete(sk,loc); + n=sk_num(sk); + name->modified=1; + if (loc == n) return(ret); + + /* else we need to fixup the set field */ + if (loc != 0) + set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; + else + set_prev=ret->set-1; + set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; + + /* set_prev is the previous set + * set is the current set + * set_next is the following + * prev 1 1 1 1 1 1 1 1 + * set 1 1 2 2 + * next 1 1 2 2 2 2 3 2 + * so basically only if prev and next differ by 2, then + * re-number down by 1 */ + if (set_prev+1 < set_next) + { + j=set_next-set_prev-1; + for (i=loc; iset-=j; + } + return(ret); + } + +/* if set is -1, append to previous set, 0 'a new one', and 1, + * prepend to the guy we are about to stomp on. */ +int X509_NAME_add_entry(name,ne,loc,set) +X509_NAME *name; +X509_NAME_ENTRY *ne; +int loc; +int set; + { + X509_NAME_ENTRY *new_name=NULL; + int n,i,inc; + STACK *sk; + + if (name == NULL) return(0); + sk=name->entries; + n=sk_num(sk); + if (loc > n) loc=n; + else if (loc < 0) loc=n; + + name->modified=1; + + if (set == -1) + { + if (loc == 0) + { + set=0; + inc=1; + } + else + { + set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; + inc=0; + } + } + else /* if (set >= 0) */ + { + if (loc >= n) + { + if (loc != 0) + set=((X509_NAME_ENTRY *) + sk_value(sk,loc-1))->set+1; + else + set=0; + } + else + set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; + inc=(set == 0)?1:0; + } + + if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) + goto err; + new_name->set=set; + if (!sk_insert(sk,(char *)new_name,loc)) + { + X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); + goto err; + } + if (inc) + { + n=sk_num(sk); + for (i=loc+1; iset+=1; + } + return(1); +err: + if (new_name != NULL) + X509_NAME_ENTRY_free(ne); + return(0); + } + +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len) +X509_NAME_ENTRY **ne; +int nid; +int type; +unsigned char *bytes; +int len; + { + ASN1_OBJECT *obj; + + obj=OBJ_nid2obj(nid); + if (obj == NULL) + { + X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); + return(NULL); + } + return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); + } + +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len) +X509_NAME_ENTRY **ne; +ASN1_OBJECT *obj; +int type; +unsigned char *bytes; +int len; + { + X509_NAME_ENTRY *ret; + + if ((ne == NULL) || (*ne == NULL)) + { + if ((ret=X509_NAME_ENTRY_new()) == NULL) + return(NULL); + } + else + ret= *ne; + + if (!X509_NAME_ENTRY_set_object(ret,obj)) + goto err; + if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) + goto err; + + if ((ne != NULL) && (*ne == NULL)) *ne=ret; + return(ret); +err: + if ((ne == NULL) || (ret != *ne)) + X509_NAME_ENTRY_free(ret); + return(NULL); + } + +int X509_NAME_ENTRY_set_object(ne,obj) +X509_NAME_ENTRY *ne; +ASN1_OBJECT *obj; + { + if ((ne == NULL) || (obj == NULL)) + { + X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + ASN1_OBJECT_free(ne->object); + ne->object=OBJ_dup(obj); + return((ne->object == NULL)?0:1); + } + +int X509_NAME_ENTRY_set_data(ne,type,bytes,len) +X509_NAME_ENTRY *ne; +int type; +unsigned char *bytes; +int len; + { + int i; + + if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); + if (len < 0) len=strlen((char *)bytes); + i=ASN1_STRING_set(ne->value,bytes,len); + if (!i) return(0); + if (type != V_ASN1_UNDEF) + { + if (type == V_ASN1_APP_CHOOSE) + ne->value->type=ASN1_PRINTABLE_type(bytes,len); + else + ne->value->type=type; + } + return(1); + } + +ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne) +X509_NAME_ENTRY *ne; + { + if (ne == NULL) return(NULL); + return(ne->object); + } + +ASN1_STRING *X509_NAME_ENTRY_get_data(ne) +X509_NAME_ENTRY *ne; + { + if (ne == NULL) return(NULL); + return(ne->value); + } + diff --git a/crypto/x509/x509pack.c b/crypto/x509/x509pack.c new file mode 100644 index 0000000000000000000000000000000000000000..949943fca5a09ef7c87ead4ca09627ea7535bb04 --- /dev/null +++ b/crypto/x509/x509pack.c @@ -0,0 +1,157 @@ +/* crypto/x509/x509pack.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "stack.h" +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" + +ASN1_OCTET_STRING *X509v3_pack_string(ex,type,bytes,len) +ASN1_OCTET_STRING **ex; +int type; +unsigned char *bytes; +int len; + { + ASN1_OCTET_STRING *os; + ASN1_STRING str; + unsigned char *p; + int i; + + if ((ex == NULL) || (*ex == NULL)) + os=ASN1_OCTET_STRING_new(); + else + os= *ex; + + if (len < 0) len=strlen((char *)bytes); + str.length=len; + str.type=type; + str.data=bytes; + + /* str now holds the data, we just have to copy it into ->value */ + + switch (type) + { + case V_ASN1_BIT_STRING: + i=i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,NULL); + if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i)) + goto err; + p=(unsigned char *)os->data; + i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,&p); + break; + case V_ASN1_OCTET_STRING: + i=i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,NULL); + if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i)) + goto err; + p=(unsigned char *)os->data; + i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,&p); + break; + case V_ASN1_IA5STRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + i=i2d_ASN1_bytes(&str,NULL,type,V_ASN1_UNIVERSAL); + if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i)) + goto err; + p=(unsigned char *)os->data; + i=i2d_ASN1_bytes(&str,&p,type,V_ASN1_UNIVERSAL); + break; + default: + X509err(X509_F_X509V3_PACK_STRING,X509_R_UNKNOWN_STRING_TYPE); + goto err; + } + os->length=i; + + if ((ex != NULL) && (os != *ex)) + *ex=os; + return(os); +err: + return(NULL); + } + +ASN1_STRING *X509v3_unpack_string(ex,type,os) +ASN1_STRING **ex; +int type; +ASN1_OCTET_STRING *os; + { + unsigned char *p; + ASN1_STRING *ret=NULL; + + p=os->data; + switch (type) + { + case V_ASN1_BIT_STRING: + ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING( + (ASN1_BIT_STRING **)ex,&p,os->length); + break; + case V_ASN1_OCTET_STRING: + ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING( + (ASN1_BIT_STRING **)ex,&p,os->length); + break; + case V_ASN1_IA5STRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + ret=(ASN1_STRING *)d2i_ASN1_PRINTABLE(ex,&p,os->length); + break; + default: + X509err(X509_F_X509V3_UNPACK_STRING,X509_R_UNKNOWN_STRING_TYPE); + } + return(ret); + } + diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c new file mode 100644 index 0000000000000000000000000000000000000000..2ff456f2ee00dbc1ef634fe81a430e8f10eb72a8 --- /dev/null +++ b/crypto/x509/x509rset.c @@ -0,0 +1,89 @@ +/* crypto/x509/x509rset.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" + +int X509_REQ_set_version(x,version) +X509_REQ *x; +long version; + { + if (x == NULL) return(0); + return(ASN1_INTEGER_set(x->req_info->version,version)); + } + +int X509_REQ_set_subject_name(x,name) +X509_REQ *x; +X509_NAME *name; + { + if ((x == NULL) || (x->req_info == NULL)) return(0); + return(X509_NAME_set(&x->req_info->subject,name)); + } + +int X509_REQ_set_pubkey(x,pkey) +X509_REQ *x; +EVP_PKEY *pkey; + { + if ((x == NULL) || (x->req_info == NULL)) return(0); + return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); + } + diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c new file mode 100644 index 0000000000000000000000000000000000000000..05d6919d6ae16371d8125017b10e34a1c6aa0c58 --- /dev/null +++ b/crypto/x509/x509type.c @@ -0,0 +1,115 @@ +/* crypto/x509/x509type.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" + +int X509_certificate_type(x,pkey) +X509 *x; +EVP_PKEY *pkey; + { + EVP_PKEY *pk; + int ret=0,i; + + if (x == NULL) return(0); + + if (pkey == NULL) + pk=X509_get_pubkey(x); + else + pk=pkey; + + if (pk == NULL) return(0); + + switch (pk->type) + { + case EVP_PKEY_RSA: + ret=EVP_PK_RSA|EVP_PKT_SIGN; +/* if (!sign only extension) */ + ret|=EVP_PKT_ENC; + break; + case EVP_PKEY_DSA: + ret=EVP_PK_DSA|EVP_PKT_SIGN; + break; + case EVP_PKEY_DH: + ret=EVP_PK_DH|EVP_PKT_EXCH; + break; + default: + break; + } + + i=X509_get_signature_type(x); + switch (i) + { + case EVP_PKEY_RSA: + ret|=EVP_PKS_RSA; + break; + case EVP_PKS_DSA: + ret|=EVP_PKS_DSA; + break; + default: + break; + } + + if (EVP_PKEY_size(pkey) <= 512) + ret|=EVP_PKT_EXP; + return(ret); + } + diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c new file mode 100644 index 0000000000000000000000000000000000000000..2f554f597b73699c2ddfcdca6062548997b690ce --- /dev/null +++ b/crypto/x509/x_all.c @@ -0,0 +1,465 @@ +/* crypto/x509/x_all.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#undef SSLEAY_MACROS +#include "stack.h" +#include "cryptlib.h" +#include "buffer.h" +#include "asn1.h" +#include "evp.h" +#include "x509.h" + +int X509_verify(a,r) +X509 *a; +EVP_PKEY *r; + { + return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg, + a->signature,(char *)a->cert_info,r)); + } + +int X509_REQ_verify(a,r) +X509_REQ *a; +EVP_PKEY *r; + { + return( ASN1_verify((int (*)())i2d_X509_REQ_INFO, + a->sig_alg,a->signature,(char *)a->req_info,r)); + } + +int X509_CRL_verify(a,r) +X509_CRL *a; +EVP_PKEY *r; + { + return(ASN1_verify((int (*)())i2d_X509_CRL_INFO, + a->sig_alg, a->signature,(char *)a->crl,r)); + } + +int NETSCAPE_SPKI_verify(a,r) +NETSCAPE_SPKI *a; +EVP_PKEY *r; + { + return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC, + a->sig_algor,a->signature, (char *)a->spkac,r)); + } + +int X509_sign(x,pkey,md) +X509 *x; +EVP_PKEY *pkey; +EVP_MD *md; + { + return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, + x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)); + } + +int X509_REQ_sign(x,pkey,md) +X509_REQ *x; +EVP_PKEY *pkey; +EVP_MD *md; + { + return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, + x->signature, (char *)x->req_info,pkey,md)); + } + +int X509_CRL_sign(x,pkey,md) +X509_CRL *x; +EVP_PKEY *pkey; +EVP_MD *md; + { + return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg, + x->sig_alg, x->signature, (char *)x->crl,pkey,md)); + } + +int NETSCAPE_SPKI_sign(x,pkey,md) +NETSCAPE_SPKI *x; +EVP_PKEY *pkey; +EVP_MD *md; + { + return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, + x->signature, (char *)x->spkac,pkey,md)); + } + +X509 *X509_dup(x509) +X509 *x509; + { + return((X509 *)ASN1_dup((int (*)())i2d_X509, + (char *(*)())d2i_X509,(char *)x509)); + } + +X509_EXTENSION *X509_EXTENSION_dup(ex) +X509_EXTENSION *ex; + { + return((X509_EXTENSION *)ASN1_dup( + (int (*)())i2d_X509_EXTENSION, + (char *(*)())d2i_X509_EXTENSION,(char *)ex)); + } + +#ifndef WIN16 +X509 *d2i_X509_fp(fp,x509) +FILE *fp; +X509 *x509; + { + return((X509 *)ASN1_d2i_fp((char *(*)())X509_new, + (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))); + } + +int i2d_X509_fp(fp,x509) +FILE *fp; +X509 *x509; + { + return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)); + } +#endif + +X509 *d2i_X509_bio(bp,x509) +BIO *bp; +X509 *x509; + { + return((X509 *)ASN1_d2i_bio((char *(*)())X509_new, + (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))); + } + +int i2d_X509_bio(bp,x509) +BIO *bp; +X509 *x509; + { + return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)); + } + +X509_CRL *X509_CRL_dup(crl) +X509_CRL *crl; + { + return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, + (char *(*)())d2i_X509_CRL,(char *)crl)); + } + +#ifndef WIN16 +X509_CRL *d2i_X509_CRL_fp(fp,crl) +FILE *fp; +X509_CRL *crl; + { + return((X509_CRL *)ASN1_d2i_fp((char *(*)()) + X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp), + (unsigned char **)(crl))); + } + +int i2d_X509_CRL_fp(fp,crl) +FILE *fp; +X509_CRL *crl; + { + return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl)); + } +#endif + +X509_CRL *d2i_X509_CRL_bio(bp,crl) +BIO *bp; +X509_CRL *crl; + { + return((X509_CRL *)ASN1_d2i_bio((char *(*)()) + X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp), + (unsigned char **)(crl))); + } + +int i2d_X509_CRL_bio(bp,crl) +BIO *bp; +X509_CRL *crl; + { + return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl)); + } + +PKCS7 *PKCS7_dup(p7) +PKCS7 *p7; + { + return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, + (char *(*)())d2i_PKCS7,(char *)p7)); + } + +#ifndef WIN16 +PKCS7 *d2i_PKCS7_fp(fp,p7) +FILE *fp; +PKCS7 *p7; + { + return((PKCS7 *)ASN1_d2i_fp((char *(*)()) + PKCS7_new,(char *(*)())d2i_PKCS7, (fp), + (unsigned char **)(p7))); + } + +int i2d_PKCS7_fp(fp,p7) +FILE *fp; +PKCS7 *p7; + { + return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7)); + } +#endif + +PKCS7 *d2i_PKCS7_bio(bp,p7) +BIO *bp; +PKCS7 *p7; + { + return((PKCS7 *)ASN1_d2i_bio((char *(*)()) + PKCS7_new,(char *(*)())d2i_PKCS7, (bp), + (unsigned char **)(p7))); + } + +int i2d_PKCS7_bio(bp,p7) +BIO *bp; +PKCS7 *p7; + { + return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7)); + } + +X509_REQ *X509_REQ_dup(req) +X509_REQ *req; + { + return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, + (char *(*)())d2i_X509_REQ,(char *)req)); + } + +#ifndef WIN16 +X509_REQ *d2i_X509_REQ_fp(fp,req) +FILE *fp; +X509_REQ *req; + { + return((X509_REQ *)ASN1_d2i_fp((char *(*)()) + X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp), + (unsigned char **)(req))); + } + +int i2d_X509_REQ_fp(fp,req) +FILE *fp; +X509_REQ *req; + { + return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req)); + } +#endif + +X509_REQ *d2i_X509_REQ_bio(bp,req) +BIO *bp; +X509_REQ *req; + { + return((X509_REQ *)ASN1_d2i_bio((char *(*)()) + X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp), + (unsigned char **)(req))); + } + +int i2d_X509_REQ_bio(bp,req) +BIO *bp; +X509_REQ *req; + { + return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req)); + } + +#ifndef NO_RSA +RSA *RSAPublicKey_dup(rsa) +RSA *rsa; + { + return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, + (char *(*)())d2i_RSAPublicKey,(char *)rsa)); + } + +RSA *RSAPrivateKey_dup(rsa) +RSA *rsa; + { + return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, + (char *(*)())d2i_RSAPrivateKey,(char *)rsa)); + } + +#ifndef WIN16 +RSA *d2i_RSAPrivateKey_fp(fp,rsa) +FILE *fp; +RSA *rsa; + { + return((RSA *)ASN1_d2i_fp((char *(*)()) + RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), + (unsigned char **)(rsa))); + } + +int i2d_RSAPrivateKey_fp(fp,rsa) +FILE *fp; +RSA *rsa; + { + return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa)); + } + +RSA *d2i_RSAPublicKey_fp(fp,rsa) +FILE *fp; +RSA *rsa; + { + return((RSA *)ASN1_d2i_fp((char *(*)()) + RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), + (unsigned char **)(rsa))); + } + +int i2d_RSAPublicKey_fp(fp,rsa) +FILE *fp; +RSA *rsa; + { + return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa)); + } +#endif + +RSA *d2i_RSAPrivateKey_bio(bp,rsa) +BIO *bp; +RSA *rsa; + { + return((RSA *)ASN1_d2i_bio((char *(*)()) + RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), + (unsigned char **)(rsa))); + } + +int i2d_RSAPrivateKey_bio(bp,rsa) +BIO *bp; +RSA *rsa; + { + return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa)); + } + +RSA *d2i_RSAPublicKey_bio(bp,rsa) +BIO *bp; +RSA *rsa; + { + return((RSA *)ASN1_d2i_bio((char *(*)()) + RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), + (unsigned char **)(rsa))); + } + +int i2d_RSAPublicKey_bio(bp,rsa) +BIO *bp; +RSA *rsa; + { + return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa)); + } +#endif + +#ifndef NO_DSA +#ifndef WIN16 +DSA *d2i_DSAPrivateKey_fp(fp,dsa) +FILE *fp; +DSA *dsa; + { + return((DSA *)ASN1_d2i_fp((char *(*)()) + DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), + (unsigned char **)(dsa))); + } + +int i2d_DSAPrivateKey_fp(fp,dsa) +FILE *fp; +DSA *dsa; + { + return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); + } +#endif + +DSA *d2i_DSAPrivateKey_bio(bp,dsa) +BIO *bp; +DSA *dsa; + { + return((DSA *)ASN1_d2i_bio((char *(*)()) + DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), + (unsigned char **)(dsa))); + } + +int i2d_DSAPrivateKey_bio(bp,dsa) +BIO *bp; +DSA *dsa; + { + return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); + } +#endif + +X509_NAME *X509_NAME_dup(xn) +X509_NAME *xn; + { + return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, + (char *(*)())d2i_X509_NAME,(char *)xn)); + } + +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne) +X509_NAME_ENTRY *ne; + { + return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY, + (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); + } + +int X509_digest(data,type,md,len) +X509 *data; +EVP_MD *type; +unsigned char *md; +unsigned int *len; + { + return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); + } + +int X509_NAME_digest(data,type,md,len) +X509_NAME *data; +EVP_MD *type; +unsigned char *md; +unsigned int *len; + { + return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); + } + +int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) +PKCS7_ISSUER_AND_SERIAL *data; +EVP_MD *type; +unsigned char *md; +unsigned int *len; + { + return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type, + (char *)data,md,len)); + } + diff --git a/demos/README b/demos/README new file mode 100644 index 0000000000000000000000000000000000000000..769965ab83f7228d47b1899781623378ea2c26e0 --- /dev/null +++ b/demos/README @@ -0,0 +1,3 @@ +Some demo programs sent to me by various people + +eric diff --git a/demos/b64.c b/demos/b64.c new file mode 100644 index 0000000000000000000000000000000000000000..5e3d20e3214be1ef56f185010af2c8057efd11fa --- /dev/null +++ b/demos/b64.c @@ -0,0 +1,270 @@ +/* demos/b64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include "buffer.h" +#include "err.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "pem.h" + +#undef SIZE +#undef BSIZE +#undef PROG + +#define SIZE (512) +#define BSIZE (8*1024) +#define PROG enc_main + +int main(argc,argv) +int argc; +char **argv; + { + char *strbuf=NULL; + unsigned char *buff=NULL,*bufsize=NULL; + int bsize=BSIZE,verbose=0; + int ret=1,inl; + unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + char *str=NULL; + char *hkey=NULL,*hiv=NULL; + int enc=1,printkey=0,i,base64=0; + int debug=0; + EVP_CIPHER *cipher=NULL,*c; + char *inf=NULL,*outf=NULL; + BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + base64=1; + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-e") == 0) + enc=1; + if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + inf= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outf= *(++argv); + } + else if (strcmp(*argv,"-d") == 0) + enc=0; + else if (strcmp(*argv,"-v") == 0) + verbose=1; + else if (strcmp(*argv,"-debug") == 0) + debug=1; + else if (strcmp(*argv,"-bufsize") == 0) + { + if (--argc < 1) goto bad; + bufsize=(unsigned char *)*(++argv); + } + else + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); +bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s input file\n","-in "); + BIO_printf(bio_err,"%-14s output file\n","-out "); + BIO_printf(bio_err,"%-14s encode\n","-e"); + BIO_printf(bio_err,"%-14s decode\n","-d"); + BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); + + goto end; + } + argc--; + argv++; + } + + if (bufsize != NULL) + { + int i; + unsigned long n; + + for (n=0; *bufsize; bufsize++) + { + i= *bufsize; + if ((i <= '9') && (i >= '0')) + n=n*10+i-'0'; + else if (i == 'k') + { + n*=1024; + bufsize++; + break; + } + } + if (*bufsize != '\0') + { + BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); + goto end; + } + + /* It must be large enough for a base64 encoded line */ + if (n < 80) n=80; + + bsize=(int)n; + if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); + } + + strbuf=Malloc(SIZE); + buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize)); + if ((buff == NULL) || (strbuf == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + BIO_set_callback(out,BIO_debug_callback); + BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(out,bio_err); + } + + if (inf == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,inf) <= 0) + { + perror(inf); + goto end; + } + } + + if (outf == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outf) <= 0) + { + perror(outf); + goto end; + } + } + + rbio=in; + wbio=out; + + if (base64) + { + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + if (debug) + { + BIO_set_callback(b64,BIO_debug_callback); + BIO_set_callback_arg(b64,bio_err); + } + if (enc) + wbio=BIO_push(b64,wbio); + else + rbio=BIO_push(b64,rbio); + } + + for (;;) + { + inl=BIO_read(rbio,(char *)buff,bsize); + if (inl <= 0) break; + if (BIO_write(wbio,(char *)buff,inl) != inl) + { + BIO_printf(bio_err,"error writing output file\n"); + goto end; + } + } + BIO_flush(wbio); + + ret=0; + if (verbose) + { + BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); + BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); + } +end: + if (strbuf != NULL) Free(strbuf); + if (buff != NULL) Free(buff); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (benc != NULL) BIO_free(benc); + if (b64 != NULL) BIO_free(b64); + EXIT(ret); + } + diff --git a/demos/b64.pl b/demos/b64.pl new file mode 100644 index 0000000000000000000000000000000000000000..8aa5fb464d38770bac6becaf46a205dc81287ed0 --- /dev/null +++ b/demos/b64.pl @@ -0,0 +1,20 @@ +#!/usr/local/bin/perl + +# +# Make PEM encoded data have lines of 64 bytes of data +# + +while (<>) + { + if (/^-----BEGIN/ .. /^-----END/) + { + if (/^-----BEGIN/) { $first=$_; next; } + if (/^-----END/) { $last=$_; next; } + $out.=$_; + } + } +$out =~ s/\s//g; +$out =~ s/(.{64})/$1\n/g; +print "$first$out\n$last\n"; + + diff --git a/demos/bio/README b/demos/bio/README new file mode 100644 index 0000000000000000000000000000000000000000..0b24e5b80cc7a87c9c4ea3aed7cb7498774d0338 --- /dev/null +++ b/demos/bio/README @@ -0,0 +1,3 @@ +This directory contains some simple examples of the use of BIO's +to simplify socket programming. + diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c new file mode 100644 index 0000000000000000000000000000000000000000..81bf35375081c990adaa326686b71cf496300f5e --- /dev/null +++ b/demos/bio/saccept.c @@ -0,0 +1,107 @@ +/* NOCW */ +/* demos/bio/saccept.c */ + +/* A minimal program to server an SSL connection. + * It uses blocking. + * saccept host:port + * host is the interface IP to use. If any interface, use *:port + * The default it *:4433 + * + * cc -I../../include saccept.c -L../.. -lssl -lcrypto + */ + +#include +#include +#include "err.h" +#include "ssl.h" + +#define CERT_FILE "server.pem" + +BIO *in=NULL; + +void close_up() + { + if (in != NULL) + BIO_free(in); + } + +int main(argc,argv) +int argc; +char *argv[]; + { + char *port=NULL; + BIO *ssl_bio,*tmp; + SSL_CTX *ctx; + SSL *ssl; + char buf[512]; + int ret=1,i; + + if (argc <= 1) + port="*:4433"; + else + port=argv[1]; + + signal(SIGINT,close_up); + + SSL_load_error_strings(); + + /* Add ciphers and message digests */ + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(SSLv23_server_method()); + if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_check_private_key(ctx)) + goto err; + + /* Setup server side SSL bio */ + ssl=SSL_new(ctx); + ssl_bio=BIO_new_ssl(ctx,0); + + if ((in=BIO_new_accept(port)) == NULL) goto err; + + /* This means that when a new connection is acceptede on 'in', + * The ssl_bio will be 'dupilcated' and have the new socket + * BIO push into it. Basically it means the SSL BIO will be + * automatically setup */ + BIO_set_accept_bios(in,ssl_bio); + +again: + /* The first call will setup the accept socket, and the second + * will get a socket. In this loop, the first actuall accept + * will occur in the BIO_read() function. */ + + if (BIO_do_accept(in) <= 0) goto err; + + for (;;) + { + i=BIO_read(in,buf,512); + if (i == 0) + { + /* If we have finished, remove the underlying + * BIO stack so the next time we call any function + * for this BIO, it will attempt to do an + * accept */ + printf("Done\n"); + tmp=BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) goto err; + fwrite(buf,1,i,stdout); + fflush(stdout); + } + + ret=0; +err: + if (ret) + { + ERR_print_errors_fp(stderr); + } + if (in != NULL) BIO_free(in); + exit(ret); + return(!ret); + } + diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c new file mode 100644 index 0000000000000000000000000000000000000000..8a667f5911781ea5ee3ef796f10f050cd0869327 --- /dev/null +++ b/demos/bio/sconnect.c @@ -0,0 +1,115 @@ +/* NOCW */ +/* demos/bio/sconnect.c */ + +/* A minimal program to do SSL to a passed host and port. + * It is actually using non-blocking IO but in a very simple manner + * sconnect host:port - it does a 'GET / HTTP/1.0' + * + * cc -I../../include sconnect.c -L../.. -lssl -lcrypto + */ +#include +#include +#include "err.h" +#include "ssl.h" + +extern int errno; + +int main(argc,argv) +int argc; +char *argv[]; + { + char *host; + BIO *out; + char buf[1024*10],*p; + SSL_CTX *ssl_ctx=NULL; + SSL *ssl; + BIO *ssl_bio; + int i,len,off,ret=1; + + if (argc <= 1) + host="localhost:4433"; + else + host=argv[1]; + + /* Lets get nice error messages */ + SSL_load_error_strings(); + + /* Setup all the global SSL stuff */ + SSLeay_add_ssl_algorithms(); + ssl_ctx=SSL_CTX_new(SSLv23_client_method()); + + /* Lets make a SSL structure */ + ssl=SSL_new(ssl_ctx); + SSL_set_connect_state(ssl); + + /* Use it inside an SSL BIO */ + ssl_bio=BIO_new(BIO_f_ssl()); + BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); + + /* Lets use a connect BIO under the SSL BIO */ + out=BIO_new(BIO_s_connect()); + BIO_set_hostname(out,host); + BIO_set_nbio(out,1); + out=BIO_push(ssl_bio,out); + + p="GET / HTTP/1.0\r\n\r\n"; + len=strlen(p); + + off=0; + for (;;) + { + i=BIO_write(out,&(p[off]),len); + if (i <= 0) + { + if (BIO_should_retry(out)) + { + fprintf(stderr,"write DELAY\n"); + sleep(1); + continue; + } + else + { + goto err; + } + } + off+=i; + len-=i; + if (len <= 0) break; + } + + for (;;) + { + i=BIO_read(out,buf,sizeof(buf)); + if (i == 0) break; + if (i < 0) + { + if (BIO_should_retry(out)) + { + fprintf(stderr,"read DELAY\n"); + sleep(1); + continue; + } + goto err; + } + fwrite(buf,1,i,stdout); + } + + ret=1; + + if (0) + { +err: + if (ERR_peek_error() == 0) /* system call error */ + { + fprintf(stderr,"errno=%d ",errno); + perror("error"); + } + else + ERR_print_errors_fp(stderr); + } + BIO_free_all(out); + if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx); + exit(!ret); + return(ret); + } + diff --git a/demos/bio/server.pem b/demos/bio/server.pem new file mode 100644 index 0000000000000000000000000000000000000000..5cf1387d65d75530b709b47d975264fad1af701a --- /dev/null +++ b/demos/bio/server.pem @@ -0,0 +1,30 @@ +subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- + +MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe +Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ +hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG +sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw +tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq +agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA +g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= +-----END RSA PRIVATE KEY----- + +-----BEGIN DH PARAMETERS----- +MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn +a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC +-----END DH PARAMETERS----- + diff --git a/demos/maurice/Makefile b/demos/maurice/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..fa67dcca81bfb0bda63cc7aa86ea882c29e394f7 --- /dev/null +++ b/demos/maurice/Makefile @@ -0,0 +1,23 @@ +CC=cc +CFLAGS= -g -I../../include +LIBS= -L/usr/local/ssl/lib -L../.. -lcrypto +EXAMPLES=example1 example2 example3 example4 + +all: $(EXAMPLES) + +example1: example1.o loadkeys.o + $(CC) -o example1 example1.o loadkeys.o $(LIBS) + +example2: example2.o loadkeys.o + $(CC) -o example2 example2.o loadkeys.o $(LIBS) + +example3: example3.o + $(CC) -o example3 example3.o $(LIBS) + +example4: example4.o + $(CC) -o example4 example4.o $(LIBS) + + +clean: + rm -f $(EXAMPLES) *.o + diff --git a/demos/maurice/README b/demos/maurice/README new file mode 100644 index 0000000000000000000000000000000000000000..29778d55cbc14e43f238bb7dfb5bdb6e9946e147 --- /dev/null +++ b/demos/maurice/README @@ -0,0 +1,34 @@ +From Maurice Gittens +-- + Example programs, demonstrating some basic SSLeay crypto library + operations, to help you not to make the same mistakes I did. + + The following files are present. + - loadkeys.c Demonstrates the loading and of public and + private keys. + - loadkeys.h The interface for loadkeys.c + - example1.c Demonstrates the sealing and opening API's + - example2.c Demonstrates rsa encryption and decryption + - example3.c Demonstrates the use of symmetric block ciphers + - example4.c Demonstrates base64 and decoding + - Makefile A makefile you probably will have to adjust for + your environment + - README this file + + + The programs were written by Maurice Gittens + with the necesary help from Eric Young + + You may do as you please with these programs, but please don't + pretend that you wrote them. + + To be complete: If you use these programs you acknowlegde that + you are aware that there is NO warranty of any kind associated + with these programs. I don't even claim that the programs work, + they are provided AS-IS. + + January 1997 + + Maurice + + diff --git a/demos/maurice/cert.pem b/demos/maurice/cert.pem new file mode 100644 index 0000000000000000000000000000000000000000..e31a9ae05f9351251c1e0b40b0bbedfff96c98e6 --- /dev/null +++ b/demos/maurice/cert.pem @@ -0,0 +1,77 @@ +issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl +subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl +serial :01 + +Certificate: + Data: + Version: 0 (0x0) + Serial Number: 1 (0x1) + Signature Algorithm: md5withRSAEncryption + Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl + Validity + Not Before: Jan 5 13:21:16 1997 GMT + Not After : Jul 24 13:21:16 1997 GMT + Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Modulus: + 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b: + 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0: + 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3: + f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d: + 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52: + 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd: + 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd: + 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50: + b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26: + 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4: + d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c: + 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9: + e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44: + e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41: + 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16: + d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c: + d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9: + 20:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: md5withRSAEncryption + 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce: + 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f: + 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3: + 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb: + a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d: + 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42: + b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8: + c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2: + fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67: + 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b: + 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa: + c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68: + 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c: + a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be: + 28:ba:d8:4f + +-----BEGIN CERTIFICATE----- +MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD +VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl +bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0 +aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB +FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx +NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH +aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG +SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6 +RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB +ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm +ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S +/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB +R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC +AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j +eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2 +5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25 +uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do +fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M +A6fxn/gOjbvGundh946+KLrYTw== +-----END CERTIFICATE----- + diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c new file mode 100644 index 0000000000000000000000000000000000000000..77730d3232ef92df17130e28ce2c850fff6e5256 --- /dev/null +++ b/demos/maurice/example1.c @@ -0,0 +1,200 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens January 1997 +*/ + +#include +#include +#include +#include +#include +#include + +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +#include "loadkeys.h" + +#define PUBFILE "cert.pem" +#define PRIVFILE "privkey.pem" + +#define STDIN 0 +#define STDOUT 1 + +void main_encrypt(void); +void main_decrypt(void); + +static const char *usage = "Usage: example1 [-d]\n"; + +int main(int argc, char *argv[]) +{ + + ERR_load_crypto_strings(); + + if ((argc == 1)) + { + main_encrypt(); + } + else if ((argc == 2) && !strcmp(argv[1],"-d")) + { + main_decrypt(); + } + else + { + printf("%s",usage); + exit(1); + } + + return 0; +} + +void main_encrypt(void) +{ + unsigned int ebuflen; + EVP_CIPHER_CTX ectx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char *ekey[1]; + int readlen; + int ekeylen, net_ekeylen; + EVP_PKEY *pubKey[1]; + char buf[512]; + char ebuf[512]; + + memset(iv, '\0', sizeof(iv)); + + pubKey[0] = ReadPublicKey(PUBFILE); + + if(!pubKey) + { + fprintf(stderr,"Error: can't load public key"); + exit(1); + } + + ekey[0] = malloc(EVP_PKEY_size(pubKey[0])); + if (!ekey[0]) + { + EVP_PKEY_free(pubKey[0]); + perror("malloc"); + exit(1); + } + + EVP_SealInit(&ectx, + EVP_des_ede3_cbc(), + ekey, + &ekeylen, + iv, + pubKey, + 1); + + net_ekeylen = htonl(ekeylen); + write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen)); + write(STDOUT, ekey[0], ekeylen); + write(STDOUT, iv, sizeof(iv)); + + while(1) + { + readlen = read(STDIN, buf, sizeof(buf)); + + if (readlen <= 0) + { + if (readlen < 0) + perror("read"); + + break; + } + + EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + + write(STDOUT, ebuf, ebuflen); + } + + EVP_SealFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); + + EVP_PKEY_free(pubKey[0]); + free(ekey[0]); +} + +void main_decrypt(void) +{ + char buf[512]; + char ebuf[512]; + unsigned int buflen; + EVP_CIPHER_CTX ectx; + unsigned char iv[8]; + unsigned char *encryptKey; + unsigned int ekeylen; + EVP_PKEY *privateKey; + + memset(iv, '\0', sizeof(iv)); + + privateKey = ReadPrivateKey(PRIVFILE); + if (!privateKey) + { + fprintf(stderr, "Error: can't load private key"); + exit(1); + } + + read(STDIN, &ekeylen, sizeof(ekeylen)); + ekeylen = ntohl(ekeylen); + + if (ekeylen != EVP_PKEY_size(privateKey)) + { + EVP_PKEY_free(privateKey); + fprintf(stderr, "keylength mismatch"); + exit(1); + } + + encryptKey = malloc(sizeof(char) * ekeylen); + if (!encryptKey) + { + EVP_PKEY_free(privateKey); + perror("malloc"); + exit(1); + } + + read(STDIN, encryptKey, ekeylen); + read(STDIN, iv, sizeof(iv)); + + EVP_OpenInit(&ectx, + EVP_des_ede3_cbc(), + encryptKey, + ekeylen, + iv, + privateKey); + + while(1) + { + int readlen = read(STDIN, ebuf, sizeof(ebuf)); + + if (readlen <= 0) + { + if (readlen < 0) + perror("read"); + + break; + } + + EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen); + + write(STDOUT, buf, buflen); + } + + EVP_OpenFinal(&ectx, buf, &buflen); + + write(STDOUT, buf, buflen); + + EVP_PKEY_free(privateKey); + free(encryptKey); +} + + diff --git a/demos/maurice/example2.c b/demos/maurice/example2.c new file mode 100644 index 0000000000000000000000000000000000000000..99f7b2244091479b7ff3c50d4b109879e5df3818 --- /dev/null +++ b/demos/maurice/example2.c @@ -0,0 +1,77 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens January 1997 +*/ + +#include +#include +#include + +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +#include "loadkeys.h" + +#define PUBFILE "cert.pem" +#define PRIVFILE "privkey.pem" +#define STDIN 0 +#define STDOUT 1 + +int main() +{ + char *ct = "This the clear text"; + char *buf; + char *buf2; + EVP_PKEY *pubKey; + EVP_PKEY *privKey; + int len; + FILE *fp; + + ERR_load_crypto_strings(); + + privKey = ReadPrivateKey(PRIVFILE); + if (!privKey) + { + ERR_print_errors_fp (stderr); + exit (1); + } + + pubKey = ReadPublicKey(PUBFILE); + if(!pubKey) + { + EVP_PKEY_free(privKey); + fprintf(stderr,"Error: can't load public key"); + exit(1); + } + + /* No error checking */ + buf = malloc(EVP_PKEY_size(pubKey)); + buf2 = malloc(EVP_PKEY_size(pubKey)); + + len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING); + + if (len != EVP_PKEY_size(pubKey)) + { + fprintf(stderr,"Error: ciphertext should match length of key\n"); + exit(1); + } + + RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING); + + printf("%s\n", buf2); + + EVP_PKEY_free(privKey); + EVP_PKEY_free(pubKey); + free(buf); + free(buf2); +} + + diff --git a/demos/maurice/example3.c b/demos/maurice/example3.c new file mode 100644 index 0000000000000000000000000000000000000000..fcaff00c370b0f1ffe8f3eca9ea05e2da48b61ce --- /dev/null +++ b/demos/maurice/example3.c @@ -0,0 +1,86 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens January 1997 + +*/ + +#include +#include +#include +#include + +#define STDIN 0 +#define STDOUT 1 +#define BUFLEN 512 +#define INIT_VECTOR "12345678" +#define ENCRYPT 1 +#define DECRYPT 0 +#define ALG EVP_des_ede3_cbc() + +static const char *usage = "Usage: example3 [-d] password\n"; + +void do_cipher(char *,int); + +int main(int argc, char *argv[]) +{ + if ((argc == 2)) + { + do_cipher(argv[1],ENCRYPT); + } + else if ((argc == 3) && !strcmp(argv[1],"-d")) + { + do_cipher(argv[2],DECRYPT); + } + else + { + fprintf(stderr,"%s", usage); + exit(1); + } + + return 0; +} + +void do_cipher(char *pw, int operation) +{ + char buf[BUFLEN]; + char ebuf[BUFLEN + 8]; + unsigned int ebuflen, rc; + unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; + unsigned int ekeylen, net_ekeylen; + EVP_CIPHER_CTX ectx; + + memcpy(iv, INIT_VECTOR, sizeof(iv)); + + EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv); + + EVP_CipherInit(&ectx, ALG, key, iv, operation); + + while(1) + { + int readlen = read(STDIN, buf, sizeof(buf)); + + if (readlen <= 0) + { + if (!readlen) + break; + else + { + perror("read"); + exit(1); + } + } + + EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + + write(STDOUT, ebuf, ebuflen); + } + + EVP_CipherFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); +} + + diff --git a/demos/maurice/example4.c b/demos/maurice/example4.c new file mode 100644 index 0000000000000000000000000000000000000000..d436a20019591f4b3f01a1a45508b039825cdfb4 --- /dev/null +++ b/demos/maurice/example4.c @@ -0,0 +1,122 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens January 1997 + +*/ + +#include +#include +#include +#include + +#define STDIN 0 +#define STDOUT 1 +#define BUFLEN 512 + +static const char *usage = "Usage: example4 [-d]\n"; + +void do_encode(void); +void do_decode(void); + +int main(int argc, char *argv[]) +{ + if ((argc == 1)) + { + do_encode(); + } + else if ((argc == 2) && !strcmp(argv[1],"-d")) + { + do_decode(); + } + else + { + fprintf(stderr,"%s", usage); + exit(1); + } + + return 0; +} + +void do_encode() +{ + char buf[BUFLEN]; + char ebuf[BUFLEN+24]; + unsigned int ebuflen, rc; + EVP_ENCODE_CTX ectx; + + EVP_EncodeInit(&ectx); + + while(1) + { + int readlen = read(STDIN, buf, sizeof(buf)); + + if (readlen <= 0) + { + if (!readlen) + break; + else + { + perror("read"); + exit(1); + } + } + + EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + + write(STDOUT, ebuf, ebuflen); + } + + EVP_EncodeFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); +} + +void do_decode() +{ + char buf[BUFLEN]; + char ebuf[BUFLEN+24]; + unsigned int ebuflen, rc; + EVP_ENCODE_CTX ectx; + + EVP_DecodeInit(&ectx); + + while(1) + { + int readlen = read(STDIN, buf, sizeof(buf)); + int rc; + + if (readlen <= 0) + { + if (!readlen) + break; + else + { + perror("read"); + exit(1); + } + } + + rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + if (rc <= 0) + { + if (!rc) + { + write(STDOUT, ebuf, ebuflen); + break; + } + + fprintf(stderr, "Error: decoding message\n"); + return; + } + + write(STDOUT, ebuf, ebuflen); + } + + EVP_DecodeFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); +} + diff --git a/demos/maurice/loadkeys.c b/demos/maurice/loadkeys.c new file mode 100644 index 0000000000000000000000000000000000000000..7c89f071f353f9741b096e978ce8f0046f231563 --- /dev/null +++ b/demos/maurice/loadkeys.c @@ -0,0 +1,77 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens January 1997 + +*/ + +#include +#include +#include +#include +#include +#include + +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +EVP_PKEY * ReadPublicKey(const char *certfile) +{ + FILE *fp = fopen (certfile, "r"); + X509 *x509; + EVP_PKEY *pkey; + + if (!fp) + return NULL; + + x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, + PEM_STRING_X509, + fp, NULL, NULL); + + if (x509 == NULL) + { + ERR_print_errors_fp (stderr); + return NULL; + } + + fclose (fp); + + pkey=X509_extract_key(x509); + + X509_free(x509); + + if (pkey == NULL) + ERR_print_errors_fp (stderr); + + return pkey; +} + +EVP_PKEY *ReadPrivateKey(const char *keyfile) +{ + FILE *fp = fopen(keyfile, "r"); + EVP_PKEY *pkey; + + if (!fp) + return NULL; + + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + + fclose (fp); + + if (pkey == NULL) + ERR_print_errors_fp (stderr); + + return pkey; +} + + diff --git a/demos/maurice/loadkeys.h b/demos/maurice/loadkeys.h new file mode 100644 index 0000000000000000000000000000000000000000..e42c6f8dc416468e8c8c5ab1511496200821bb0a --- /dev/null +++ b/demos/maurice/loadkeys.h @@ -0,0 +1,19 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens January 1997 + +*/ + +#ifndef LOADKEYS_H_SEEN +#define LOADKEYS_H_SEEN + +#include "evp.h" + +EVP_PKEY * ReadPublicKey(const char *certfile); +EVP_PKEY *ReadPrivateKey(const char *keyfile); + +#endif + diff --git a/demos/maurice/privkey.pem b/demos/maurice/privkey.pem new file mode 100644 index 0000000000000000000000000000000000000000..fc3554e930a1352c99e144a2fb931d10b2b1e0f3 --- /dev/null +++ b/demos/maurice/privkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0 +zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7// +wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+ +QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp +7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq +cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g +Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh +rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb +uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll +e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor +XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl +7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS +bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW +Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y +nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA +Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK +mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE +poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5 +a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF +E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL +oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q +JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX +LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno +KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj +V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA== +-----END RSA PRIVATE KEY----- diff --git a/demos/prime/prime.c b/demos/prime/prime.c new file mode 100644 index 0000000000000000000000000000000000000000..25873731d394238c5071accd6c6b7c9ade5a26ab --- /dev/null +++ b/demos/prime/prime.c @@ -0,0 +1,100 @@ +/* demos/prime/prime.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "bn.h" + +void callback(type,num) +int type,num; + { + if (type == 0) + fprintf(stderr,"."); + else if (type == 1) + fprintf(stderr,"+"); + else if (type == 2) + fprintf(stderr,"*"); + fflush(stderr); + } + +int main(argc,argv) +int argc; +char *argv[]; + { + BIGNUM *rand; + int num=256; + + /* we should really call RAND_seed(char *bytes,int num); + * to fully initalise the random number generator */ + if (argc >= 2) + { + num=atoi(argv[1]); + if (num == 0) num=256; + } + + fprintf(stderr,"generate a strong prime\n"); + rand=BN_generate_prime(num,1,NULL,NULL,callback); + /* change the second parameter to 1 for a strong prime */ + fprintf(stderr,"\n"); + + BN_print_fp(stdout,rand); + fprintf(stdout,"\n"); + BN_free(rand); + exit(0); + return(0); + } + diff --git a/demos/privkey.pem b/demos/privkey.pem new file mode 100644 index 0000000000000000000000000000000000000000..ddae24075da9fdca0cccfa8f8fef579a42e11a87 --- /dev/null +++ b/demos/privkey.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu +4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/ +F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs +JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd +SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl +b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA +nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw= +-----END RSA PRIVATE KEY----- diff --git a/demos/selfsign.c b/demos/selfsign.c new file mode 100644 index 0000000000000000000000000000000000000000..72146fc068e576584fbf59ccbb65aec1743ff630 --- /dev/null +++ b/demos/selfsign.c @@ -0,0 +1,168 @@ +/* NOCW */ +/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */ + +#include +#include + +#include "buffer.h" +#include "crypto.h" +#include "objects.h" +#include "asn1.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); + +int main() + { + BIO *bio_err; + X509 *x509=NULL; + EVP_PKEY *pkey=NULL; + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + X509v3_add_netscape_extensions(); + + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + mkit(&x509,&pkey,512,0,365); + + RSA_print_fp(stdout,pkey->pkey.rsa,0); + X509_print_fp(stdout,x509); + + PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL); + PEM_write_X509(stdout,x509); + + X509_free(x509); + EVP_PKEY_free(pkey); + BIO_free(bio_err); + + X509_cleanup_extensions(); + + CRYPTO_mem_leaks(bio_err); + return(0); + } + +#ifdef WIN16 +# define MS_CALLBACK _far _loadds +# define MS_FAR _far +#else +# define MS_CALLBACK +# define MS_FAR +#endif + +static void MS_CALLBACK callback(p, n) +int p; +int n; + { + char c='B'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + fputc(c,stderr); + } + +int mkit(x509p,pkeyp,bits,serial,days) +X509 **x509p; +EVP_PKEY **pkeyp; +int bits; +int serial; +int days; + { + X509 *x; + EVP_PKEY *pk; + RSA *rsa; + char *s; + X509_NAME *name=NULL; + X509_NAME_ENTRY *ne=NULL; + X509_EXTENSION *ex=NULL; + ASN1_OCTET_STRING *data=NULL; + + + if ((pkeyp == NULL) || (*pkeyp == NULL)) + { + if ((pk=EVP_PKEY_new()) == NULL) + { + abort(); + return(0); + } + } + else + pk= *pkeyp; + + if ((x509p == NULL) || (*x509p == NULL)) + { + if ((x=X509_new()) == NULL) + goto err; + } + else + x= *x509p; + + rsa=RSA_generate_key(bits,RSA_F4,callback); + if (!EVP_PKEY_assign_RSA(pk,rsa)) + { + abort(); + goto err; + } + rsa=NULL; + + X509_set_version(x,3); + ASN1_INTEGER_set(X509_get_serialNumber(x),serial); + X509_gmtime_adj(X509_get_notBefore(x),0); + X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); + X509_set_pubkey(x,pk); + + name=X509_NAME_new(); + + ne=X509_NAME_ENTRY_create_by_NID(NULL,NID_countryName, + V_ASN1_APP_CHOOSE,"AU",-1); + X509_NAME_add_entry(name,ne,0,0); + + X509_NAME_ENTRY_create_by_NID(&ne,NID_commonName, + V_ASN1_APP_CHOOSE,"Eric Young",-1); + X509_NAME_add_entry(name,ne,1,0); + + /* finished with structure */ + X509_NAME_ENTRY_free(ne); + + X509_set_subject_name(x,name); + X509_set_issuer_name(x,name); + + /* finished with structure */ + X509_NAME_free(name); + + data=X509v3_pack_string(NULL,V_ASN1_BIT_STRING, + "\001",1); + ex=X509_EXTENSION_create_by_NID(NULL,NID_netscape_cert_type,0,data); + X509_add_ext(x,ex,-1); + + X509v3_pack_string(&data,V_ASN1_IA5STRING, + "example comment extension",-1); + X509_EXTENSION_create_by_NID(&ex,NID_netscape_comment,0,data); + X509_add_ext(x,ex,-1); + + X509v3_pack_string(&data,V_ASN1_BIT_STRING, + "www.cryptsoft.com",-1); + X509_EXTENSION_create_by_NID(&ex,NID_netscape_ssl_server_name,0,data); + X509_add_ext(x,ex,-1); + + X509_EXTENSION_free(ex); + ASN1_OCTET_STRING_free(data); + + if (!X509_sign(x,pk,EVP_md5())) + goto err; + + *x509p=x; + *pkeyp=pk; + return(1); +err: + return(0); + } + + + + diff --git a/demos/sign/cert.pem b/demos/sign/cert.pem new file mode 100644 index 0000000000000000000000000000000000000000..9d7ac238d86bedb5898ce9ed2dd05ac5b2fb1d01 --- /dev/null +++ b/demos/sign/cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv +bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy +dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X +DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw +EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l +dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT +EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw +L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN +BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX +9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4= +-----END CERTIFICATE----- diff --git a/demos/sign/key.pem b/demos/sign/key.pem new file mode 100644 index 0000000000000000000000000000000000000000..239ad66f9903866209dad98926665ea883d00612 --- /dev/null +++ b/demos/sign/key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ +2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF +oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr +8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc +a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7 +WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA +6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg= +-----END RSA PRIVATE KEY----- diff --git a/demos/sign/sig.txt b/demos/sign/sig.txt new file mode 100644 index 0000000000000000000000000000000000000000..5613c0ee77ba4d7f6a3f8c4a3c9ae2017912ad5f --- /dev/null +++ b/demos/sign/sig.txt @@ -0,0 +1,158 @@ +From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996 +Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782 + (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000 +Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST) +Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for ; Mon, 30 Sep 1996 11:44:51 +1000 (EST) +Received: by minbne.mincom.oz.au id AA22230 + (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000 +Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for ; Mon, 30 Sep 1996 11:40:07 +1000 +Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100 +Date: Mon, 30 Sep 1996 01:37:40 +0100 +Message-Id: <199609300037.BAA08729@brutus.neuronio.pt> +From: Sampo Kellomaki +To: ssl-users@mincom.com +Cc: sampo@brutus.neuronio.pt +Subject: Signing with envelope routines +Sender: ssl-lists-owner@mincom.com +Precedence: bulk +Status: RO +X-Status: D + + +I have been trying to figure out how to produce signatures with EVP_ +routines. I seem to be able to read in private key and sign some +data ok, but I can't figure out how I am supposed to read in +public key so that I could verify my signature. I use self signed +certificate. + +I figured I should use + EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY, + fp, NULL, NULL); +to read in private key and this seems to work Ok. + +However when I try analogous + EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509, + fp, NULL, NULL); +the program fails with + +error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93 +error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232 + +I figured that the second argument to PEM_ASN1_read should match the +name in my PEM encoded object, hence PEM_STRING_X509. +PEM_STRING_EVP_PKEY seems to be somehow magical +because it matches whatever private key there happens to be. I could +not find a similar constant to use with getting the certificate, however. + +Is my approach of using PEM_ASN1_read correct? What should I pass in +as name? Can I use normal (or even self signed) X509 certificate for +verifying the signature? + +When will SSLeay documentation be written ;-)? If I would contribute +comments to the code, would Eric take time to review them and include +them in distribution? + +I'm using SSLeay-0.6.4. My program is included below along with the +key and cert that I use. + +--Sampo + +----------------------------------- +/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data + 29.9.1996, Sampo Kellomaki */ + +#include +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +void main () +{ + int err; + int sig_len; + unsigned char sig_buf [4096]; + const char certfile[] = "plain-cert.pem"; + const char keyfile[] = "plain-key.pem"; + const char data[] = "I owe you..."; + EVP_MD_CTX md_ctx; + EVP_PKEY* pkey; + FILE* fp; + + SSL_load_error_strings(); + + /* Read private key */ + + fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Do the signature */ + + EVP_SignInit (&md_ctx, EVP_md5()); + EVP_SignUpdate (&md_ctx, data, strlen(data)); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal (&md_ctx, + sig_buf, + &sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + + /* Read public key */ + + fp = fopen (certfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey, + PEM_STRING_X509, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Verify the signature */ + + EVP_VerifyInit (&md_ctx, EVP_md5()); + EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); + err = EVP_VerifyFinal (&md_ctx, + sig_buf, + sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + printf ("Signature Verified Ok.\n"); +} +/* EOF */ +--------------- plain-cert.pem ----------------- +-----BEGIN CERTIFICATE----- +MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv +bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy +dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X +DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw +EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l +dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT +EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw +L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN +BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX +9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4= +-----END CERTIFICATE----- +---------------- plain-key.pem ----------------- +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ +2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF +oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr +8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc +a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7 +WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA +6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg= +-----END RSA PRIVATE KEY----- +------------------------------------------------ + diff --git a/demos/sign/sign.c b/demos/sign/sign.c new file mode 100644 index 0000000000000000000000000000000000000000..280cc633aced75fda439a3f8af6375fb5b3e9db2 --- /dev/null +++ b/demos/sign/sign.c @@ -0,0 +1,137 @@ +/* demos/sign/sign.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data + 29.9.1996, Sampo Kellomaki */ + +/* converted to C - eay :-) */ + +#include +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +void main () +{ + int err; + int sig_len; + unsigned char sig_buf [4096]; + static char certfile[] = "cert.pem"; + static char keyfile[] = "key.pem"; + static char data[] = "I owe you..."; + EVP_MD_CTX md_ctx; + EVP_PKEY * pkey; + FILE * fp; + X509 * x509; + + /* Just load the crypto library error strings, + * SSL_load_error_strings() loads the crypto AND the SSL ones */ + /* SSL_load_error_strings();*/ + ERR_load_crypto_strings(); + + /* Read private key */ + + fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Do the signature */ + + EVP_SignInit (&md_ctx, EVP_md5()); + EVP_SignUpdate (&md_ctx, data, strlen(data)); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal (&md_ctx, + sig_buf, + &sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + + /* Read public key */ + + fp = fopen (certfile, "r"); if (fp == NULL) exit (1); + x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, + PEM_STRING_X509, + fp, NULL, NULL); + if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Get public key - eay */ + pkey=X509_extract_key(x509); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + + /* Verify the signature */ + + EVP_VerifyInit (&md_ctx, EVP_md5()); + EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); + err = EVP_VerifyFinal (&md_ctx, + sig_buf, + sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + printf ("Signature Verified Ok.\n"); +} diff --git a/demos/sign/sign.txt b/demos/sign/sign.txt new file mode 100644 index 0000000000000000000000000000000000000000..2aa2b46cc36e63b6fe185b2512adda87205f3956 --- /dev/null +++ b/demos/sign/sign.txt @@ -0,0 +1,170 @@ +From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996 +Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802 + (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000 +Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST) +Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for ; Mon, 30 Sep 1996 12:43:39 +1000 (EST) +Received: by orb.mincom.oz.au id AA12688 + (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000 +Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST) +From: Eric Young +X-Sender: eay@orb +To: Sampo Kellomaki +Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt +Subject: Re: Signing with envelope routines +In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt> +Message-Id: +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Sender: ssl-lists-owner@mincom.com +Precedence: bulk +Status: O +X-Status: + + +On Mon, 30 Sep 1996, Sampo Kellomaki wrote: +> I have been trying to figure out how to produce signatures with EVP_ +> routines. I seem to be able to read in private key and sign some +> data ok, but I can't figure out how I am supposed to read in +> public key so that I could verify my signature. I use self signed +> certificate. + +hmm... a rather poorly documented are of the library at this point in time. + +> I figured I should use +> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY, +> fp, NULL, NULL); +> to read in private key and this seems to work Ok. +> +> However when I try analogous +> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509, +> fp, NULL, NULL); + +What you should do is + X509 *x509=PEM_read_X509(fp,NULL,NULL); + /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp, + * NULL,NULL); */ +Then + EVP_PKEY *pkey=X509_extract_key(x509); + +There is also a X509_REQ_extract_key(req); +which gets the public key from a certificate request. + +I re-worked quite a bit of this when I cleaned up the dependancy on +RSA as the private key. + +> I figured that the second argument to PEM_ASN1_read should match the +> name in my PEM encoded object, hence PEM_STRING_X509. +> PEM_STRING_EVP_PKEY seems to be somehow magical +> because it matches whatever private key there happens to be. I could +> not find a similar constant to use with getting the certificate, however. + +:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a +standard such as PKCS#8 to store the private key so that the type is +encoded in the asn.1 encoding of the object. + +> Is my approach of using PEM_ASN1_read correct? What should I pass in +> as name? Can I use normal (or even self signed) X509 certificate for +> verifying the signature? + +The actual public key is kept in the certificate, so basically you have +to load the certificate and then 'unpack' the public key from the +certificate. + +> When will SSLeay documentation be written ;-)? If I would contribute +> comments to the code, would Eric take time to review them and include +> them in distribution? + +:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list +but what I really need to do is do quite a few 'this is how you do xyz' +type documents. I suppose the current method is to post to ssl-users and +I'll respond :-). + +I'll add a 'demo' directory for the next release, I've appended a +modified version of your program that works, you were very close :-). + +eric + +/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data + 29.9.1996, Sampo Kellomaki */ + +/* converted to C - eay :-) */ + +#include +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +void main () +{ + int err; + int sig_len; + unsigned char sig_buf [4096]; + static char certfile[] = "plain-cert.pem"; + static char keyfile[] = "plain-key.pem"; + static char data[] = "I owe you..."; + EVP_MD_CTX md_ctx; + EVP_PKEY * pkey; + FILE * fp; + X509 * x509; + + /* Just load the crypto library error strings, + * SSL_load_error_strings() loads the crypto AND the SSL ones */ + /* SSL_load_error_strings();*/ + ERR_load_crypto_strings(); + + /* Read private key */ + + fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Do the signature */ + + EVP_SignInit (&md_ctx, EVP_md5()); + EVP_SignUpdate (&md_ctx, data, strlen(data)); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal (&md_ctx, + sig_buf, + &sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + + /* Read public key */ + + fp = fopen (certfile, "r"); if (fp == NULL) exit (1); + x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, + PEM_STRING_X509, + fp, NULL, NULL); + if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Get public key - eay */ + pkey=X509_extract_key(x509); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + + /* Verify the signature */ + + EVP_VerifyInit (&md_ctx, EVP_md5()); + EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); + err = EVP_VerifyFinal (&md_ctx, + sig_buf, + sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + printf ("Signature Verified Ok.\n"); +} + + + + + diff --git a/demos/spkigen.c b/demos/spkigen.c new file mode 100644 index 0000000000000000000000000000000000000000..01fe6254f22622cee3a24d433b17cf6c6698da22 --- /dev/null +++ b/demos/spkigen.c @@ -0,0 +1,160 @@ +/* NOCW */ +/* demos/spkigen.c + * 18-Mar-1997 - eay - A quick hack :-) + * version 1.1, it would probably help to save or load the + * private key :-) + */ +#include +#include +#include "err.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +/* The following two don't exist in SSLeay but they are in here as + * examples */ +#define PEM_write_SPKI(fp,x) \ + PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\ + (char *)x,NULL,NULL,0,NULL) +int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +/* These are defined in the next version of SSLeay */ +int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key); +#define RSA_F4 0x10001 +#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) + +int main(argc,argv) +int argc; +char *argv[]; + { + RSA *rsa=NULL; + NETSCAPE_SPKI *spki=NULL; + EVP_PKEY *pkey=NULL; + char buf[128]; + int ok=0,i; + FILE *fp; + + pkey=EVP_PKEY_new(); + + if (argc < 2) + { + /* Generate an RSA key, the random state should have been seeded + * with lots of calls to RAND_seed(....) */ + fprintf(stderr,"generating RSA key, could take some time...\n"); + if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err; + } + else + { + if ((fp=fopen(argv[1],"r")) == NULL) + { perror(argv[1]); goto err; } + if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL) + goto err; + fclose(fp); + } + + if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err; + rsa=NULL; + + /* lets make the spki and set the public key and challenge */ + if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err; + + if (!SPKI_set_pubkey(spki,pkey)) goto err; + + fprintf(stderr,"please enter challenge string:"); + fflush(stderr); + fgets(buf,120,stdin); + i=strlen(buf); + if (i > 0) buf[--i]='\0'; + if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, + buf,i)) goto err; + + if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err; + PEM_write_SPKI(stdout,spki); + if (argc < 2) + PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL); + + ok=1; +err: + if (!ok) + { + fprintf(stderr,"something bad happened...."); + ERR_print_errors_fp(stderr); + } + NETSCAPE_SPKI_free(spki); + EVP_PKEY_free(pkey); + exit(!ok); + } + +/* This function is in the next version of SSLeay */ +int EVP_PKEY_assign(pkey,type,key) +EVP_PKEY *pkey; +int type; +char *key; + { + if (pkey == NULL) return(0); + if (pkey->pkey.ptr != NULL) + { + if (pkey->type == EVP_PKEY_RSA) + RSA_free(pkey->pkey.rsa); + /* else memory leak */ + } + pkey->type=type; + pkey->pkey.ptr=key; + return(1); + } + +/* While I have a + * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does + * not currently exist so here is a version of it. + * The next SSLeay release will probably have + * X509_set_pubkey(), + * X509_REQ_set_pubkey() and + * NETSCAPE_SPKI_set_pubkey() + * as macros calling the same function */ +int SPKI_set_pubkey(x,pkey) +NETSCAPE_SPKI *x; +EVP_PKEY *pkey; + { + int ok=0; + X509_PUBKEY *pk; + X509_ALGOR *a; + ASN1_OBJECT *o; + unsigned char *s,*p; + int i; + + if (x == NULL) return(0); + + if ((pk=X509_PUBKEY_new()) == NULL) goto err; + a=pk->algor; + + /* set the algorithm id */ + if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; + ASN1_OBJECT_free(a->algorithm); + a->algorithm=o; + + /* Set the parameter list */ + if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) + { + ASN1_TYPE_free(a->parameter); + a->parameter=ASN1_TYPE_new(); + a->parameter->type=V_ASN1_NULL; + } + i=i2d_PublicKey(pkey,NULL); + if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err; + p=s; + i2d_PublicKey(pkey,&p); + if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; + free(s); + + X509_PUBKEY_free(x->spkac->pubkey); + x->spkac->pubkey=pk; + pk=NULL; + ok=1; +err: + if (pk != NULL) X509_PUBKEY_free(pk); + return(ok); + } + diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f52a9c025bb4f8cc8e6dfd05bfa42a35f825d98e --- /dev/null +++ b/demos/ssl/cli.cpp @@ -0,0 +1,102 @@ +/* cli.cpp - Minimal ssleay client for Unix + 30.9.1996, Sampo Kellomaki */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int sd; + struct sockaddr_in sa; + SSL_CTX* ctx; + SSL* ssl; + X509* server_cert; + char* str; + char buf [4096]; + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + /* ----------------------------------------------- */ + /* Create a socket and connect to server using normal socket calls. */ + + sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); + + memset (&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */ + sa.sin_port = htons (1111); /* Server Port number */ + + err = connect(sd, (struct sockaddr*) &sa, + sizeof(sa)); CHK_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* Now we have TCP conncetion. Start SSL negotiation. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_connect (ssl); CHK_SSL(err); + + /* Following two steps are optional and not required for + data exchange to be successful. */ + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get server's certificate (note: beware of dynamic allocation) - opt */ + + server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); + printf ("Server certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (server_cert)); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (server_cert)); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (server_cert); + + /* --------------------------------------------------- */ + /* DATA EXCHANGE - Send a message and receive a reply. */ + + err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err); + + shutdown (sd, 1); /* Half close, send EOF to server. */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - cli.cpp */ diff --git a/demos/ssl/inetdsrv.cpp b/demos/ssl/inetdsrv.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b09c8b6e0bb90ab46c1847de9bf5513ed1f1021d --- /dev/null +++ b/demos/ssl/inetdsrv.cpp @@ -0,0 +1,98 @@ +/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf + * 30.9.1996, Sampo Kellomaki + * From /etc/inetd.conf: + * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv + */ + +#include +#include + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define HOME "/usr/users/sampo/demo/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) \ + { fprintf(log, "%s %d\n", (s), errno); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); } + +void main () +{ + int err; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + FILE* log; + + log = fopen ("/dev/console", "a"); CHK_NULL(log); + fprintf (log, "inetdserv %ld\n", (long)getpid()); + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + /* inetd has already opened the TCP connection, so we can get right + down to business. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, fileno(stdin)); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + fprintf (log, "Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + fprintf (log, "Client doe not have certificate.\n"); + + /* ------------------------------------------------- */ + /* DATA EXCHANGE: Receive message and send reply */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + fprintf (log, "Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear.")); + CHK_SSL(err); + + /* Clean up. */ + + fclose (log); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - inetdserv.cpp */ diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8681f2f22bff88f2cbd20ebb9daa35940c2b8b0a --- /dev/null +++ b/demos/ssl/serv.cpp @@ -0,0 +1,126 @@ +/* serv.cpp - Minimal ssleay server for Unix + 30.9.1996, Sampo Kellomaki */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define HOME "/usr/users/sampo/sibs/tim/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int listen_sd; + int sd; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + int client_len; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + + /* SSL preliminaries. We keep the certificate and key with the context. */ + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL(err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL(err); + + /* ----------------------------------------------- */ + /* Prepare TCP socket for receiving connections */ + + listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (1111); /* Server Port number */ + + err = bind(listen_sd, (struct sockaddr*) &sa_serv, + sizeof (sa_serv)); CHK_ERR(err, "bind"); + + /* Receive a TCP connection. */ + + err = listen (listen_sd, 5); CHK_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); + CHK_ERR(sd, "accept"); + close (listen_sd); + + printf ("Connection from %lx, port %x\n", + sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. Do server side SSL. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + printf ("Client does not have certificate.\n"); + + /* DATA EXCHANGE - Receive message and send reply. */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err); + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - serv.cpp */ diff --git a/doc/API.doc b/doc/API.doc new file mode 100644 index 0000000000000000000000000000000000000000..fe2820259a3eec59dd577eab40f44543bdbf26fd --- /dev/null +++ b/doc/API.doc @@ -0,0 +1,24 @@ +SSL - SSLv2/v3/v23 etc. + +BIO - methods and how they plug together + +MEM - memory allocation callback + +CRYPTO - locking for threads + +EVP - Ciphers/Digests/signatures + +RSA - methods + +X509 - certificate retrieval + +X509 - validation + +X509 - X509v3 extensions + +Objects - adding object identifiers + +ASN.1 - parsing + +PEM - parsing + diff --git a/doc/a_verify.doc b/doc/a_verify.doc new file mode 100644 index 0000000000000000000000000000000000000000..06eec17c2b87dd425eaa44a0937d78e6b0463764 --- /dev/null +++ b/doc/a_verify.doc @@ -0,0 +1,85 @@ +From eay@mincom.com Fri Oct 4 18:29:06 1996 +Received: by orb.mincom.oz.au id AA29080 + (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000 +Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST) +From: Eric Young +X-Sender: eay@orb +To: wplatzer +Cc: Eric Young , SSL Mailing List +Subject: Re: Netscape's Public Key +In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at> +Message-Id: +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Status: RO +X-Status: + +On Thu, 3 Oct 1996, wplatzer wrote: +> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything +> with it... It looks like (asn1parse): +> +> 0:d=0 hl=3 l=180 cons: SEQUENCE +> 3:d=1 hl=2 l= 96 cons: SEQUENCE +> 5:d=2 hl=2 l= 92 cons: SEQUENCE +> 7:d=3 hl=2 l= 13 cons: SEQUENCE +> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption +> 20:d=4 hl=2 l= 0 prim: NULL +> 22:d=3 hl=2 l= 75 prim: BIT STRING +> 99:d=2 hl=2 l= 0 prim: IA5STRING : +> 101:d=1 hl=2 l= 13 cons: SEQUENCE +> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption +> 114:d=2 hl=2 l= 0 prim: NULL +> 116:d=1 hl=2 l= 65 prim: BIT STRING +> +> The first BIT STRING is the public key and the second BIT STRING is +> the signature. +> But a public key consists of the public exponent and the modulus. Are +> both numbers in the first BIT STRING? +> Is there a document simply describing this coding stuff (checking +> signature, get the public key, etc.)? + +Minimal in SSLeay. If you want to see what the modulus and exponent are, +try asn1parse -offset 25 -length 75 next_bio list. + + + +Extra commands are normally implemented as macros calling BIO_ctrl(). +- BIO_number_read(BIO *bio) - the number of bytes processed + by BIO_read(bio,.). +- BIO_number_written(BIO *bio) - the number of bytes written + by BIO_write(bio,.). +- BIO_reset(BIO *bio) - 'reset' the BIO. +- BIO_eof(BIO *bio) - non zero if we are at the current end + of input. +- BIO_set_close(BIO *bio, int close_flag) - set the close flag. +- BIO_get_close(BIO *bio) - return the close flag. + BIO_pending(BIO *bio) - return the number of bytes waiting + to be read (normally buffered internally). +- BIO_flush(BIO *bio) - output any data waiting to be output. +- BIO_should_retry(BIO *io) - after a BIO_read/BIO_write + operation returns 0 or -1, a call to this function will + return non zero if you should retry the call later (this + is for non-blocking IO). +- BIO_should_read(BIO *io) - we should retry when data can + be read. +- BIO_should_write(BIO *io) - we should retry when data can + be written. +- BIO_method_name(BIO *io) - return a string for the method name. +- BIO_method_type(BIO *io) - return the unique ID of the BIO method. +- BIO_set_callback(BIO *io, long (*callback)(BIO *io, int + cmd, char *argp, int argi, long argl, long ret); - sets + the debug callback. +- BIO_get_callback(BIO *io) - return the assigned function + as mentioned above. +- BIO_set_callback_arg(BIO *io, char *arg) - assign some + data against the BIO. This is normally used by the debug + callback but could in reality be used for anything. To + get an idea of how all this works, have a look at the code + in the default debug callback mentioned above. The + callback can modify the return values. + +Details of the BIO_METHOD structure. +typedef struct bio_method_st + { + int type; + char *name; + int (*bwrite)(); + int (*bread)(); + int (*bputs)(); + int (*bgets)(); + long (*ctrl)(); + int (*create)(); + int (*destroy)(); + } BIO_METHOD; + +The 'type' is the numeric type of the BIO, these are listed in buffer.h; +'Name' is a textual representation of the BIO 'type'. +The 7 function pointers point to the respective function +methods, some of which can be NULL if not implemented. +The BIO structure +typedef struct bio_st + { + BIO_METHOD *method; + long (*callback)(BIO * bio, int mode, char *argp, int + argi, long argl, long ret); + char *cb_arg; /* first argument for the callback */ + int init; + int shutdown; + int flags; /* extra storage */ + int num; + char *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + int references; + unsigned long num_read; + unsigned long num_write; + } BIO; + +- 'Method' is the BIO method. +- 'callback', when configured, is called before and after + each BIO method is called for that particular BIO. This + is intended primarily for debugging and of informational feedback. +- 'init' is 0 when the BIO can be used for operation. + Often, after a BIO is created, a number of operations may + need to be performed before it is available for use. An + example is for BIO_s_sock(). A socket needs to be + assigned to the BIO before it can be used. +- 'shutdown', this flag indicates if the underlying + comunication primative being used should be closed/freed + when the BIO is closed. +- 'flags' is used to hold extra state. It is primarily used + to hold information about why a non-blocking operation + failed and to record startup protocol information for the + SSL BIO. +- 'num' and 'ptr' are used to hold instance specific state + like file descriptors or local data structures. +- 'next_bio' is used by filter BIOs to hold the pointer of the + next BIO in the chain. written data is sent to this BIO and + data read is taken from it. +- 'references' is used to indicate the number of pointers to + this structure. This needs to be '1' before a call to + BIO_free() is made if the BIO_free() function is to + actually free() the structure, otherwise the reference + count is just decreased. The actual BIO subsystem does + not really use this functionality but it is useful when + used in more advanced applicaion. +- num_read and num_write are the total number of bytes + read/written via the 'read()' and 'write()' methods. + +BIO_ctrl operations. +The following is the list of standard commands passed as the +second parameter to BIO_ctrl() and should be supported by +all BIO as best as possible. Some are optional, some are +manditory, in any case, where is makes sense, a filter BIO +should pass such requests to underlying BIO's. +- BIO_CTRL_RESET - Reset the BIO back to an initial state. +- BIO_CTRL_EOF - return 0 if we are not at the end of input, + non 0 if we are. +- BIO_CTRL_INFO - BIO specific special command, normal + information return. +- BIO_CTRL_SET - set IO specific parameter. +- BIO_CTRL_GET - get IO specific parameter. +- BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one + of BIO_CLOSE or BIO_NOCLOSE. +- BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag. +- BIO_CTRL_PENDING - Return the number of bytes available + for instant reading +- BIO_CTRL_FLUSH - Output pending data, return number of bytes output. +- BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) + should we 'retry' when IO is possible on the underlying IO object. +- BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on. + +The following command is a special BIO_s_file() specific option. +- BIO_CTRL_SET_FILENAME - specify a file to open for IO. + +The BIO_CTRL_RETRY_TYPE needs a little more explanation. +When performing non-blocking IO, or say reading on a memory +BIO, when no data is present (or cannot be written), +BIO_read() and/or BIO_write() will return -1. +BIO_should_retry(bio) will return true if this is due to an +IO condition rather than an actual error. In the case of +BIO_s_mem(), a read when there is no data will return -1 and +a should retry when there is more 'read' data. +The retry type is deduced from 2 macros +BIO_should_read(bio) and BIO_should_write(bio). +Now while it may appear obvious that a BIO_read() failure +should indicate that a retry should be performed when more +read data is available, this is often not true when using +things like an SSL BIO. During the SSL protocol startup +multiple reads and writes are performed, triggered by any +SSL_read or SSL_write. +So to write code that will transparently handle either a +socket or SSL BIO, + i=BIO_read(bio,..) + if (I == -1) + { + if (BIO_should_retry(bio)) + { + if (BIO_should_read(bio)) + { + /* call us again when BIO can be read */ + } + if (BIO_should_write(bio)) + { + /* call us again when BIO can be written */ + } + } + } + +At this point in time only read and write conditions can be +used but in the future I can see the situation for other +conditions, specifically with SSL there could be a condition +of a X509 certificate lookup taking place and so the non- +blocking BIO_read would require a retry when the certificate +lookup subsystem has finished it's lookup. This is all +makes more sense and is easy to use in a event loop type +setup. +When using the SSL BIO, either SSL_read() or SSL_write()s +can be called during the protocol startup and things will +still work correctly. +The nice aspect of the use of the BIO_should_retry() macro +is that all the errno codes that indicate a non-fatal error +are encapsulated in one place. The Windows specific error +codes and WSAGetLastError() calls are also hidden from the +application. + +Notes on each BIO method. +Normally buffer.h is just required but depending on the +BIO_METHOD, ssl.h or evp.h will also be required. + +BIO_METHOD *BIO_s_mem(void); +- BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - + set the underlying BUF_MEM structure for the BIO to use. +- BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, + set it to point to the memory array and return the number + of bytes available. +A read/write BIO. Any data written is appended to the +memory array and any read is read from the front. This BIO +can be used for read/write at the same time. BIO_gets() is +supported in the fgets() sense. +BIO_CTRL_INFO can be used to retrieve pointers to the memory +buffer and it's length. + +BIO_METHOD *BIO_s_file(void); +- BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use. +- BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use. +- BIO_read_filename(BIO *bio, char *name) - read from file. +- BIO_write_filename(BIO *bio, char *name) - write to file. +- BIO_append_filename(BIO *bio, char *name) - append to file. +This BIO sits over the normal system fread()/fgets() type +functions. Gets() is supported. This BIO in theory could be +used for read and write but it is best to think of each BIO +of this type as either a read or a write BIO, not both. + +BIO_METHOD *BIO_s_socket(void); +BIO_METHOD *BIO_s_fd(void); +- BIO_sock_should_retry(int i) - the underlying function + used to determine if a call should be retried; the + argument is the '0' or '-1' returned by the previous BIO + operation. +- BIO_fd_should_retry(int i) - same as the +- BIO_sock_should_retry() except that it is different internally. +- BIO_set_fd(BIO *bio, int fd, int close_flag) - set the + file descriptor to use +- BIO_get_fd(BIO *bio, int *fd) - get the file descriptor. +These two methods are very similar. Gets() is not +supported, if you want this functionality, put a +BIO_f_buffer() onto it. This BIO is bi-directional if the +underlying file descriptor is. This is normally the case +for sockets but not the case for stdio descriptors. + +BIO_METHOD *BIO_s_null(void); +Read and write as much data as you like, it all disappears +into this BIO. + +BIO_METHOD *BIO_f_buffer(void); +- BIO_get_buffer_num_lines(BIO *bio) - return the number of + complete lines in the buffer. +- BIO_set_buffer_size(BIO *bio, long size) - set the size of + the buffers. +This type performs input and output buffering. It performs +both at the same time. The size of the buffer can be set +via the set buffer size option. Data buffered for output is +only written when the buffer fills. + +BIO_METHOD *BIO_f_ssl(void); +- BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL + structure to use. +- BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure + in use. +The SSL bio is a little different from normal BIOs because +the underlying SSL structure is a little different. A SSL +structure performs IO via a read and write BIO. These can +be different and are normally set via the +SSL_set_rbio()/SSL_set_wbio() calls. The SSL_set_fd() calls +are just wrappers that create socket BIOs and then call +SSL_set_bio() where the read and write BIOs are the same. +The BIO_push() operation makes the SSLs IO BIOs the same, so +make sure the BIO pushed is capable of two directional +traffic. If it is not, you will have to install the BIOs +via the more conventional SSL_set_bio() call. BIO_pop() will retrieve +the 'SSL read' BIO. + +BIO_METHOD *BIO_f_md(void); +- BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest + to use. +- BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest + method in use in mdp, return 0 if not set yet. +- BIO_reset() reinitializes the digest (EVP_DigestInit()) + and passes the reset to the underlying BIOs. +All data read or written via BIO_read() or BIO_write() to +this BIO will be added to the calculated digest. This +implies that this BIO is only one directional. If read and +write operations are performed, two separate BIO_f_md() BIOs +are reuqired to generate digests on both the input and the +output. BIO_gets(BIO *bio, char *md, int size) will place the +generated digest into 'md' and return the number of bytes. +The EVP_MAX_MD_SIZE should probably be used to size the 'md' +array. Reading the digest will also reset it. + +BIO_METHOD *BIO_f_cipher(void); +- BIO_reset() reinitializes the cipher. +- BIO_flush() should be called when the last bytes have been + output to flush the final block of block ciphers. +- BIO_get_cipher_status(BIO *b), when called after the last + read from a cipher BIO, returns non-zero if the data + decrypted correctly, otherwise, 0. +- BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, + unsigned char *iv, int encrypt) This function is used to + setup a cipher BIO. The length of key and iv are + specified by the choice of EVP_CIPHER. Encrypt is 1 to + encrypt and 0 to decrypt. + +BIO_METHOD *BIO_f_base64(void); +- BIO_flush() should be called when the last bytes have been output. +This BIO base64 encodes when writing and base64 decodes when +reading. It will scan the input until a suitable begin line +is found. After reading data, BIO_reset() will reset the +BIO to start scanning again. Do not mix reading and writing +on the same base64 BIO. It is meant as a single stream BIO. + +Directions type +both BIO_s_mem() +one/both BIO_s_file() +both BIO_s_fd() +both BIO_s_socket() +both BIO_s_null() +both BIO_f_buffer() +one BIO_f_md() +one BIO_f_cipher() +one BIO_f_base64() +both BIO_f_ssl() + +It is easy to mix one and two directional BIOs, all one has +to do is to keep two separate BIO pointers for reading and +writing and be careful about usage of underlying BIOs. The +SSL bio by it's very nature has to be two directional but +the BIO_push() command will push the one BIO into the SSL +BIO for both reading and writing. + +The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c. + diff --git a/doc/blowfish.doc b/doc/blowfish.doc new file mode 100644 index 0000000000000000000000000000000000000000..3a7291f371c042f4247f97d9240de0fb02884f62 --- /dev/null +++ b/doc/blowfish.doc @@ -0,0 +1,149 @@ +The Blowfish library. + +Blowfish is a block cipher that operates on 64bit (8 byte) quantities. It +uses variable size key, but 128bit (16 byte) key would normally be considered +good. It can be used in all the modes that DES can be used. This +library implements the ecb, cbc, cfb64, ofb64 modes. + +Blowfish is quite a bit faster that DES, and much faster than IDEA or +RC2. It is one of the faster block ciphers. + +For all calls that have an 'input' and 'output' variables, they can be the +same. + +This library requires the inclusion of 'blowfish.h'. + +All of the encryption functions take what is called an BF_KEY as an +argument. An BF_KEY is an expanded form of the Blowfish key. +For all modes of the Blowfish algorithm, the BF_KEY used for +decryption is the same one that was used for encryption. + +The define BF_ENCRYPT is passed to specify encryption for the functions +that require an encryption/decryption flag. BF_DECRYPT is passed to +specify decryption. + +Please note that any of the encryption modes specified in my DES library +could be used with Blowfish. I have only implemented ecb, cbc, cfb64 and +ofb64 for the following reasons. +- ecb is the basic Blowfish encryption. +- cbc is the normal 'chaining' form for block ciphers. +- cfb64 can be used to encrypt single characters, therefore input and output + do not need to be a multiple of 8. +- ofb64 is similar to cfb64 but is more like a stream cipher, not as + secure (not cipher feedback) but it does not have an encrypt/decrypt mode. +- If you want triple Blowfish, thats 384 bits of key and you must be totally + obsessed with security. Still, if you want it, it is simple enough to + copy the function from the DES library and change the des_encrypt to + BF_encrypt; an exercise left for the paranoid reader :-). + +The functions are as follows: + +void BF_set_key( +BF_KEY *ks; +int len; +unsigned char *key; + BF_set_key converts an 'len' byte key into a BF_KEY. + A 'ks' is an expanded form of the 'key' which is used to + perform actual encryption. It can be regenerated from the Blowfish key + so it only needs to be kept when encryption or decryption is about + to occur. Don't save or pass around BF_KEY's since they + are CPU architecture dependent, 'key's are not. Blowfish is an + interesting cipher in that it can be used with a variable length + key. 'len' is the length of 'key' to be used as the key. + A 'len' of 16 is recomended by me, but blowfish can use upto + 72 bytes. As a warning, blowfish has a very very slow set_key + function, it actually runs BF_encrypt 521 times. + +void BF_encrypt( +unsigned long *data, +BF_KEY *key, +int encrypt); + This is the Blowfish encryption function that gets called by just about + every other Blowfish routine in the library. You should not use this + function except to implement 'modes' of Blowfish. + I say this because the + functions that call this routine do the conversion from 'char *' to + long, and this needs to be done to make sure 'non-aligned' memory + access do not occur. + Data is a pointer to 2 unsigned long's and key is the + BF_KEY to use. Encryption or decryption is indicated by 'encrypt'. + which can have the values BF_ENCRYPT or BF_DECRYPT. + +void BF_ecb_encrypt( +unsigned char *in, +unsigned char *out, +BF_KEY *key, +int encrypt); + This is the basic Electronic Code Book form of Blowfish (in DES this + mode is called Electronic Code Book so I'm going to use the term + for blowfish as well. + Input is encrypted into output using the key represented by + key. Depending on the encrypt, encryption or + decryption occurs. Input is 8 bytes long and output is 8 bytes. + +void BF_cbc_encrypt( +unsigned char *in, +unsigned char *out, +long length, +BF_KEY *ks, +unsigned char *ivec, +int encrypt); + This routine implements Blowfish in Cipher Block Chaining mode. + Input, which should be a multiple of 8 bytes is encrypted + (or decrypted) to output which will also be a multiple of 8 bytes. + The number of bytes is in length (and from what I've said above, + should be a multiple of 8). If length is not a multiple of 8, bad + things will probably happen. ivec is the initialisation vector. + This function updates iv after each call so that it can be passed to + the next call to BF_cbc_encrypt(). + +void BF_cfb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +BF_KEY *schedule, +unsigned char *ivec, +int *num, +int encrypt); + This is one of the more useful functions in this Blowfish library, it + implements CFB mode of Blowfish with 64bit feedback. + This allows you to encrypt an arbitrary number of bytes, + you do not require 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. Num contains 'how far' we are though ivec. + 'Encrypt' is used to indicate encryption or decryption. + CFB64 mode operates by using the cipher to generate a stream + of bytes which is used to encrypt the plain text. + The cipher text is then encrypted to generate the next 64 bits to + be xored (incrementally) with the next 64 bits of plain + text. As can be seen from this, to encrypt or decrypt, + the same 'cipher stream' needs to be generated but the way the next + block of data is gathered for encryption is different for + encryption and decryption. + +void BF_ofb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +BF_KEY *schedule, +unsigned char *ivec, +int *num); + This functions implements OFB mode of Blowfish with 64bit feedback. + This allows you to encrypt an arbitrary number of bytes, + you do not require 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. Num contains 'how far' we are though ivec. + This is in effect a stream cipher, there is no encryption or + decryption mode. + +For reading passwords, I suggest using des_read_pw_string() from my DES library. +To generate a password from a text string, I suggest using MD5 (or MD2) to +produce a 16 byte message digest that can then be passed directly to +BF_set_key(). + +===== +For more information about the specific Blowfish modes in this library +(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the +documentation on my DES library. What is said about DES is directly +applicable for Blowfish. + diff --git a/doc/bn.doc b/doc/bn.doc new file mode 100644 index 0000000000000000000000000000000000000000..2358c20f455cbdff1c8bcde749fa5abcf3d069b6 --- /dev/null +++ b/doc/bn.doc @@ -0,0 +1,379 @@ +The Big Number library. + +#include "bn.h" when using this library. + +This big number library was written for use in implementing the RSA and DH +public key encryption algorithms. As such, features such as negative +numbers have not been extensively tested but they should work as expected. +This library uses dynamic memory allocation for storing its data structures +and so there are no limit on the size of the numbers manipulated by these +routines but there is always the requirement to check return codes from +functions just in case a memory allocation error has occurred. + +The basic object in this library is a BIGNUM. It is used to hold a single +large integer. This type should be considered opaque and fields should not +be modified or accessed directly. +typedef struct bignum_st + { + int top; /* Index of last used d. */ + BN_ULONG *d; /* Pointer to an array of 'BITS2' bit chunks. */ + int max; /* Size of the d array. */ + int neg; + } BIGNUM; +The big number is stored in a malloced array of BN_ULONG's. A BN_ULONG can +be either 16, 32 or 64 bits in size, depending on the 'number of bits' +specified in bn.h. +The 'd' field is this array. 'max' is the size of the 'd' array that has +been allocated. 'top' is the 'last' entry being used, so for a value of 4, +bn.d[0]=4 and bn.top=1. 'neg' is 1 if the number is negative. +When a BIGNUM is '0', the 'd' field can be NULL and top == 0. + +Various routines in this library require the use of 'temporary' BIGNUM +variables during their execution. Due to the use of dynamic memory +allocation to create BIGNUMs being rather expensive when used in +conjunction with repeated subroutine calls, the BN_CTX structure is +used. This structure contains BN_CTX BIGNUMs. BN_CTX +is the maximum number of temporary BIGNUMs any publicly exported +function will use. + +#define BN_CTX 12 +typedef struct bignum_ctx + { + int tos; /* top of stack */ + BIGNUM *bn[BN_CTX]; /* The variables */ + } BN_CTX; + +The functions that follow have been grouped according to function. Most +arithmetic functions return a result in the first argument, sometimes this +first argument can also be an input parameter, sometimes it cannot. These +restrictions are documented. + +extern BIGNUM *BN_value_one; +There is one variable defined by this library, a BIGNUM which contains the +number 1. This variable is useful for use in comparisons and assignment. + +Get Size functions. + +int BN_num_bits(BIGNUM *a); + This function returns the size of 'a' in bits. + +int BN_num_bytes(BIGNUM *a); + This function (macro) returns the size of 'a' in bytes. + For conversion of BIGNUMs to byte streams, this is the number of + bytes the output string will occupy. If the output byte + format specifies that the 'top' bit indicates if the number is + signed, so an extra '0' byte is required if the top bit on a + positive number is being written, it is upto the application to + make this adjustment. Like I said at the start, I don't + really support negative numbers :-). + +Creation/Destruction routines. + +BIGNUM *BN_new(); + Return a new BIGNUM object. The number initially has a value of 0. If + there is an error, NULL is returned. + +void BN_free(BIGNUM *a); + Free()s a BIGNUM. + +void BN_clear(BIGNUM *a); + Sets 'a' to a value of 0 and also zeros all unused allocated + memory. This function is used to clear a variable of 'sensitive' + data that was held in it. + +void BN_clear_free(BIGNUM *a); + This function zeros the memory used by 'a' and then free()'s it. + This function should be used to BN_free() BIGNUMS that have held + sensitive numeric values like RSA private key values. Both this + function and BN_clear tend to only be used by RSA and DH routines. + +BN_CTX *BN_CTX_new(void); + Returns a new BN_CTX. NULL on error. + +void BN_CTX_free(BN_CTX *c); + Free a BN_CTX structure. The BIGNUMs in 'c' are BN_clear_free()ed. + +BIGNUM *bn_expand(BIGNUM *b, int bits); + This is an internal function that should not normally be used. It + ensures that 'b' has enough room for a 'bits' bit number. It is + mostly used by the various BIGNUM routines. If there is an error, + NULL is returned. if not, 'b' is returned. + +BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from); + The 'from' is copied into 'to'. NULL is returned if there is an + error, otherwise 'to' is returned. + +BIGNUM *BN_dup(BIGNUM *a); + A new BIGNUM is created and returned containing the value of 'a'. + NULL is returned on error. + +Comparison and Test Functions. + +int BN_is_zero(BIGNUM *a) + Return 1 if 'a' is zero, else 0. + +int BN_is_one(a) + Return 1 is 'a' is one, else 0. + +int BN_is_word(a,w) + Return 1 if 'a' == w, else 0. 'w' is a BN_ULONG. + +int BN_cmp(BIGNUM *a, BIGNUM *b); + Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same + and 1 is 'a' is greater than 'b'. This is a signed comparison. + +int BN_ucmp(BIGNUM *a, BIGNUM *b); + This function is the same as BN_cmp except that the comparison + ignores the sign of the numbers. + +Arithmetic Functions +For all of these functions, 0 is returned if there is an error and 1 is +returned for success. The return value should always be checked. eg. +if (!BN_add(r,a,b)) goto err; +Unless explicitly mentioned, the 'return' value can be one of the +'parameters' to the function. + +int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); + Add 'a' and 'b' and return the result in 'r'. This is r=a+b. + +int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b); + Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b. + +int BN_lshift(BIGNUM *r, BIGNUM *a, int n); + Shift 'a' left by 'n' bits. This is r=a*(2^n). + +int BN_lshift1(BIGNUM *r, BIGNUM *a); + Shift 'a' left by 1 bit. This form is more efficient than + BN_lshift(r,a,1). This is r=a*2. + +int BN_rshift(BIGNUM *r, BIGNUM *a, int n); + Shift 'a' right by 'n' bits. This is r=int(a/(2^n)). + +int BN_rshift1(BIGNUM *r, BIGNUM *a); + Shift 'a' right by 1 bit. This form is more efficient than + BN_rshift(r,a,1). This is r=int(a/2). + +int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b); + Multiply a by b and return the result in 'r'. 'r' must not be + either 'a' or 'b'. It has to be a different BIGNUM. + This is r=a*b. + +int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); + Multiply a by a and return the result in 'r'. 'r' must not be + 'a'. This function is alot faster than BN_mul(r,a,a). This is r=a*a. + +int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx); + Divide 'm' by 'd' and return the result in 'dv' and the remainder + in 'rem'. Either of 'dv' or 'rem' can be NULL in which case that + value is not returned. 'ctx' needs to be passed as a source of + temporary BIGNUM variables. + This is dv=int(m/d), rem=m%d. + +int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx); + Find the remainder of 'm' divided by 'd' and return it in 'rem'. + 'ctx' holds the temporary BIGNUMs required by this function. + This function is more efficient than BN_div(NULL,rem,m,d,ctx); + This is rem=m%d. + +int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx); + Multiply 'a' by 'b' and return the remainder when divided by 'm'. + 'ctx' holds the temporary BIGNUMs required by this function. + This is r=(a*b)%m. + +int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx); + Raise 'a' to the 'p' power and return the remainder when divided by + 'm'. 'ctx' holds the temporary BIGNUMs required by this function. + This is r=(a^p)%m. + +int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx); + Return the reciprocal of 'm'. 'ctx' holds the temporary variables + required. This function returns -1 on error, otherwise it returns + the number of bits 'r' is shifted left to make 'r' into an integer. + This number of bits shifted is required in BN_mod_mul_reciprocal(). + This is r=(1/m)<<(BN_num_bits(m)+1). + +int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, + BIGNUM *i, int nb, BN_CTX *ctx); + This function is used to perform an efficient BN_mod_mul() + operation. If one is going to repeatedly perform BN_mod_mul() with + the same modulus is worth calculating the reciprocal of the modulus + and then using this function. This operation uses the fact that + a/b == a*r where r is the reciprocal of b. On modern computers + multiplication is very fast and big number division is very slow. + 'x' is multiplied by 'y' and then divided by 'm' and the remainder + is returned. 'i' is the reciprocal of 'm' and 'nb' is the number + of bits as returned from BN_reciprocal(). Normal usage is as follows. + bn=BN_reciprocal(i,m); + for (...) + { BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); } + This is r=(x*y)%m. Internally it is approximately + r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn) + This function is used in BN_mod_exp() and BN_is_prime(). + +Assignment Operations + +int BN_one(BIGNUM *a) + Set 'a' to hold the value one. + This is a=1. + +int BN_zero(BIGNUM *a) + Set 'a' to hold the value zero. + This is a=0. + +int BN_set_word(BIGNUM *a, unsigned long w); + Set 'a' to hold the value of 'w'. 'w' is an unsigned long. + This is a=w. + +unsigned long BN_get_word(BIGNUM *a); + Returns 'a' in an unsigned long. Not remarkably, often 'a' will + be biger than a word, in which case 0xffffffffL is returned. + +Word Operations +These functions are much more efficient that the normal bignum arithmetic +operations. + +BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w); + Return the remainder of 'a' divided by 'w'. + This is return(a%w). + +int BN_add_word(BIGNUM *a, unsigned long w); + Add 'w' to 'a'. This function does not take the sign of 'a' into + account. This is a+=w; + +Bit operations. + +int BN_is_bit_set(BIGNUM *a, int n); + This function return 1 if bit 'n' is set in 'a' else 0. + +int BN_set_bit(BIGNUM *a, int n); + This function sets bit 'n' to 1 in 'a'. Return 0 if less than + 'n' bits in 'a', else 1. This is a&= ~(1< +X-Sender: eay@orb +To: sameer +Cc: ssleay@mincom.oz.au +Subject: Re: 'ca' +In-Reply-To: <199512230440.UAA23410@infinity.c2.org> +Message-Id: +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Status: RO +X-Status: + +On Fri, 22 Dec 1995, sameer wrote: +> I could use documentation on 'ca'. Thanks. + +Very quickly. +The ca program uses the ssleay.conf file for most of its configuration + +./ca -help + + -verbose - Talk alot while doing things + -config file - A config file. If you don't want to use the + default config file + -name arg - The particular CA definition to use + In the config file, the section to use for parameters. This lets + multiple setups to be contained in the one file. By default, the + default_ca variable is looked up in the [ ca ] section. So in the + shipped ssleay.conf, the CA definition used is CA_default. It could be + any other name. + -gencrl days - Generate a new CRL, days is when the next CRL is due + This will generate a new certificate revocion list. + -days arg - number of days to certify the certificate for + When certifiying certificates, this is the number of days to use. + -md arg - md to use, one of md2, md5, sha or sha1 + -policy arg - The CA 'policy' to support + I'll describe this later, but there are 2 policies definied in the + shipped ssleay.conf + -keyfile arg - PEM RSA private key file + -key arg - key to decode the RSA private key if it is encrypted + since we need to keep the CA's RSA key encrypted + -cert - The CA certificate + -in file - The input PEM encoded certificate request(s) + -out file - Where to put the output file(s) + -outdir dir - Where to put output certificates + The -out options concatinates all the output certificied + certificates to one file, -outdir puts them in a directory, + named by serial number. + -infiles .... - The last argument, requests to process + The certificate requests to process, -in is the same. + +Just about all the above have default values defined in ssleay.conf. + +The key variables in ssleay.conf are (for the pariticular '-name' being +used, in the default, it is CA_default). + +dir is where all the CA database stuff is kept. +certs is where all the previously issued certificates are kept. +The database is a simple text database containing the following tab separated +fields. +status: a value of 'R' - revoked, 'E' -expired or 'V' valid. +issued date: When the certificate was certified. +revoked date: When it was revoked, blank if not revoked. +serial number: The certificate serial number. +certificate: Where the certificate is located. +CN: The name of the certificate. + +The demo file has quite a few made up values it it. The last 2 were +added by the ca program and are acurate. +The CA program does not update the 'certificate' file correctly right now. +The serial field should be unique as should the CN/status combination. +The ca program checks these at startup. What still needs to be +wrtten is a program to 'regenerate' the data base file from the issued +certificate list (and a CRL list). + +Back to the CA_default variables. + +Most of the variables are commented. + +policy is the default policy. + +Ok for policies, they define the order and which fields must be present +in the certificate request and what gets filled in. + +So a value of +countryName = match +means that the country name must match the CA certificate. +organizationalUnitName = optional +The org.Unit,Name does not have to be present and +commonName = supplied +commonName must be supplied in the certificate request. + +For the 'policy_match' polocy, the order of the attributes in the +generated certiticate would be +countryName +stateOrProvinceName +organizationName +organizationalUnitName +commonName +emailAddress + +Have a play, it sort of makes sense. If you think about how the persona +requests operate, it is similar to the 'policy_match' policy and the +'policy_anything' is similar to what versign is doing. + +I hope this helps a bit. Some backend scripts are definitly needed to +update the database and to make certificate revocion easy. All +certificates issued should also be kept forever (or until they expire?) + +hope this helps +eric (who has to run off an buy some cheap knee pads for the caving in 4 +days time :-) + +-- +Eric Young | Signature removed since it was generating +AARNet: eay@mincom.oz.au | more followups than the message contents :-) + + diff --git a/doc/callback.doc b/doc/callback.doc new file mode 100644 index 0000000000000000000000000000000000000000..7ad0f7f7d263ecc2e35ee149c9b0765e9687491a --- /dev/null +++ b/doc/callback.doc @@ -0,0 +1,240 @@ +Callback functions used in SSLeay. + +-------------------------- +The BIO library. + +Each BIO structure can have a callback defined against it. This callback is +called 2 times for each BIO 'function'. It is passed 6 parameters. +BIO_debug_callback() is an example callback which is defined in +crypto/buffer/bio_cb.c and is used in apps/dgst.c This is intended mostly +for debuging or to notify the application of IO. + +long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,long argl, + long ret); +bio is the BIO being called, cmd is the type of BIO function being called. +Look at the BIO_CB_* defines in buffer.h. Argp and argi are the arguments +passed to BIO_read(), BIO_write, BIO_gets(), BIO_puts(). In the case of +BIO_ctrl(), argl is also defined. The first time the callback is called, +before the underlying function has been executed, 0 is passed as 'ret', and +if the return code from the callback is not > 0, the call is aborted +and the returned <= 0 value is returned. +The second time the callback is called, the 'cmd' value also has +BIO_CB_RETURN logically 'or'ed with it. The 'ret' value is the value returned +from the actuall function call and whatever the callback returns is returned +from the BIO function. + +BIO_set_callback(b,cb) can be used to set the callback function +(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to +set the cb_arg argument in the BIO strucutre. This field is only intended +to be used by application, primarily in the callback function since it is +accessable since the BIO is passed. + +-------------------------- +The PEM library. + +The pem library only really uses one type of callback, +static int def_callback(char *buf, int num, int verify); +which is used to return a password string if required. +'buf' is the buffer to put the string in. 'num' is the size of 'buf' +and 'verify' is used to indicate that the password should be checked. +This last flag is mostly used when reading a password for encryption. + +For all of these functions, a NULL callback will call the above mentioned +default callback. This default function does not work under Windows 3.1. +For other machines, it will use an application defined prompt string +(EVP_set_pw_prompt(), which defines a library wide prompt string) +if defined, otherwise it will use it's own PEM password prompt. +It will then call EVP_read_pw_string() to get a password from the console. +If your application wishes to use nice fancy windows to retrieve passwords, +replace this function. The callback should return the number of bytes read +into 'buf'. If the number of bytes <= 0, it is considered an error. + +Functions that take this callback are listed below. For the 'read' type +functions, the callback will only be required if the PEM data is encrypted. + +For the Write functions, normally a password can be passed in 'kstr', of +'klen' bytes which will be used if the 'enc' cipher is not NULL. If +'kstr' is NULL, the callback will be used to retrieve a password. + +int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, + int (*callback)()); +char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)()); +char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)()); +int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x, + EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); +int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x, + EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); +STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)()); +STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)()); + +#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) +#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) +#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) +#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) +#define PEM_read_SSL_SESSION(fp,x,cb) +#define PEM_read_X509(fp,x,cb) +#define PEM_read_X509_REQ(fp,x,cb) +#define PEM_read_X509_CRL(fp,x,cb) +#define PEM_read_RSAPrivateKey(fp,x,cb) +#define PEM_read_DSAPrivateKey(fp,x,cb) +#define PEM_read_PrivateKey(fp,x,cb) +#define PEM_read_PKCS7(fp,x,cb) +#define PEM_read_DHparams(fp,x,cb) +#define PEM_read_bio_SSL_SESSION(bp,x,cb) +#define PEM_read_bio_X509(bp,x,cb) +#define PEM_read_bio_X509_REQ(bp,x,cb) +#define PEM_read_bio_X509_CRL(bp,x,cb) +#define PEM_read_bio_RSAPrivateKey(bp,x,cb) +#define PEM_read_bio_DSAPrivateKey(bp,x,cb) +#define PEM_read_bio_PrivateKey(bp,x,cb) +#define PEM_read_bio_PKCS7(bp,x,cb) +#define PEM_read_bio_DHparams(bp,x,cb) +int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); +RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); + +Now you will notice that macros like +#define PEM_write_X509(fp,x) \ + PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ + (char *)x, NULL,NULL,0,NULL) +Don't do encryption normally. If you want to PEM encrypt your X509 structure, +either just call PEM_ASN1_write directly or just define you own +macro variant. As you can see, this macro just sets all encryption related +parameters to NULL. + + +-------------------------- +The SSL library. + +#define SSL_set_info_callback(ssl,cb) +#define SSL_CTX_set_info_callback(ctx,cb) +void callback(SSL *ssl,int location,int ret) +This callback is called each time around the SSL_connect()/SSL_accept() +state machine. So it will be called each time the SSL protocol progresses. +It is mostly present for use when debugging. When SSL_connect() or +SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or +SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned. +Have a look at the SSL_CB_* defines in ssl.h. If an info callback is defined +against the SSL_CTX, it is called unless there is one set against the SSL. +Have a look at +void client_info_callback() in apps/s_client() for an example. + +Certificate verification. +void SSL_set_verify(SSL *s, int mode, int (*callback) ()); +void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)()); +This callback is used to help verify client and server X509 certificates. +It is actually passed to X509_cert_verify(), along with the SSL structure +so you have to read about X509_cert_verify() :-). The SSL_CTX version is used +if the SSL version is not defined. X509_cert_verify() is the function used +by the SSL part of the library to verify certificates. This function is +nearly always defined by the application. + +void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); +int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain); +This call is used to replace the SSLeay certificate verification code. +The 'arg' is kept in the SSL_CTX and is passed to the callback. +If the callback returns 0, the certificate is rejected, otherwise it +is accepted. The callback is replacing the X509_cert_verify() call. +This feature is not often used, but if you wished to implement +some totally different certificate authentication system, this 'hook' is +vital. + +SSLeay keeps a cache of session-ids against each SSL_CTX. These callbacks can +be used to notify the application when a SSL_SESSION is added to the cache +or to retrieve a SSL_SESSION that is not in the cache from the application. +#define SSL_CTX_sess_set_get_cb(ctx,cb) +SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy); +If defined, this callback is called to return the SESSION_ID for the +session-id in 'session_id', of 'session_id_len' bytes. 'copy' is set to 1 +if the server is to 'take a copy' of the SSL_SESSION structure. It is 0 +if the SSL_SESSION is being 'passed in' so the SSLeay library is now +responsible for 'free()ing' the structure. Basically it is used to indicate +if the reference count on the SSL_SESSION structure needs to be incremented. + +#define SSL_CTX_sess_set_new_cb(ctx,cb) +int callback(SSL *s, SSL_SESSION *sess); +When a new connection is established, if the SSL_SESSION is going to be added +to the cache, this callback is called. Return 1 if a 'copy' is required, +otherwise, return 0. This return value just causes the reference count +to be incremented (on return of a 1), this means the application does +not need to worry about incrementing the refernece count (and the +locking that implies in a multi-threaded application). + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)()); +This sets the SSL password reading function. +It is mostly used for windowing applications +and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey() +calls inside the SSL library. The only reason this is present is because the +calls to PEM_* functions is hidden in the SSLeay library so you have to +pass in the callback some how. + +#define SSL_CTX_set_client_cert_cb(ctx,cb) +int callback(SSL *s,X509 **x509, EVP_PKEY **pkey); +Called when a client certificate is requested but there is not one set +against the SSL_CTX or the SSL. If the callback returns 1, x509 and +pkey need to point to valid data. The library will free these when +required so if the application wants to keep these around, increment +their reference counts. If 0 is returned, no client cert is +available. If -1 is returned, it is assumed that the callback needs +to be called again at a later point in time. SSL_connect will return +-1 and SSL_want_x509_lookup(ssl) returns true. Remember that +application data can be attached to an SSL structure via the +SSL_set_app_data(SSL *ssl,char *data) call. + +-------------------------- +The X509 library. + +int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(), + int *error,char *arg,STACK *cert_chain); +int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg, + STACK *cert_chain); + +X509_cert_verify() is used to authenticate X509 certificates. The 'ctx' holds +the details of the various caches and files used to locate certificates. +'xs' is the certificate to verify and 'cb' is the application callback (more +detail later). 'error' will be set to the error code and 'arg' is passed +to the 'cb' callback. Look at the VERIFY_* defines in crypto/x509/x509.h + +When ever X509_cert_verify() makes a 'negative' decision about a +certitificate, the callback is called. If everything checks out, the +callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self +signed cert that is not the passed certificate). + +The callback is passed the X509_cert_verify opinion of the certificate +in 'ok', the certificate in 'xs', the issuer certificate in 'xi', +the 'depth' of the certificate in the verification 'chain', the +VERIFY_* code in 'error' and the argument passed to X509_cert_verify() +in 'arg'. cert_chain is a list of extra certs to use if they are not +in the cache. + +The callback can be used to look at the error reason, and then return 0 +for an 'error' or '1' for ok. This will override the X509_cert_verify() +opinion of the certificates validity. Processing will continue depending on +the return value. If one just wishes to use the callback for informational +reason, just return the 'ok' parameter. + +-------------------------- +The BN and DH library. + +BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add, + BIGNUM *rem,void (*callback)(int,int)); +int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int), + +Read doc/bn.doc for the description of these 2. + +DH *DH_generate_parameters(int prime_len,int generator, + void (*callback)(int,int)); +Read doc/bn.doc for the description of the callback, since it is just passed +to BN_generate_prime(), except that it is also called as +callback(3,0) by this function. + +-------------------------- +The CRYPTO library. + +void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file, + int line)); +void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount, + int type,char *file, int line)); +void CRYPTO_set_id_callback(unsigned long (*func)(void)); + +Read threads.doc for info on these ones. + diff --git a/doc/cipher.doc b/doc/cipher.doc new file mode 100644 index 0000000000000000000000000000000000000000..d49ba78c5cd305bc64b29680d915fc5a5eb5f733 --- /dev/null +++ b/doc/cipher.doc @@ -0,0 +1,345 @@ +The Cipher subroutines. + +These routines require "evp.h" to be included. + +These functions are a higher level interface to the various cipher +routines found in this library. As such, they allow the same code to be +used to encrypt and decrypt via different ciphers with only a change +in an initial parameter. These routines also provide buffering for block +ciphers. + +These routines all take a pointer to the following structure to specify +which cipher to use. If you wish to use a new cipher with these routines, +you would probably be best off looking an how an existing cipher is +implemented and copying it. At this point in time, I'm not going to go +into many details. This structure should be considered opaque + +typedef struct pem_cipher_st + { + int type; + int block_size; + int key_len; + int iv_len; + void (*enc_init)(); /* init for encryption */ + void (*dec_init)(); /* init for decryption */ + void (*do_cipher)(); /* encrypt data */ + } EVP_CIPHER; + +The type field is the object NID of the cipher type +(read the section on Objects for an explanation of what a NID is). +The cipher block_size is how many bytes need to be passed +to the cipher at a time. Key_len is the +length of the key the cipher requires and iv_len is the length of the +initialisation vector required. enc_init is the function +called to initialise the ciphers context for encryption and dec_init is the +function to initialise for decryption (they need to be different, especially +for the IDEA cipher). + +One reason for specifying the Cipher via a pointer to a structure +is that if you only use des-cbc, only the des-cbc routines will +be included when you link the program. If you passed an integer +that specified which cipher to use, the routine that mapped that +integer to a set of cipher functions would cause all the ciphers +to be link into the code. This setup also allows new ciphers +to be added by the application (with some restrictions). + +The thirteen ciphers currently defined in this library are + +EVP_CIPHER *EVP_des_ecb(); /* DES in ecb mode, iv=0, block=8, key= 8 */ +EVP_CIPHER *EVP_des_ede(); /* DES in ecb ede mode, iv=0, block=8, key=16 */ +EVP_CIPHER *EVP_des_ede3(); /* DES in ecb ede mode, iv=0, block=8, key=24 */ +EVP_CIPHER *EVP_des_cfb(); /* DES in cfb mode, iv=8, block=1, key= 8 */ +EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */ +EVP_CIPHER *EVP_des_ofb(); /* DES in ofb mode, iv=8, block=1, key= 8 */ +EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */ +EVP_CIPHER *EVP_des_cbc(); /* DES in cbc mode, iv=8, block=8, key= 8 */ +EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */ +EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */ +EVP_CIPHER *EVP_desx_cbc(); /* DES in desx cbc mode,iv=8, block=8, key=24 */ +EVP_CIPHER *EVP_rc4(); /* RC4, iv=0, block=1, key=16 */ +EVP_CIPHER *EVP_idea_ecb(); /* IDEA in ecb mode, iv=0, block=8, key=16 */ +EVP_CIPHER *EVP_idea_cfb(); /* IDEA in cfb mode, iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_idea_ofb(); /* IDEA in ofb mode, iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_idea_cbc(); /* IDEA in cbc mode, iv=8, block=8, key=16 */ +EVP_CIPHER *EVP_rc2_ecb(); /* RC2 in ecb mode, iv=0, block=8, key=16 */ +EVP_CIPHER *EVP_rc2_cfb(); /* RC2 in cfb mode, iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_rc2_ofb(); /* RC2 in ofb mode, iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_rc2_cbc(); /* RC2 in cbc mode, iv=8, block=8, key=16 */ +EVP_CIPHER *EVP_bf_ecb(); /* Blowfish in ecb mode,iv=0, block=8, key=16 */ +EVP_CIPHER *EVP_bf_cfb(); /* Blowfish in cfb mode,iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_bf_ofb(); /* Blowfish in ofb mode,iv=8, block=1, key=16 */ +EVP_CIPHER *EVP_bf_cbc(); /* Blowfish in cbc mode,iv=8, block=8, key=16 */ + +The meaning of the compound names is as follows. +des The base cipher is DES. +idea The base cipher is IDEA +rc4 The base cipher is RC4-128 +rc2 The base cipher is RC2-128 +ecb Electronic Code Book form of the cipher. +cbc Cipher Block Chaining form of the cipher. +cfb 64 bit Cipher Feedback form of the cipher. +ofb 64 bit Output Feedback form of the cipher. +ede The cipher is used in Encrypt, Decrypt, Encrypt mode. The first + and last keys are the same. +ede3 The cipher is used in Encrypt, Decrypt, Encrypt mode. + +All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument. +The state of the cipher is kept in this structure. + +typedef struct EVP_CIPHER_Ctx_st + { + EVP_CIPHER *cipher; + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + unsigned char buf[8]; + union { + .... /* cipher specific stuff */ + } c; + } EVP_CIPHER_CTX; + +Cipher is a pointer the the EVP_CIPHER for the current context. The encrypt +flag indicates encryption or decryption. buf_len is the number of bytes +currently being held in buf. +The 'c' union holds the cipher specify context. + +The following functions are to be used. + +int EVP_read_pw_string( +char *buf, +int len, +char *prompt, +int verify, + This function is the same as des_read_pw_string() (des.doc). + +void EVP_set_pw_prompt(char *prompt); + This function sets the 'default' prompt to use to use in + EVP_read_pw_string when the prompt parameter is NULL. If the + prompt parameter is NULL, this 'default prompt' feature is turned + off. Be warned, this is a global variable so weird things + will happen if it is used under Win16 and care must be taken + with a multi-threaded version of the library. + +char *EVP_get_pw_prompt(); + This returns a pointer to the default prompt string. NULL + if it is not set. + +int EVP_BytesToKey( +EVP_CIPHER *type, +EVP_MD *md, +unsigned char *salt, +unsigned char *data, +int datal, +int count, +unsigned char *key, +unsigned char *iv); + This function is used to generate a key and an initialisation vector + for a specified cipher from a key string and a salt. Type + specifies the cipher the 'key' is being generated for. Md is the + message digest algorithm to use to generate the key and iv. The salt + is an optional 8 byte object that is used to help seed the key + generator. + If the salt value is NULL, it is just not used. Datal is the + number of bytes to use from 'data' in the key generation. + This function returns the key size for the specified cipher, if + data is NULL, this value is returns and no other + computation is performed. Count is + the number of times to loop around the key generator. I would + suggest leaving it's value as 1. Key and iv are the structures to + place the returning iv and key in. If they are NULL, no value is + generated for that particular value. + The algorithm used is as follows + + /* M[] is an array of message digests + * MD() is the message digest function */ + M[0]=MD(data . salt); + for (i=1; i key=M[0.. 8], iv=M[ 9 .. 16]. + For key=16, iv=0 => key=M[0..16]. + For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24]. + For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32]. + + This routine will produce DES-CBC keys and iv that are compatible + with the PKCS-5 standard when md2 or md5 are used. If md5 is + used, the salt is NULL and count is 1, this routine will produce + the password to key mapping normally used with RC4. + I have attempted to logically extend the PKCS-5 standard to + generate keys and iv for ciphers that require more than 16 bytes, + if anyone knows what the correct standard is, please inform me. + When using sha or sha1, things are a bit different under this scheme, + since sha produces a 20 byte digest. So for ciphers requiring + 24 bits of data, 20 will come from the first MD and 4 will + come from the second. + + I have considered having a separate function so this 'routine' + can be used without the requirement of passing a EVP_CIPHER *, + but I have decided to not bother. If you wish to use the + function without official EVP_CIPHER structures, just declare + a local one and set the key_len and iv_len fields to the + length you desire. + +The following routines perform encryption and decryption 'by parts'. By +this I mean that there are groups of 3 routines. An Init function that is +used to specify a cipher and initialise data structures. An Update routine +that does encryption/decryption, one 'chunk' at a time. And finally a +'Final' function that finishes the encryption/decryption process. +All these functions take a EVP_CIPHER pointer to specify which cipher to +encrypt/decrypt with. They also take a EVP_CIPHER_CTX object as an +argument. This structure is used to hold the state information associated +with the operation in progress. + +void EVP_EncryptInit( +EVP_CIPHER_CTX *ctx, +EVP_CIPHER *type, +unsigned char *key, +unsigned char *iv); + This function initialise a EVP_CIPHER_CTX for encryption using the + cipher passed in the 'type' field. The cipher is initialised to use + 'key' as the key and 'iv' for the initialisation vector (if one is + required). If the type, key or iv is NULL, the value currently in the + EVP_CIPHER_CTX is reused. So to perform several decrypt + using the same cipher, key and iv, initialise with the cipher, + key and iv the first time and then for subsequent calls, + reuse 'ctx' but pass NULL for type, key and iv. You must make sure + to pass a key that is large enough for a particular cipher. I + would suggest using the EVP_BytesToKey() function. + +void EVP_EncryptUpdate( +EVP_CIPHER_CTX *ctx, +unsigned char *out, +int *outl, +unsigned char *in, +int inl); + This function takes 'inl' bytes from 'in' and outputs bytes + encrypted by the cipher 'ctx' was initialised with into 'out'. The + number of bytes written to 'out' is put into outl. If a particular + cipher encrypts in blocks, less or more bytes than input may be + output. Currently the largest block size used by supported ciphers + is 8 bytes, so 'out' should have room for 'inl+7' bytes. Normally + EVP_EncryptInit() is called once, followed by lots and lots of + calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal + call. + +void EVP_EncryptFinal( +EVP_CIPHER_CTX *ctx, +unsigned char *out, +int *outl); + Because quite a large number of ciphers are block ciphers, there is + often an incomplete block to write out at the end of the + encryption. EVP_EncryptFinal() performs processing on this last + block. The last block in encoded in such a way that it is possible + to determine how many bytes in the last block are valid. For 8 byte + block size ciphers, if only 5 bytes in the last block are valid, the + last three bytes will be filled with the value 3. If only 2 were + valid, the other 6 would be filled with sixes. If all 8 bytes are + valid, a extra 8 bytes are appended to the cipher stream containing + nothing but 8 eights. These last bytes are output into 'out' and + the number of bytes written is put into 'outl' These last bytes + are output into 'out' and the number of bytes written is put into + 'outl'. This form of block cipher finalisation is compatible with + PKCS-5. Please remember that even if you are using ciphers like + RC4 that has no blocking and so the function will not write + anything into 'out', it would still be a good idea to pass a + variable for 'out' that can hold 8 bytes just in case the cipher is + changed some time in the future. It should also be remembered + that the EVP_CIPHER_CTX contains the password and so when one has + finished encryption with a particular EVP_CIPHER_CTX, it is good + practice to zero the structure + (ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)). + +void EVP_DecryptInit( +EVP_CIPHER_CTX *ctx, +EVP_CIPHER *type, +unsigned char *key, +unsigned char *iv); + This function is basically the same as EVP_EncryptInit() accept that + is prepares the EVP_CIPHER_CTX for decryption. + +void EVP_DecryptUpdate( +EVP_CIPHER_CTX *ctx, +unsigned char *out, +int *outl, +unsigned char *in, +int inl); + This function is basically the same as EVP_EncryptUpdate() + except that it performs decryption. There is one + fundamental difference though. 'out' can not be the same as + 'in' for any ciphers with a block size greater than 1 if more + than one call to EVP_DecryptUpdate() will be made. This + is because this routine can hold a 'partial' block between + calls. When a partial block is decrypted (due to more bytes + being passed via this function, they will be written to 'out' + overwriting the input bytes in 'in' that have not been read + yet. From this it should also be noted that 'out' should + be at least one 'block size' larger than 'inl'. This problem + only occurs on the second and subsequent call to + EVP_DecryptUpdate() when using a block cipher. + +int EVP_DecryptFinal( +EVP_CIPHER_CTX *ctx, +unsigned char *out, +int *outl); + This function is different to EVP_EncryptFinal in that it 'removes' + any padding bytes appended when the data was encrypted. Due to the + way in which 1 to 8 bytes may have been appended when encryption + using a block cipher, 'out' can end up with 0 to 7 bytes being put + into it. When decoding the padding bytes, it is possible to detect + an incorrect decryption. If the decryption appears to be wrong, 0 + is returned. If everything seems ok, 1 is returned. For ciphers + with a block size of 1 (RC4), this function would normally not + return any bytes and would always return 1. Just because this + function returns 1 does not mean the decryption was correct. It + would normally be wrong due to either the wrong key/iv or + corruption of the cipher data fed to EVP_DecryptUpdate(). + As for EVP_EncryptFinal, it is a good idea to zero the + EVP_CIPHER_CTX after use since the structure contains the key used + to decrypt the data. + +The following Cipher routines are convenience routines that call either +EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX +was setup to encrypt or decrypt. + +void EVP_CipherInit( +EVP_CIPHER_CTX *ctx, +EVP_CIPHER *type, +unsigned char *key, +unsigned char *iv, +int enc); + This function take arguments that are the same as EVP_EncryptInit() + and EVP_DecryptInit() except for the extra 'enc' flag. If 1, the + EVP_CIPHER_CTX is setup for encryption, if 0, decryption. + +void EVP_CipherUpdate( +EVP_CIPHER_CTX *ctx, +unsigned char *out, +int *outl, +unsigned char *in, +int inl); + Again this function calls either EVP_EncryptUpdate() or + EVP_DecryptUpdate() depending on state in the 'ctx' structure. + As noted for EVP_DecryptUpdate(), when this routine is used + for decryption with block ciphers, 'out' should not be the + same as 'in'. + +int EVP_CipherFinal( +EVP_CIPHER_CTX *ctx, +unsigned char *outm, +int *outl); + This routine call EVP_EncryptFinal() or EVP_DecryptFinal() + depending on the state information in 'ctx'. 1 is always returned + if the mode is encryption, otherwise the return value is the return + value of EVP_DecryptFinal(). diff --git a/doc/cipher.m b/doc/cipher.m new file mode 100644 index 0000000000000000000000000000000000000000..9f749171352f05a45b50296ac3a427f57122cb0e --- /dev/null +++ b/doc/cipher.m @@ -0,0 +1,128 @@ +From ssl-lists-owner@mincom.com Tue Oct 15 18:16:14 1996 +Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11550 + (5.65c/IDA-1.4.4 for eay); Tue, 15 Oct 1996 08:17:41 +1000 +Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id IAA12472 for ssl-users-outgoing; Tue, 15 Oct 1996 08:16:35 +1000 (EST) +Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id IAA12463 for ; Tue, 15 Oct 1996 08:16:32 +1000 (EST) +Received: by orb.mincom.oz.au id AA11544 + (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Tue, 15 Oct 1996 08:16:15 +1000 +Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST) +From: Eric Young +X-Sender: eay@orb +To: Roland Haring +Cc: ssl-users@mincom.com +Subject: Re: Symmetric encryption with ssleay +In-Reply-To: +Message-Id: +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Sender: ssl-lists-owner@mincom.com +Precedence: bulk +Status: RO +X-Status: + + +On Fri, 11 Oct 1996, Roland Haring wrote: +> THE_POINT: +> Would somebody be so kind to give me the minimum basic +> calls I need to do to libcrypto.a to get some text encrypted +> and decrypted again? ...hopefully with code included to do +> base64 encryption and decryption ... e.g. that sign-it.c code +> posted some while ago was a big help :-) (please, do not point +> me to apps/enc.c where I suspect my Heissenbug to be hidden :-) + +Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes +when the data is less than a line long (this is for decoding). I'll dig +up the exact fix today and post it. I am taking longer on 0.6.5 than I +intended so I'll just post this patch. + +The documentation to read is in +doc/cipher.doc, +doc/encode.doc (very sparse :-). +and perhaps +doc/digest.doc, + +The basic calls to encrypt with say triple DES are + +Given +char key[EVP_MAX_KEY_LENGTH]; +char iv[EVP_MAX_IV_LENGTH]; +EVP_CIPHER_CTX ctx; +unsigned char out[512+8]; +int outl; + +/* optional generation of key/iv data from text password using md5 + * via an upward compatable verson of PKCS#5. */ +EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd), + key,iv); + +/* Initalise the EVP_CIPHER_CTX */ +EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv); + +while (....) + { + /* This is processing 512 bytes at a time, the bytes are being + * copied into 'out', outl bytes are output. 'out' should not be the + * same as 'in' for reasons mentioned in the documentation. */ + EVP_EncryptUpdate(ctx,out,&outl,in,512); + } + +/* Output the last 'block'. If the cipher is a block cipher, the last + * block is encoded in such a way so that a wrong decryption will normally be + * detected - again, one of the PKCS standards. */ + +EVP_EncryptFinal(ctx,out,&outl); + +To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal() +will return 0 if the decryption fails (only detectable on block ciphers). + +You can also use +EVP_CipherInit() +EVP_CipherUpdate() +EVP_CipherFinal() +which does either encryption or decryption depending on an extra +parameter to EVP_CipherInit(). + + +To do the base64 encoding, +EVP_EncodeInit() +EVP_EncodeUpdate() +EVP_EncodeFinal() + +EVP_DecodeInit() +EVP_DecodeUpdate() +EVP_DecodeFinal() + +where the encoding is quite simple, but the decoding can be a bit more +fun (due to dud input). + +EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the +'last line' was just processed, and 1 if more lines should be submitted. + +EVP_DecodeFinal() returns -1 for an error or 1 if things are ok. + +So the loop becomes +EVP_DecodeInit(....) +for (;;) + { + i=EVP_DecodeUpdate(....); + if (i < 0) goto err; + + /* process the data */ + + if (i == 0) break; + } +EVP_DecodeFinal(....); +/* process the data */ + +The problem in 'enc.c' is that I was stuff the processing up after the +EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of +base64 data) and this was because 'enc.c' tries to scan over a file until +it hits the first valid base64 encoded line. + +hope this helps a bit. +eric +-- +Eric Young | BOOL is tri-state according to Bill Gates. +AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage(). + + diff --git a/doc/conf.doc b/doc/conf.doc new file mode 100644 index 0000000000000000000000000000000000000000..f12fe884f570484927c53423ca05e84f78d5c390 --- /dev/null +++ b/doc/conf.doc @@ -0,0 +1,89 @@ +The CONF library. + +The CONF library is a simple set of routines that can be used to configure +programs. It is a superset of the genenv() function with some extra +structure. + +The library consists of 5 functions. + +LHASH *CONF_load(LHASH *config,char *file); +This function is called to load in a configuration file. Multiple +configuration files can be loaded, with each subsequent 'load' overwriting +any already defined 'variables'. If there is an error, NULL is returned. +If config is NULL, a new LHASH structure is created and returned, otherwise +the new data in the 'file' is loaded into the 'config' structure. + +void CONF_free(LHASH *config); +This function free()s the data in config. + +char *CONF_get_string(LHASH *config,char *section,char *name); +This function returns the string found in 'config' that corresponds to the +'section' and 'name' specified. Classes and the naming system used will be +discussed later in this document. If the variable is not defined, an NULL +is returned. + +long CONF_get_long(LHASH *config,char *section, char *name); +This function is the same as CONF_get_string() except that it converts the +string to an long and returns it. If variable is not a number or the +variable does not exist, 0 is returned. This is a little problematic but I +don't know of a simple way around it. + +STACK *CONF_get_section(LHASH *config, char *section); +This function returns a 'stack' of CONF_VALUE items that are all the +items defined in a particular section. DO NOT free() any of the +variable returned. They will disappear when CONF_free() is called. + +The 'lookup' model. +The configuration file is divided into 'sections'. Each section is started by +a line of the form '[ section ]'. All subsequent variable definitions are +of this section. A variable definition is a simple alpha-numeric name +followed by an '=' and then the data. A section or variable name can be +described by a regular expression of the following form '[A-Za-z0-9_]+'. +The value of the variable is the text after the '=' until the end of the +line, stripped of leading and trailing white space. +At this point I should mention that a '#' is a comment character, \ is the +escape character, and all three types of quote can be used to stop any +special interpretation of the data. +Now when the data is being loaded, variable expansion can occur. This is +done by expanding any $NAME sequences into the value represented by the +variable NAME. If the variable is not in the current section, the different +section can be specified by using the $SECTION::NAME form. The ${NAME} form +also works and is very useful for expanding variables inside strings. + +When a variable is looked up, there are 2 special section. 'default', which +is the initial section, and 'ENV' which is the processes environment +variables (accessed via getenv()). When a variable is looked up, it is +first 'matched' with it's section (if one was specified), if this fails, the +'default' section is matched. +If the 'lhash' variable passed was NULL, the environment is searched. + +Now why do we bother with sections? So we can have multiple programs using +the same configuration file, or multiple instances of the same program +using different variables. It also provides a nice mechanism to override +the processes environment variables (eg ENV::HOME=/tmp). If there is a +program specific variable missing, we can have default values. +Multiple configuration files can be loaded, with each new value clearing +any predefined values. A system config file can provide 'default' values, +and application/usr specific files can provide overriding values. + +Examples + +# This is a simple example +SSLEAY_HOME = /usr/local/ssl +ENV::PATH = $SSLEAY_HOME/bin:$PATH # override my path + +[X509] +cert_dir = $SSLEAY_HOME/certs # /usr/local/ssl/certs + +[SSL] +CIPHER = DES-EDE-MD5:RC4-MD5 +USER_CERT = $HOME/${USER}di'r 5' # /home/eay/eaydir 5 +USER_CERT = $HOME/\${USER}di\'r # /home/eay/${USER}di'r +USER_CERT = "$HOME/${US"ER}di\'r # $HOME/${USER}di'r + +TEST = 1234\ +5678\ +9ab # TEST=123456789ab +TTT = 1234\n\n # TTT=1234 + + diff --git a/doc/danger b/doc/danger new file mode 100644 index 0000000000000000000000000000000000000000..d71b1b748943c271c2996637727ce3ac430de938 --- /dev/null +++ b/doc/danger @@ -0,0 +1,8 @@ +If you specify a SSLv2 cipher, and the mode is SSLv23 and the server +can talk SSLv3, it will claim there is no cipher since you should be +using SSLv3. + +When tracing debug stuff, remember BIO_s_socket() is different to +BIO_s_connect(). + +BSD/OS assember is not working diff --git a/doc/des.doc b/doc/des.doc new file mode 100644 index 0000000000000000000000000000000000000000..1e301581296285aa5a27656f519584afdf411c64 --- /dev/null +++ b/doc/des.doc @@ -0,0 +1,505 @@ +The DES library. + +Please note that this library was originally written to operate with +eBones, a version of Kerberos that had had encryption removed when it left +the USA and then put back in. As such there are some routines that I will +advise not using but they are still in the library for historical reasons. +For all calls that have an 'input' and 'output' variables, they can be the +same. + +This library requires the inclusion of 'des.h'. + +All of the encryption functions take what is called a des_key_schedule as an +argument. A des_key_schedule is an expanded form of the des key. +A des_key is 8 bytes of odd parity, the type used to hold the key is a +des_cblock. A des_cblock is an array of 8 bytes, often in this library +description I will refer to input bytes when the function specifies +des_cblock's as input or output, this just means that the variable should +be a multiple of 8 bytes. + +The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to +specify decryption. The functions and global variable are as follows: + +int des_check_key; + DES keys are supposed to be odd parity. If this variable is set to + a non-zero value, des_set_key() will check that the key has odd + parity and is not one of the known weak DES keys. By default this + variable is turned off; + +void des_set_odd_parity( +des_cblock *key ); + This function takes a DES key (8 bytes) and sets the parity to odd. + +int des_is_weak_key( +des_cblock *key ); + This function returns a non-zero value if the DES key passed is a + weak, DES key. If it is a weak key, don't use it, try a different + one. If you are using 'random' keys, the chances of hitting a weak + key are 1/2^52 so it is probably not worth checking for them. + +int des_set_key( +des_cblock *key, +des_key_schedule schedule); + Des_set_key converts an 8 byte DES key into a des_key_schedule. + A des_key_schedule is an expanded form of the key which is used to + perform actual encryption. It can be regenerated from the DES key + so it only needs to be kept when encryption or decryption is about + to occur. Don't save or pass around des_key_schedule's since they + are CPU architecture dependent, DES keys are not. If des_check_key + is non zero, zero is returned if the key has the wrong parity or + the key is a weak key, else 1 is returned. + +int des_key_sched( +des_cblock *key, +des_key_schedule schedule); + An alternative name for des_set_key(). + +int des_rw_mode; /* defaults to DES_PCBC_MODE */ + This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). + This specifies the function to use in the enc_read() and enc_write() + functions. + +void des_encrypt( +unsigned long *data, +des_key_schedule ks, +int enc); + This is the DES encryption function that gets called by just about + every other DES routine in the library. You should not use this + function except to implement 'modes' of DES. I say this because the + functions that call this routine do the conversion from 'char *' to + long, and this needs to be done to make sure 'non-aligned' memory + access do not occur. The characters are loaded 'little endian', + have a look at my source code for more details on how I use this + function. + Data is a pointer to 2 unsigned long's and ks is the + des_key_schedule to use. enc, is non zero specifies encryption, + zero if decryption. + +void des_encrypt2( +unsigned long *data, +des_key_schedule ks, +int enc); + This functions is the same as des_encrypt() except that the DES + initial permutation (IP) and final permutation (FP) have been left + out. As for des_encrypt(), you should not use this function. + It is used by the routines in my library that implement triple DES. + IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same + as des_encrypt() des_encrypt() des_encrypt() except faster :-). + +void des_ecb_encrypt( +des_cblock *input, +des_cblock *output, +des_key_schedule ks, +int enc); + This is the basic Electronic Code Book form of DES, the most basic + form. Input is encrypted into output using the key represented by + ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise + decryption occurs. Input is 8 bytes long and output is 8 bytes. + (the des_cblock structure is 8 chars). + +void des_ecb3_encrypt( +des_cblock *input, +des_cblock *output, +des_key_schedule ks1, +des_key_schedule ks2, +des_key_schedule ks3, +int enc); + This is the 3 key EDE mode of ECB DES. What this means is that + the 8 bytes of input is encrypted with ks1, decrypted with ks2 and + then encrypted again with ks3, before being put into output; + C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() + that only takes 2 des_key_schedules that implements, + C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. + +void des_cbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule ks, +des_cblock *ivec, +int enc); + This routine implements DES in Cipher Block Chaining mode. + Input, which should be a multiple of 8 bytes is encrypted + (or decrypted) to output which will also be a multiple of 8 bytes. + The number of bytes is in length (and from what I've said above, + should be a multiple of 8). If length is not a multiple of 8, I'm + not being held responsible :-). ivec is the initialisation vector. + This function does not modify this variable. To correctly implement + cbc mode, you need to do one of 2 things; copy the last 8 bytes of + cipher text for use as the next ivec in your application, + or use des_ncbc_encrypt(). + Only this routine has this problem with updating the ivec, all + other routines that are implementing cbc mode update ivec. + +void des_ncbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule sk, +des_cblock *ivec, +int enc); + For historical reasons, des_cbc_encrypt() did not update the + ivec with the value requires so that subsequent calls to + des_cbc_encrypt() would 'chain'. This was needed so that the same + 'length' values would not need to be used when decrypting. + des_ncbc_encrypt() does the right thing. It is the same as + des_cbc_encrypt accept that ivec is updates with the correct value + to pass in subsequent calls to des_ncbc_encrypt(). I advise using + des_ncbc_encrypt() instead of des_cbc_encrypt(); + +void des_xcbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule sk, +des_cblock *ivec, +des_cblock *inw, +des_cblock *outw, +int enc); + This is RSA's DESX mode of DES. It uses inw and outw to + 'whiten' the encryption. inw and outw are secret (unlike the iv) + and are as such, part of the key. So the key is sort of 24 bytes. + This is much better than cbc des. + +void des_3cbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule sk1, +des_key_schedule sk2, +des_cblock *ivec1, +des_cblock *ivec2, +int enc); + This function is flawed, do not use it. I have left it in the + library because it is used in my des(1) program and will function + correctly when used by des(1). If I removed the function, people + could end up unable to decrypt files. + This routine implements outer triple cbc encryption using 2 ks and + 2 ivec's. Use des_ede2_cbc_encrypt() instead. + +void des_ede3_cbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule ks1, +des_key_schedule ks2, +des_key_schedule ks3, +des_cblock *ivec, +int enc); + This function implements inner triple CBC DES encryption with 3 + keys. What this means is that each 'DES' operation + inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). + Again, this is cbc mode so an ivec is requires. + This mode is used by SSL. + There is also a des_ede2_cbc_encrypt() that only uses 2 + des_key_schedule's, the first being reused for the final + encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES + is used by the RSAref library. + +void des_pcbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule ks, +des_cblock *ivec, +int enc); + This is Propagating Cipher Block Chaining mode of DES. It is used + by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). + +void des_cfb_encrypt( +unsigned char *in, +unsigned char *out, +int numbits, +long length, +des_key_schedule ks, +des_cblock *ivec, +int enc); + Cipher Feedback Back mode of DES. This implementation 'feeds back' + in numbit blocks. The input (and output) is in multiples of numbits + bits. numbits should to be a multiple of 8 bits. Length is the + number of bytes input. If numbits is not a multiple of 8 bits, + the extra bits in the bytes will be considered padding. So if + numbits is 12, for each 2 input bytes, the 4 high bits of the + second byte will be ignored. So to encode 72 bits when using + a numbits of 12 take 12 bytes. To encode 72 bits when using + numbits of 9 will take 16 bytes. To encode 80 bits when using + numbits of 16 will take 10 bytes. etc, etc. This padding will + apply to both input and output. + + +void des_cfb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +des_key_schedule ks, +des_cblock *ivec, +int *num, +int enc); + This is one of the more useful functions in this DES library, it + implements CFB mode of DES with 64bit feedback. Why is this + useful you ask? Because this routine will allow you to encrypt an + arbitrary number of bytes, no 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. num contains 'how far' we are though ivec. If this does + not make much sense, read more about cfb mode of DES :-). + +void des_ede3_cfb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +des_key_schedule ks1, +des_key_schedule ks2, +des_key_schedule ks3, +des_cblock *ivec, +int *num, +int enc); + Same as des_cfb64_encrypt() accept that the DES operation is + triple DES. As usual, there is a macro for + des_ede2_cfb64_encrypt() which reuses ks1. + +void des_ofb_encrypt( +unsigned char *in, +unsigned char *out, +int numbits, +long length, +des_key_schedule ks, +des_cblock *ivec); + This is a implementation of Output Feed Back mode of DES. It is + the same as des_cfb_encrypt() in that numbits is the size of the + units dealt with during input and output (in bits). + +void des_ofb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +des_key_schedule ks, +des_cblock *ivec, +int *num); + The same as des_cfb64_encrypt() except that it is Output Feed Back + mode. + +void des_ede3_ofb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +des_key_schedule ks1, +des_key_schedule ks2, +des_key_schedule ks3, +des_cblock *ivec, +int *num); + Same as des_ofb64_encrypt() accept that the DES operation is + triple DES. As usual, there is a macro for + des_ede2_ofb64_encrypt() which reuses ks1. + +int des_read_pw_string( +char *buf, +int length, +char *prompt, +int verify); + This routine is used to get a password from the terminal with echo + turned off. Buf is where the string will end up and length is the + size of buf. Prompt is a string presented to the 'user' and if + verify is set, the key is asked for twice and unless the 2 copies + match, an error is returned. A return code of -1 indicates a + system error, 1 failure due to use interaction, and 0 is success. + +unsigned long des_cbc_cksum( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule ks, +des_cblock *ivec); + This function produces an 8 byte checksum from input that it puts in + output and returns the last 4 bytes as a long. The checksum is + generated via cbc mode of DES in which only the last 8 byes are + kept. I would recommend not using this function but instead using + the EVP_Digest routines, or at least using MD5 or SHA. This + function is used by Kerberos v4 so that is why it stays in the + library. + +char *des_fcrypt( +const char *buf, +const char *salt +char *ret); + This is my fast version of the unix crypt(3) function. This version + takes only a small amount of space relative to other fast + crypt() implementations. This is different to the normal crypt + in that the third parameter is the buffer that the return value + is written into. It needs to be at least 14 bytes long. This + function is thread safe, unlike the normal crypt. + +char *crypt( +const char *buf, +const char *salt); + This function calls des_fcrypt() with a static array passed as the + third parameter. This emulates the normal non-thread safe semantics + of crypt(3). + +void des_string_to_key( +char *str, +des_cblock *key); + This function takes str and converts it into a DES key. I would + recommend using MD5 instead and use the first 8 bytes of output. + When I wrote the first version of these routines back in 1990, MD5 + did not exist but I feel these routines are still sound. This + routines is compatible with the one in MIT's libdes. + +void des_string_to_2keys( +char *str, +des_cblock *key1, +des_cblock *key2); + This function takes str and converts it into 2 DES keys. + I would recommend using MD5 and using the 16 bytes as the 2 keys. + I have nothing against these 2 'string_to_key' routines, it's just + that if you say that your encryption key is generated by using the + 16 bytes of an MD5 hash, every-one knows how you generated your + keys. + +int des_read_password( +des_cblock *key, +char *prompt, +int verify); + This routine combines des_read_pw_string() with des_string_to_key(). + +int des_read_2passwords( +des_cblock *key1, +des_cblock *key2, +char *prompt, +int verify); + This routine combines des_read_pw_string() with des_string_to_2key(). + +void des_random_seed( +des_cblock key); + This routine sets a starting point for des_random_key(). + +void des_random_key( +des_cblock ret); + This function return a random key. Make sure to 'seed' the random + number generator (with des_random_seed()) before using this function. + I personally now use a MD5 based random number system. + +int des_enc_read( +int fd, +char *buf, +int len, +des_key_schedule ks, +des_cblock *iv); + This function will write to a file descriptor the encrypted data + from buf. This data will be preceded by a 4 byte 'byte count' and + will be padded out to 8 bytes. The encryption is either CBC of + PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, + pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use + DES_PCBC_MODE. + +int des_enc_write( +int fd, +char *buf, +int len, +des_key_schedule ks, +des_cblock *iv); + This routines read stuff written by des_enc_read() and decrypts it. + I have used these routines quite a lot but I don't believe they are + suitable for non-blocking io. If you are after a full + authentication/encryption over networks, have a look at SSL instead. + +unsigned long des_quad_cksum( +des_cblock *input, +des_cblock *output, +long length, +int out_count, +des_cblock *seed); + This is a function from Kerberos v4 that is not anything to do with + DES but was needed. It is a cksum that is quicker to generate than + des_cbc_cksum(); I personally would use MD5 routines now. +===== +Modes of DES +Quite a bit of the following information has been taken from + AS 2805.5.2 + Australian Standard + Electronic funds transfer - Requirements for interfaces, + Part 5.2: Modes of operation for an n-bit block cipher algorithm + Appendix A + +There are several different modes in which DES can be used, they are +as follows. + +Electronic Codebook Mode (ECB) (des_ecb_encrypt()) +- 64 bits are enciphered at a time. +- The order of the blocks can be rearranged without detection. +- The same plaintext block always produces the same ciphertext block + (for the same key) making it vulnerable to a 'dictionary attack'. +- An error will only affect one ciphertext block. + +Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) +- a multiple of 64 bits are enciphered at a time. +- The CBC mode produces the same ciphertext whenever the same + plaintext is encrypted using the same key and starting variable. +- The chaining operation makes the ciphertext blocks dependent on the + current and all preceding plaintext blocks and therefore blocks can not + be rearranged. +- The use of different starting variables prevents the same plaintext + enciphering to the same ciphertext. +- An error will affect the current and the following ciphertext blocks. + +Cipher Feedback Mode (CFB) (des_cfb_encrypt()) +- a number of bits (j) <= 64 are enciphered at a time. +- The CFB mode produces the same ciphertext whenever the same + plaintext is encrypted using the same key and starting variable. +- The chaining operation makes the ciphertext variables dependent on the + current and all preceding variables and therefore j-bit variables are + chained together and can not be rearranged. +- The use of different starting variables prevents the same plaintext + enciphering to the same ciphertext. +- The strength of the CFB mode depends on the size of k (maximal if + j == k). In my implementation this is always the case. +- Selection of a small value for j will require more cycles through + the encipherment algorithm per unit of plaintext and thus cause + greater processing overheads. +- Only multiples of j bits can be enciphered. +- An error will affect the current and the following ciphertext variables. + +Output Feedback Mode (OFB) (des_ofb_encrypt()) +- a number of bits (j) <= 64 are enciphered at a time. +- The OFB mode produces the same ciphertext whenever the same + plaintext enciphered using the same key and starting variable. More + over, in the OFB mode the same key stream is produced when the same + key and start variable are used. Consequently, for security reasons + a specific start variable should be used only once for a given key. +- The absence of chaining makes the OFB more vulnerable to specific attacks. +- The use of different start variables values prevents the same + plaintext enciphering to the same ciphertext, by producing different + key streams. +- Selection of a small value for j will require more cycles through + the encipherment algorithm per unit of plaintext and thus cause + greater processing overheads. +- Only multiples of j bits can be enciphered. +- OFB mode of operation does not extend ciphertext errors in the + resultant plaintext output. Every bit error in the ciphertext causes + only one bit to be in error in the deciphered plaintext. +- OFB mode is not self-synchronising. If the two operation of + encipherment and decipherment get out of synchronism, the system needs + to be re-initialised. +- Each re-initialisation should use a value of the start variable + different from the start variable values used before with the same + key. The reason for this is that an identical bit stream would be + produced each time from the same parameters. This would be + susceptible to a ' known plaintext' attack. + +Triple ECB Mode (des_ecb3_encrypt()) +- Encrypt with key1, decrypt with key2 and encrypt with key3 again. +- As for ECB encryption but increases the key length to 168 bits. + There are theoretic attacks that can be used that make the effective + key length 112 bits, but this attack also requires 2^56 blocks of + memory, not very likely, even for the NSA. +- If both keys are the same it is equivalent to encrypting once with + just one key. +- If the first and last key are the same, the key length is 112 bits. + There are attacks that could reduce the key space to 55 bit's but it + requires 2^56 blocks of memory. +- If all 3 keys are the same, this is effectively the same as normal + ecb mode. + +Triple CBC Mode (des_ede3_cbc_encrypt()) +- Encrypt with key1, decrypt with key2 and then encrypt with key3. +- As for CBC encryption but increases the key length to 168 bits with + the same restrictions as for triple ecb mode. diff --git a/doc/digest.doc b/doc/digest.doc new file mode 100644 index 0000000000000000000000000000000000000000..d2fb9875911922eedd76f82a4497aa8c94fc3e19 --- /dev/null +++ b/doc/digest.doc @@ -0,0 +1,94 @@ + +The Message Digest subroutines. + +These routines require "evp.h" to be included. + +These functions are a higher level interface to the various message digest +routines found in this library. As such, they allow the same code to be +used to digest via different algorithms with only a change in an initial +parameter. They are basically just a front-end to the MD2, MD5, SHA +and SHA1 +routines. + +These routines all take a pointer to the following structure to specify +which message digest algorithm to use. +typedef struct evp_md_st + { + int type; + int pkey_type; + int md_size; + void (*init)(); + void (*update)(); + void (*final)(); + + int required_pkey_type; /*EVP_PKEY_xxx */ + int (*sign)(); + int (*verify)(); + } EVP_MD; + +If additional message digest algorithms are to be supported, a structure of +this type needs to be declared and populated and then the Digest routines +can be used with that algorithm. The type field is the object NID of the +digest type (read the section on Objects for an explanation). The pkey_type +is the Object type to use when the a message digest is generated by there +routines and then is to be signed with the pkey algorithm. Md_size is +the size of the message digest returned. Init, update +and final are the relevant functions to perform the message digest function +by parts. One reason for specifying the message digest to use via this +mechanism is that if you only use md5, only the md5 routines will +be included in you linked program. If you passed an integer +that specified which message digest to use, the routine that mapped that +integer to a set of message digest functions would cause all the message +digests functions to be link into the code. This setup also allows new +message digest functions to be added by the application. + +The six message digests defined in this library are + +EVP_MD *EVP_md2(void); /* RSA sign/verify */ +EVP_MD *EVP_md5(void); /* RSA sign/verify */ +EVP_MD *EVP_sha(void); /* RSA sign/verify */ +EVP_MD *EVP_sha1(void); /* RSA sign/verify */ +EVP_MD *EVP_dss(void); /* DSA sign/verify */ +EVP_MD *EVP_dss1(void); /* DSA sign/verify */ + +All the message digest routines take a EVP_MD_CTX pointer as an argument. +The state of the message digest is kept in this structure. + +typedef struct pem_md_ctx_st + { + EVP_MD *digest; + union { + unsigned char base[4]; /* this is used in my library as a + * 'pointer' to all union elements + * structures. */ + MD2_CTX md2; + MD5_CTX md5; + SHA_CTX sha; + } md; + } EVP_MD_CTX; + +The Digest functions are as follows. + +void EVP_DigestInit( +EVP_MD_CTX *ctx, +EVP_MD *type); + This function is used to initialise the EVP_MD_CTX. The message + digest that will associated with 'ctx' is specified by 'type'. + +void EVP_DigestUpdate( +EVP_MD_CTX *ctx, +unsigned char *data, +unsigned int cnt); + This function is used to pass more data to the message digest + function. 'cnt' bytes are digested from 'data'. + +void EVP_DigestFinal( +EVP_MD_CTX *ctx, +unsigned char *md, +unsigned int *len); + This function finishes the digestion and puts the message digest + into 'md'. The length of the message digest is put into len; + EVP_MAX_MD_SIZE is the size of the largest message digest that + can be returned from this function. Len can be NULL if the + size of the digest is not required. + diff --git a/doc/encode.doc b/doc/encode.doc new file mode 100644 index 0000000000000000000000000000000000000000..af1754928973d8295da77d041e563545e674301f --- /dev/null +++ b/doc/encode.doc @@ -0,0 +1,15 @@ + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, + int *outl,unsigned char *in,int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); +int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, unsigned + char *f, int n); + diff --git a/doc/envelope.doc b/doc/envelope.doc new file mode 100644 index 0000000000000000000000000000000000000000..483e4fca6b3b169613765c9e0148eb752c50c525 --- /dev/null +++ b/doc/envelope.doc @@ -0,0 +1,67 @@ +The following routines are use to create 'digital' envelopes. +By this I mean that they perform various 'higher' level cryptographic +functions. Have a read of 'cipher.doc' and 'digest.doc' since those +routines are used by these functions. +cipher.doc contains documentation about the cipher part of the +envelope library and digest.doc contatins the description of the +message digests supported. + +To 'sign' a document involves generating a message digest and then encrypting +the digest with an private key. + +#define EVP_SignInit(a,b) EVP_DigestInit(a,b) +#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +Due to the fact this operation is basically just an extended message +digest, the first 2 functions are macro calls to Digest generating +functions. + +int EVP_SignFinal( +EVP_MD_CTX *ctx, +unsigned char *md, +unsigned int *s, +EVP_PKEY *pkey); + This finalisation function finishes the generation of the message +digest and then encrypts the digest (with the correct message digest +object identifier) with the EVP_PKEY private key. 'ctx' is the message digest +context. 'md' will end up containing the encrypted message digest. This +array needs to be EVP_PKEY_size(pkey) bytes long. 's' will actually +contain the exact length. 'pkey' of course is the private key. It is +one of EVP_PKEY_RSA or EVP_PKEY_DSA type. +If there is an error, 0 is returned, otherwise 1. + +Verify is used to check an signed message digest. + +#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +Since the first step is to generate a message digest, the first 2 functions +are macros. + +int EVP_VerifyFinal( +EVP_MD_CTX *ctx, +unsigned char *md, +unsigned int s, +EVP_PKEY *pkey); + This function finishes the generation of the message digest and then +compares it with the supplied encrypted message digest. 'md' contains the +'s' bytes of encrypted message digest. 'pkey' is used to public key decrypt +the digest. It is then compared with the message digest just generated. +If they match, 1 is returned else 0. + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk); +Must have at least one public key, error is 0. I should also mention that +the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size. + +#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); + + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, + int ekl,unsigned char *iv,EVP_PKEY *priv); +0 on failure + +#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) + +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +Decrypt final return code + diff --git a/doc/error.doc b/doc/error.doc new file mode 100644 index 0000000000000000000000000000000000000000..a91654999ab848604adcc0fb78a21463fa9ac99a --- /dev/null +++ b/doc/error.doc @@ -0,0 +1,115 @@ +The error routines. + +The 'error' system I've implemented is intended to server 2 purpose, to +record the reason why a command failed and to record where in the libraries +the failure occurred. It is more or less setup to record a 'trace' of which +library components were being traversed when the error occurred. + +When an error is recorded, it is done so a as single unsigned long which is +composed of three parts. The top byte is the 'library' number, the middle +12 bytes is the function code, and the bottom 12 bits is the 'reason' code. + +Each 'library', or should a say, 'section' of the SSLeay library has a +different unique 'library' error number. Each function in the library has +a number that is unique for that library. Each 'library' also has a number +for each 'error reason' that is only unique for that 'library'. + +Due to the way these error routines record a 'error trace', there is an +array per thread that is used to store the error codes. +The various functions in this library are used to access +and manipulate this array. + +void ERR_put_error(int lib, int func,int reason); + This routine records an error in library 'lib', function 'func' +and reason 'reason'. As errors get 'put' into the buffer, they wrap +around and overwrite old errors if too many are written. It is assumed +that the last errors are the most important. + +unsigned long ERR_get_error(void ); + This function returns the last error added to the error buffer. +In effect it is popping the value off the buffer so repeated calls will +continue to return values until there are no more errors to return in which +case 0 is returned. + +unsigned long ERR_peek_error(void ); + This function returns the value of the last error added to the +error buffer but does not 'pop' it from the buffer. + +void ERR_clear_error(void ); + This function clears the error buffer, discarding all unread +errors. + +While the above described error system obviously produces lots of different +error number, a method for 'reporting' these errors in a human readable +form is required. To achieve this, each library has the option of +'registering' error strings. + +typedef struct ERR_string_data_st + { + unsigned long error; + char *string; + } ERR_STRING_DATA; + +The 'ERR_STRING_DATA' contains an error code and the corresponding text +string. To add new function error strings for a library, the +ERR_STRING_DATA needs to be 'registered' with the library. + +void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err); + This function 'registers' the array of ERR_STRING_DATA pointed to by +'err' as error text strings for the error library 'lib'. + +void ERR_free_strings(void); + This function free()s all the loaded error strings. + +char *ERR_error_string(unsigned long error,char *buf); + This function returns a text string that is a human readable +version of the error represented by 'error'. Buff should be at least 120 +bytes long and if it is NULL, the return value is a pointer to a static +variable that will contain the error string, otherwise 'buf' is returned. +If there is not a text string registered for a particular error, a text +string containing the error number is returned instead. + +void ERR_print_errors(BIO *bp); +void ERR_print_errors_fp(FILE *fp); + This function is a convenience routine that prints the error string +for each error until all errors have been accounted for. + +char *ERR_lib_error_string(unsigned long e); +char *ERR_func_error_string(unsigned long e); +char *ERR_reason_error_string(unsigned long e); +The above three functions return the 3 different components strings for the +error 'e'. ERR_error_string() uses these functions. + +void ERR_load_ERR_strings(void ); + This function 'registers' the error strings for the 'ERR' module. + +void ERR_load_crypto_strings(void ); + This function 'register' the error strings for just about every +library in the SSLeay package except for the SSL routines. There is no +need to ever register any error text strings and you will probably save in +program size. If on the other hand you do 'register' all errors, it is +quite easy to determine why a particular routine failed. + +As a final footnote as to why the error system is designed as it is. +1) I did not want a single 'global' error code. +2) I wanted to know which subroutine a failure occurred in. +3) For Windows NT etc, it should be simple to replace the 'key' routines + with code to pass error codes back to the application. +4) I wanted the option of meaningful error text strings. + +Late breaking news - the changes to support threads. + +Each 'thread' has an 'ERR_STATE' state associated with it. +ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling +thread/process. + +ERR_remove_state(unsigned long pid); will 'free()' this state. If pid == 0 +the current 'thread/process' will have it's error state removed. +If you do not remove the error state of a thread, this could be considered a +form of memory leak, so just after 'reaping' a thread that has died, +call ERR_remove_state(pid). + +Have a read of thread.doc for more details for what is required for +multi-threading support. All the other error routines will +work correctly when using threads. + diff --git a/doc/idea.doc b/doc/idea.doc new file mode 100644 index 0000000000000000000000000000000000000000..68a22a6cae93fe5d6b4116c97deda7bc5feb23df --- /dev/null +++ b/doc/idea.doc @@ -0,0 +1,176 @@ +The IDEA library. +IDEA is a block cipher that operates on 64bit (8 byte) quantities. It +uses a 128bit (16 byte) key. It can be used in all the modes that DES can +be used. This library implements the ecb, cbc, cfb64 and ofb64 modes. + +For all calls that have an 'input' and 'output' variables, they can be the +same. + +This library requires the inclusion of 'idea.h'. + +All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an +argument. An IDEA_KEY_SCHEDULE is an expanded form of the idea key. +For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for +decryption is different to the one used for encryption. + +The define IDEA_ENCRYPT is passed to specify encryption for the functions +that require an encryption/decryption flag. IDEA_DECRYPT is passed to +specify decryption. For some mode there is no encryption/decryption +flag since this is determined by the IDEA_KEY_SCHEDULE. + +So to encrypt you would do the following +idea_set_encrypt_key(key,encrypt_ks); +idea_ecb_encrypt(...,encrypt_ks); +idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT); + +To Decrypt +idea_set_encrypt_key(key,encrypt_ks); +idea_set_decrypt_key(encrypt_ks,decrypt_ks); +idea_ecb_encrypt(...,decrypt_ks); +idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT); + +Please note that any of the encryption modes specified in my DES library +could be used with IDEA. I have only implemented ecb, cbc, cfb64 and +ofb64 for the following reasons. +- ecb is the basic IDEA encryption. +- cbc is the normal 'chaining' form for block ciphers. +- cfb64 can be used to encrypt single characters, therefore input and output + do not need to be a multiple of 8. +- ofb64 is similar to cfb64 but is more like a stream cipher, not as + secure (not cipher feedback) but it does not have an encrypt/decrypt mode. +- If you want triple IDEA, thats 384 bits of key and you must be totally + obsessed with security. Still, if you want it, it is simple enough to + copy the function from the DES library and change the des_encrypt to + idea_encrypt; an exercise left for the paranoid reader :-). + +The functions are as follows: + +void idea_set_encrypt_key( +unsigned char *key; +IDEA_KEY_SCHEDULE *ks); + idea_set_encrypt_key converts a 16 byte IDEA key into an + IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of + the key which can be used to perform IDEA encryption. + An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to + perform actual encryption. It can be regenerated from the IDEA key + so it only needs to be kept when encryption is about + to occur. Don't save or pass around IDEA_KEY_SCHEDULE's since they + are CPU architecture dependent, IDEA keys are not. + +void idea_set_decrypt_key( +IDEA_KEY_SCHEDULE *encrypt_ks, +IDEA_KEY_SCHEDULE *decrypt_ks); + This functions converts an encryption IDEA_KEY_SCHEDULE into a + decryption IDEA_KEY_SCHEDULE. For all decryption, this conversion + of the key must be done. In some modes of IDEA, an + encryption/decryption flag is also required, this is because these + functions involve block chaining and the way this is done changes + depending on which of encryption of decryption is being done. + Please note that there is no quick way to generate the decryption + key schedule other than generating the encryption key schedule and + then converting it. + +void idea_encrypt( +unsigned long *data, +IDEA_KEY_SCHEDULE *ks); + This is the IDEA encryption function that gets called by just about + every other IDEA routine in the library. You should not use this + function except to implement 'modes' of IDEA. I say this because the + functions that call this routine do the conversion from 'char *' to + long, and this needs to be done to make sure 'non-aligned' memory + access do not occur. + Data is a pointer to 2 unsigned long's and ks is the + IDEA_KEY_SCHEDULE to use. Encryption or decryption depends on the + IDEA_KEY_SCHEDULE. + +void idea_ecb_encrypt( +unsigned char *input, +unsigned char *output, +IDEA_KEY_SCHEDULE *ks); + This is the basic Electronic Code Book form of IDEA (in DES this + mode is called Electronic Code Book so I'm going to use the term + for idea as well :-). + Input is encrypted into output using the key represented by + ks. Depending on the IDEA_KEY_SCHEDULE, encryption or + decryption occurs. Input is 8 bytes long and output is 8 bytes. + +void idea_cbc_encrypt( +unsigned char *input, +unsigned char *output, +long length, +IDEA_KEY_SCHEDULE *ks, +unsigned char *ivec, +int enc); + This routine implements IDEA in Cipher Block Chaining mode. + Input, which should be a multiple of 8 bytes is encrypted + (or decrypted) to output which will also be a multiple of 8 bytes. + The number of bytes is in length (and from what I've said above, + should be a multiple of 8). If length is not a multiple of 8, bad + things will probably happen. ivec is the initialisation vector. + This function updates iv after each call so that it can be passed to + the next call to idea_cbc_encrypt(). + +void idea_cfb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +des_key_schedule ks, +des_cblock *ivec, +int *num, +int enc); + This is one of the more useful functions in this IDEA library, it + implements CFB mode of IDEA with 64bit feedback. + This allows you to encrypt an arbitrary number of bytes, + you do not require 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. Num contains 'how far' we are though ivec. + Enc is used to indicate encryption or decryption. + One very important thing to remember is that when decrypting, use + the encryption form of the key. + CFB64 mode operates by using the cipher to + generate a stream of bytes which is used to encrypt the plain text. + The cipher text is then encrypted to generate the next 64 bits to + be xored (incrementally) with the next 64 bits of plain + text. As can be seen from this, to encrypt or decrypt, + the same 'cipher stream' needs to be generated but the way the next + block of data is gathered for encryption is different for + encryption and decryption. What this means is that to encrypt + idea_set_encrypt_key(key,ks); + idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT) + do decrypt + idea_set_encrypt_key(key,ks) + idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT) + Note: The same IDEA_KEY_SCHEDULE but different encryption flags. + For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be + used to generate the IDEA_KEY_SCHEDULE for decryption. + The reason I'm stressing this point is that I just wasted 3 hours + today trying to decrypt using this mode and the decryption form of + the key :-(. + +void idea_ofb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +des_key_schedule ks, +des_cblock *ivec, +int *num); + This functions implements OFB mode of IDEA with 64bit feedback. + This allows you to encrypt an arbitrary number of bytes, + you do not require 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. Num contains 'how far' we are though ivec. + This is in effect a stream cipher, there is no encryption or + decryption mode. The same key and iv should be used to + encrypt and decrypt. + +For reading passwords, I suggest using des_read_pw_string() from my DES library. +To generate a password from a text string, I suggest using MD5 (or MD2) to +produce a 16 byte message digest that can then be passed directly to +idea_set_encrypt_key(). + +===== +For more information about the specific IDEA modes in this library +(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the +documentation on my DES library. What is said about DES is directly +applicable for IDEA. + diff --git a/doc/legal.doc b/doc/legal.doc new file mode 100644 index 0000000000000000000000000000000000000000..b55ed5ce6a2cbabc55d68f88ef7a197e0405c2cc --- /dev/null +++ b/doc/legal.doc @@ -0,0 +1,117 @@ +From eay@mincom.com Thu Jun 27 00:25:45 1996 +Received: by orb.mincom.oz.au id AA15821 + (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000 +Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST) +From: Eric Young +X-Sender: eay@orb +To: Ken Toll +Cc: Eric Young , ssl-talk@netscape.com +Subject: Re: Unidentified subject! +In-Reply-To: <9606261950.ZM28943@ren.digitalage.com> +Message-Id: +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Status: O +X-Status: + + +This is a little off topic but since SSLeay is a free implementation of +the SSLv2 protocol, I feel it is worth responding on the topic of if it +is actually legal for Americans to use free cryptographic software. + +On Wed, 26 Jun 1996, Ken Toll wrote: +> Is the U.S the only country that SSLeay cannot be used commercially +> (because of RSAref) or is that going to be an issue with every country +> that a client/server application (non-web browser/server) is deployed +> and sold? + +>From what I understand, the software patents that apply to algorithms +like RSA and DH only apply in the USA. The IDEA algorithm I believe is +patened in europe (USA?), but considing how little it is used by other SSL +implementations, it quite easily be left out of the SSLeay build +(this can be done with a compile flag). + +Actually if the RSA patent did apply outside the USA, it could be rather +interesting since RSA is not alowed to let RSA toolkits outside of the USA +[1], and since these are the only forms that they will alow the algorithm +to be used in, it would mean that non-one outside of the USA could produce +public key software which would be a very strong statment for +international patent law to make :-). This logic is a little flawed but +it still points out some of the more interesting permutations of USA +patent law and ITAR restrictions. + +Inside the USA there is also the unresolved issue of RC4/RC2 which were +made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have +copies of the origional postings if people are interested. RSA I believe +claim that they were 'trade-secrets' and that some-one broke an NDA in +revealing them. Other claim they reverse engineered the algorithms from +compiled binaries. If the algorithms were reverse engineered, I belive +RSA had no legal leg to stand on. If an NDA was broken, I don't know. +Regardless, RSA, I belive, is willing to go to court over the issue so +licencing is probably the best idea, or at least talk to them. +If there are people who actually know more about this, pease let me know, I +don't want to vilify or spread miss-information if I can help it. + +If you are not producing a web browser, it is easy to build SSLeay with +RC2/RC4 removed. Since RC4 is the defacto standard cipher in +all web software (and it is damn fast) it is more or less required for +www use. For non www use of SSL, especially for an application where +interoperability with other vendors is not critical just leave it out. + +Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but +they should be ok. Considing that Triple DES can encrypt at rates of +410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite +reasonable performance. Single DES clocks in at 1160k/s and 2467k/s +respectivly is actually quite fast for those not so paranoid (56 bit key).[1] + +> Is it possible to get a certificate for commercial use outside of the U.S.? +yes. + +Thawte Consulting issues certificates (they are the people who sell the + Sioux httpd server and are based in South Africa) +Verisign will issue certificates for Sioux (sold from South Africa), so this + proves that they will issue certificate for OS use if they are + happy with the quality of the software. + +(The above mentioned companies just the ones that I know for sure are issuing + certificates outside the USA). + +There is always the point that if you are using SSL for an intra net, +SSLeay provides programs that can be used so you can issue your own +certificates. They need polishing but at least it is a good starting point. + +I am not doing anything outside Australian law by implementing these +algorithms (to the best of my knowedge). It is another example of how +the world legal system does not cope with the internet very well. + +I may start making shared libraries available (I have now got DLL's for +Windows). This will mean that distributions into the usa could be +shipped with a version with a reduced cipher set and the versions outside +could use the DLL/shared library with all the ciphers (and without RSAref). + +This could be completly hidden from the application, so this would not +even require a re-linking. + +This is the reverse of what people were talking about doing to get around +USA export regulations :-) + +eric + +[1]: The RSAref2.0 tookit is available on at least 3 ftp sites in Europe + and one in South Africa. + +[2]: Since I always get questions when I post benchmark numbers :-), + DES performace figures are in 1000's of bytes per second in cbc + mode using an 8192 byte buffer. The pentium 100 was running Windows NT + 3.51 DLLs and the 686/200 was running NextStep. + I quote pentium 100 benchmarks because it is basically the + 'entry level' computer that most people buy for personal use. + Windows 95 is the OS shipping on those boxes, so I'll give + NT numbers (the same Win32 runtime environment). The 686 + numbers are present as an indication of where we will be in a + few years. +-- +Eric Young | BOOL is tri-state according to Bill Gates. +AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage(). + + diff --git a/doc/lhash.doc b/doc/lhash.doc new file mode 100644 index 0000000000000000000000000000000000000000..5a2aeb4b38ba48163015e009d475014e26f6b21d --- /dev/null +++ b/doc/lhash.doc @@ -0,0 +1,151 @@ +The LHASH library. + +I wrote this library in 1991 and have since forgotten why I called it lhash. +It implements a hash table from an article I read at the +time from 'Communications of the ACM'. What makes this hash +table different is that as the table fills, the hash table is +increased (or decreased) in size via realloc(). +When a 'resize' is done, instead of all hashes being redistributed over +twice as many 'buckets', one bucket is split. So when an 'expand' is done, +there is only a minimal cost to redistribute some values. Subsequent +inserts will cause more single 'bucket' redistributions but there will +never be a sudden large cost due to redistributing all the 'buckets'. + +The state for a particular hash table is kept in the LHASH structure. +The LHASH structure also records statistics about most aspects of accessing +the hash table. This is mostly a legacy of my writing this library for +the reasons of implementing what looked like a nice algorithm rather than +for a particular software product. + +Internal stuff you probably don't want to know about. +The decision to increase or decrease the hash table size is made depending +on the 'load' of the hash table. The load is the number of items in the +hash table divided by the size of the hash table. The default values are +as follows. If (hash->up_load < load) => expand. +if (hash->down_load > load) => contract. The 'up_load' has a default value of +1 and 'down_load' has a default value of 2. These numbers can be modified +by the application by just playing with the 'up_load' and 'down_load' +variables. The 'load' is kept in a form which is multiplied by 256. So +hash->up_load=8*256; will cause a load of 8 to be set. + +If you are interested in performance the field to watch is +num_comp_calls. The hash library keeps track of the 'hash' value for +each item so when a lookup is done, the 'hashes' are compared, if +there is a match, then a full compare is done, and +hash->num_comp_calls is incremented. If num_comp_calls is not equal +to num_delete plus num_retrieve it means that your hash function is +generating hashes that are the same for different values. It is +probably worth changing your hash function if this is the case because +even if your hash table has 10 items in a 'bucked', it can be searched +with 10 'unsigned long' compares and 10 linked list traverses. This +will be much less expensive that 10 calls to you compare function. + +LHASH *lh_new( +unsigned long (*hash)(), +int (*cmp)()); + This function is used to create a new LHASH structure. It is passed + function pointers that are used to store and retrieve values passed + into the hash table. The 'hash' + function is a hashing function that will return a hashed value of + it's passed structure. 'cmp' is passed 2 parameters, it returns 0 + is they are equal, otherwise, non zero. + If there are any problems (usually malloc failures), NULL is + returned, otherwise a new LHASH structure is returned. The + hash value is normally truncated to a power of 2, so make sure + that your hash function returns well mixed low order bits. + +void lh_free( +LHASH *lh); + This function free()s a LHASH structure. If there is malloced + data in the hash table, it will not be freed. Consider using the + lh_doall function to deallocate any remaining entries in the hash + table. + +char *lh_insert( +LHASH *lh, +char *data); + This function inserts the data pointed to by data into the lh hash + table. If there is already and entry in the hash table entry, the + value being replaced is returned. A NULL is returned if the new + entry does not clash with an entry already in the table (the normal + case) or on a malloc() failure (perhaps I should change this....). + The 'char *data' is exactly what is passed to the hash and + comparison functions specified in lh_new(). + +char *lh_delete( +LHASH *lh, +char *data); + This routine deletes an entry from the hash table. The value being + deleted is returned. NULL is returned if there is no such value in + the hash table. + +char *lh_retrieve( +LHASH *lh, +char *data); + If 'data' is in the hash table it is returned, else NULL is + returned. The way these routines would normally be uses is that a + dummy structure would have key fields populated and then + ret=lh_retrieve(hash,&dummy);. Ret would now be a pointer to a fully + populated structure. + +void lh_doall( +LHASH *lh, +void (*func)(char *a)); + This function will, for every entry in the hash table, call function + 'func' with the data item as parameters. + This function can be quite useful when used as follows. + void cleanup(STUFF *a) + { STUFF_free(a); } + lh_doall(hash,cleanup); + lh_free(hash); + This can be used to free all the entries, lh_free() then + cleans up the 'buckets' that point to nothing. Be careful + when doing this. If you delete entries from the hash table, + in the call back function, the table may decrease in size, + moving item that you are + currently on down lower in the hash table. This could cause + some entries to be skipped. The best solution to this problem + is to set lh->down_load=0 before you start. This will stop + the hash table ever being decreased in size. + +void lh_doall_arg( +LHASH *lh; +void(*func)(char *a,char *arg)); +char *arg; + This function is the same as lh_doall except that the function + called will be passed 'arg' as the second argument. + +unsigned long lh_strhash( +char *c); + This function is a demo string hashing function. Since the LHASH + routines would normally be passed structures, this routine would + not normally be passed to lh_new(), rather it would be used in the + function passed to lh_new(). + +The next three routines print out various statistics about the state of the +passed hash table. These numbers are all kept in the lhash structure. + +void lh_stats( +LHASH *lh, +FILE *out); + This function prints out statistics on the size of the hash table, + how many entries are in it, and the number and result of calls to + the routines in this library. + +void lh_node_stats( +LHASH *lh, +FILE *out); + For each 'bucket' in the hash table, the number of entries is + printed. + +void lh_node_usage_stats( +LHASH *lh, +FILE *out); + This function prints out a short summary of the state of the hash + table. It prints what I call the 'load' and the 'actual load'. + The load is the average number of data items per 'bucket' in the + hash table. The 'actual load' is the average number of items per + 'bucket', but only for buckets which contain entries. So the + 'actual load' is the average number of searches that will need to + find an item in the hash table, while the 'load' is the average number + that will be done to record a miss. diff --git a/doc/md2.doc b/doc/md2.doc new file mode 100644 index 0000000000000000000000000000000000000000..b106bc675d8dcbe638d615f0afa282bd206a184f --- /dev/null +++ b/doc/md2.doc @@ -0,0 +1,49 @@ +The MD2 library. +MD2 is a message digest algorithm that can be used to condense an arbitrary +length message down to a 16 byte hash. The functions all need to be passed +a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update() +function calls. The normal method of use for this library is as follows + +MD2_Init(...); +MD2_Update(...); +... +MD2_Update(...); +MD2_Final(...); + +This library requires the inclusion of 'md2.h'. + +The main negative about MD2 is that it is slow, especially when compared +to MD5. + +The functions are as follows: + +void MD2_Init( +MD2_CTX *c); + This function needs to be called to initiate a MD2_CTX structure for + use. + +void MD2_Update( +MD2_CTX *c; +unsigned char *data; +unsigned long len); + This updates the message digest context being generated with 'len' + bytes from the 'data' pointer. The number of bytes can be any + length. + +void MD2_Final( +unsigned char *md; +MD2_CTX *c; + This function is called when a message digest of the data digested + with MD2_Update() is wanted. The message digest is put in the 'md' + array and is MD2_DIGEST_LENGTH (16) bytes long. + +unsigned char *MD2( +unsigned long n; +unsigned char *d; +unsigned char *md; + This function performs a MD2_Init(), followed by a MD2_Update() + followed by a MD2_Final() (using a local MD2_CTX). + The resulting digest is put into 'md' if it is not NULL. + Regardless of the value of 'md', the message + digest is returned from the function. If 'md' was NULL, the message + digest returned is being stored in a static structure. diff --git a/doc/md5.doc b/doc/md5.doc new file mode 100644 index 0000000000000000000000000000000000000000..519dbdc61a46e3124c1e1b4dab91c30355fd0286 --- /dev/null +++ b/doc/md5.doc @@ -0,0 +1,50 @@ +The MD5 library. +MD5 is a message digest algorithm that can be used to condense an arbitrary +length message down to a 16 byte hash. The functions all need to be passed +a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update() +function calls. This library also contains random number routines that are +based on MD5 + +The normal method of use for this library is as follows + +MD5_Init(...); +MD5_Update(...); +... +MD5_Update(...); +MD5_Final(...); + +This library requires the inclusion of 'md5.h'. + +The functions are as follows: + +void MD5_Init( +MD5_CTX *c); + This function needs to be called to initiate a MD5_CTX structure for + use. + +void MD5_Update( +MD5_CTX *c; +unsigned char *data; +unsigned long len); + This updates the message digest context being generated with 'len' + bytes from the 'data' pointer. The number of bytes can be any + length. + +void MD5_Final( +unsigned char *md; +MD5_CTX *c; + This function is called when a message digest of the data digested + with MD5_Update() is wanted. The message digest is put in the 'md' + array and is MD5_DIGEST_LENGTH (16) bytes long. + +unsigned char *MD5( +unsigned char *d; +unsigned long n; +unsigned char *md; + This function performs a MD5_Init(), followed by a MD5_Update() + followed by a MD5_Final() (using a local MD5_CTX). + The resulting digest is put into 'md' if it is not NULL. + Regardless of the value of 'md', the message + digest is returned from the function. If 'md' was NULL, the message + digest returned is being stored in a static structure. + diff --git a/doc/memory.doc b/doc/memory.doc new file mode 100644 index 0000000000000000000000000000000000000000..b9aa33ace0b431e641b75f14b79cc30d9cdb9cd2 --- /dev/null +++ b/doc/memory.doc @@ -0,0 +1,27 @@ +In the interests of debugging SSLeay, there is an option to compile +using some simple memory leak checking. + +All malloc(), free() and realloc() calls in SSLeay now go via +Malloc(), Free() and Realloc() (except those in crypto/lhash). + +If CRYPTO_MDEBUG is defined, these calls are #defined to +CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc(). +If it is not defined, they are #defined to malloc(), free() and realloc(). + +the CRYPTO_malloc() routines by default just call the underlying library +functons. + +If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is +turned on. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off. + +When turned on, each Malloc() or Realloc() call is recored along with the file +and line number from where the call was made. (This is done using the +lhash library which always uses normal system malloc(3) routines). + +void CRYPTO_mem_leaks(BIO *b); +void CRYPTO_mem_leaks_fp(FILE *fp); +These both print out the list of memory that has not been free()ed. +This will probably be rather hard to read, but if you look for the 'top level' +structure allocation, this will often give an idea as to what is not being +free()ed. I don't expect people to use this stuff normally. + diff --git a/doc/ms3-ca.doc b/doc/ms3-ca.doc new file mode 100644 index 0000000000000000000000000000000000000000..f8350aadc2de0e3a987a90f87cca484d67b7f609 --- /dev/null +++ b/doc/ms3-ca.doc @@ -0,0 +1,398 @@ +Date: Mon, 9 Jun 97 08:00:33 +0200 +From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif) +Subject: ms3-ca.doc +Organization: TU Ilmenau, Fak. IA, FG Telematik +Content-Length: 14575 +Status: RO +X-Status: + +Loading client certs into MSIE 3.01 +=================================== + +This document conatains all the information necessary to succesfully set up +some scripts to issue client certs to Microsoft Internet Explorer. It +includes the required knowledge about the model MSIE uses for client +certification and includes complete sample scripts ready to play with. The +scripts were tested against a modified ca program of SSLeay 0.6.6 and should +work with the regular ca program that comes with version 0.8.0. I haven't +tested against MSIE 4.0 + +You can use the information contained in this document in either way you +want. However if you feel it saved you a lot of time I ask you to be as fair +as to mention my name: Holger Reif . + +1.) The model used by MSIE +-------------------------- + +The Internet Explorer doesn't come with a embedded engine for installing +client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) +defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together +with Internet Explorer since 3.01. The advantage of this approach is a higher +flexibility because the certificates in the (per user) system open +certificate store may be used by other applications as well. The drawback +however is that you need to do a bit more work to get a client cert issued. + +CAPI defines functions which will handle basic cryptographic work, eg. +generating keys, encrypting some data, signing text or building a certificate +request. The procedure is as follows: A CAPI function generates you a key +pair and saves it into the certificate store. After that one builds a +Distinguished Name. Together with that key pair another CAPI function forms a +PKCS#10 request which you somehow need to submit to a CA. Finally the issued +cert is given to a yet another CAPI function which saves it into the +certificate store. + +The certificate store with the user's keys and certs is in the registry. You +will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I +leave it to you as a little exercise to figure out what all the entries mean +;-). Note that the keys are protected only with the user's usual Windows +login password. + +2.) The practical usage +----------------------- + +Unfortunatly since CAPI is a system API you can't access its functions from +HTML code directly. For this purpose Microsoft provides a wrapper called +certenr3.dll. This DLL accesses the CAPI functions and provides an interface +usable from Visual Basic Script. One needs to install that library on the +computer which wants to have client cert. The easiest way is to load it as an +ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If +you have ever enrolled e cert request at a CA you will have installed it. + +At time of writing certenr3.dll is contained in +http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes +with an README file which explains the available functions. It is labeled +beta but every CA seems to use it anyway. The license.txt allows you the +usage for your own purposes (as far as I understood) and a somehow limited +distribution. + +The two functions of main interest are GenerateKeyPair and AcceptCredentials. +For complete explanation of all possible parameters see the README file. Here +are only minimal required parameters and their values. + +GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1) +- sessionID is a (locally to that computer) unique string to correlate the +generated key pair with a cert installed later. +- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger +Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the +abreviation for StateOrProvince. The recognized abreviation include CN, O, C, +OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) +you need to use the full object identifier. The starting point for searching +them could be crypto/objects.h since all OIDs know to SSLeay are listed +there. +- note: the possible ninth parameter which should give a default name to the +certificate storage location doesn't seem to work. Changes to the constant +values in the call above doesn't seem to make sense. You can't generate +PKCS#10 extensions with that function. + +The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However +it has a little strange format that SSLeay doesn't accept. (BTW I feel the +decision of rejecting that format as standard conforming.) It looks like +follows: + 1st line with 76 chars + 2nd line with 76 chars + ... + (n-2)th line with 76 chars + (n-1)th line contains a multiple of 4 chars less then 76 (possible +empty) + (n)th line has zero or 4 chars (then with 1 or 2 equal signs - the + original text's lenght wasn'T a multiple of 3) + The line separator has two chars: 0x0d 0x0a + +AcceptCredentials(sessionID, credentials, 0, FALSE) +- sessionID needs to be the same as while generating the key pair +- credentials is the base64 encoded PKCS#7 object containing the cert. + +CRL's and CA certs are not required simply just the client cert. (It seems to +me that both are not even checked somehow.) The only format of the base64 +encoded object I succesfully used was all characters in a very long string +without line feeds or carriage returns. (Hey, it doesn't matter, only a +computer reads it!) + +The result should be S_OK. For error handling see the example that comes with +certenr3.dll. + +A note about ASN.1 character encodings. certenr3.dll seems to know only about +2 of them: UniversalString and PrintableString. First it is definitely wrong +for an email address which is IA5STRING (checked by ssleay's ca). Second +unfortunately MSIE (at least until version 3.02) can't handle UniversalString +correctly - they just blow up you cert store! Therefore ssleay's ca (starting +from version 0.8.0) tries to convert the encodings automatically to IA5STRING +or TeletexString. The beef is it will work only for the latin-1 (western) +charset. Microsoft still has to do abit of homework... + +3.) An example +-------------- + +At least you need two steps: generating the key & request and then installing +the certificate. A real world CA would have some more steps involved, eg. +accepting some license. Note that both scripts shown below are just +experimental state without any warrenty! + +First how to generate a request. Note that we can't use a static page because +of the sessionID. I generate it from system time plus pid and hope it is +unique enough. Your are free to feed it through md5 to get more impressive +ID's ;-) Then the intended text is read in with sed which inserts the +sessionID. + +-----BEGIN ms-enroll.cgi----- +#!/bin/sh +SESSION_ID=`date '+%y%m%d%H%M%S'`$$ +echo Content-type: text/html +echo +sed s/template_for_sessId/$SESSION_ID/ < +Certificate Enrollment Test Page + + + + + +
+

enrollment for a personal cert

+


+

+ + + + + + + + + + + + +
Country
State
Location
Organization
Organizational Unit
Name
eMail Address
+ + +
+


+

+ + + + +EOF +-----END ms-enroll.cgi----- + +Second, how to extract the request and feed the certificate back? We need to +"normalize" the base64 encoding of the PKCS#10 format which means +regenerating the lines and wrapping with BEGIN and END line. This is done by +gawk. The request is taken by ca the normal way. Then the cert needs to be +packed into a PKCS#7 structure (note: the use of a CRL is necessary for +crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be +ommited). Finally we need to format the PKCS#7 object and generate the HTML +text. I use two templates to have a clearer script. + +1st note: postit2 is slightly modified from a program I found at ncsa's ftp +site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You +need utils.c from there too. + +2nd note: I'm note quite sure wether the gawk script really handles all +possible inputs for the request right! Today I don't use this construction +anymore myself. + +3d note: the cert must be of version 3! This could be done with the nsComment +line in ssleay.cnf... + +------BEGIN ms-gencert.cgi----- +#!/bin/sh +FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$ +rm -f "$FILE".* + +HOME=`pwd`; export HOME # as ssleay.cnf insists on having such an env var +cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located + +postit2 -s " " -i 0x0d > "$FILE".inp # process the FORM vars + +SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp` + +gawk \ + 'BEGIN { \ + OFS = ""; \ + print "-----BEGIN CERTIFICATE REQUEST-----"; \ + req_seen=0 \ + } \ + $1 == "Request" { \ + req_seen=1; \ + if (length($2) == 72) print($2); \ + lastline=$2; \ + next; \ + } \ + { \ + if (req_seen == 1) { \ + if (length($1) >= 72) print($1); \ + else if (length(lastline) < 72) { \ + req_seen=0; \ + print (lastline,$1); \ + } \ + lastline=$1; \ + } \ + } \ + END { \ + print "-----END CERTIFICATE REQUEST-----"; \ + }' > "$FILE".pem < "$FILE".inp + +ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out +ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem + +sed s/template_for_sessId/$SESSION_ID/ "$FILE".cert +/usr/local/bin/gawk \ + 'BEGIN { \ + OFS = ""; \ + dq = sprintf("%c",34); \ + } \ + $0 ~ "PKCS7" { next; } \ + { \ + print dq$0dq" & _"; \ + }' <"$FILE".pkcs7 >> "$FILE".cert +cat ms-enroll2b.html >>"$FILE".cert + +echo Content-type: text/html +echo Content-length: `wc -c "$FILE".cert` +echo +cat "$FILE".cert +rm -f "$FILE".* +-----END ms-gencert.cgi----- + +----BEGIN ms-enroll2a.html---- +Certificate Acceptance Test Page + + + + +
+

Your personal certificate

+


+Press the button! +

+

+


+ + + + +----END ms-enroll2b.html---- + +4.) What do do with the cert? +----------------------------- + +The cert is visible (without restarting MSIE) under the following menu: +View->Options->Security->Personal certs. You can examine it's contents at +least partially. + +To use it for client authentication you need to use SSL3.0 (fortunately +SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a +kind of automatic selection of certs (I personally wasn't able to test it +myself). But there is a requirement that the issuer of the server cert and +the issuer of the client cert needs to be the same (according to a developer +from MS). Which means: you need may more then one cert to talk to all +servers... + +I'm sure we will get a bit more experience after ApacheSSL is available for +SSLeay 0.8.8. + + +I hope you enjoyed reading and that in future questions on this topic will +rarely appear on ssl-users@moncom.com ;-) + +Ilmenau, 9th of June 1997 +Holger Reif +-- +read you later - Holger Reif +---------------------------------------- Signaturprojekt Deutsche Einheit +TU Ilmenau - Informatik - Telematik (Verdamp lang her) +Holger.Reif@PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber +http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen + diff --git a/doc/ns-ca.doc b/doc/ns-ca.doc new file mode 100644 index 0000000000000000000000000000000000000000..836883e1a0fa9709c793324fbf3351b00529ab92 --- /dev/null +++ b/doc/ns-ca.doc @@ -0,0 +1,154 @@ +The following documentation was supplied by Jeff Barber, who provided the +patch to the CA program to add this functionality. + +eric +-- +Jeff Barber Email: jeffb@issl.atl.hp.com + +Hewlett Packard Phone: (404) 648-9503 +Internet and System Security Lab Fax: (404) 648-9516 + + oo +---------------------cut /\ here for ns-ca.doc ------------------------------ + +This document briefly describes how to use SSLeay to implement a +certificate authority capable of dynamically serving up client +certificates for version 3.0 beta 5 (and presumably later) versions of +the Netscape Navigator. Before describing how this is done, it's +important to understand a little about how the browser implements its +client certificate support. This is documented in some detail in the +URLs based at . +Here's a brief overview: + +- The Navigator supports a new HTML tag "KEYGEN" which will cause + the browser to generate an RSA key pair when you submit a form + containing the tag. The public key, along with an optional + challenge (supposedly provided for use in certificate revocation + but I don't use it) is signed, DER-encoded, base-64 encoded + and sent to the web server as the value of the variable + whose NAME is provided in the KEYGEN tag. The private key is + stored by the browser in a local key database. + + This "Signed Public Key And Challenge" (SPKAC) arrives formatted + into 64 character lines (which are of course URL-encoded when + sent via HTTP -- i.e. spaces, newlines and most punctuatation are + encoded as "%HH" where HH is the hex equivalent of the ASCII code). + Note that the SPKAC does not contain the other usual attributes + of a certificate request, especially the subject name fields. + These must be otherwise encoded in the form for submission along + with the SPKAC. + +- Either immediately (in response to this form submission), or at + some later date (a real CA will probably verify your identity in + some way before issuing the certificate), a web server can send a + certificate based on the public key and other attributes back to + the browser by encoding it in DER (the binary form) and sending it + to the browser as MIME type: + "Content-type: application/x-x509-user-cert" + + The browser uses the public key encoded in the certificate to + associate the certificate with the appropriate private key in + its local key database. Now, the certificate is "installed". + +- When a server wants to require authentication based on client + certificates, it uses the right signals via the SSL protocol to + trigger the Navigator to ask you which certificate you want to + send. Whether the certificate is accepted is dependent on CA + certificates and so forth installed in the server and is beyond + the scope of this document. + + +Now, here's how the SSLeay package can be used to provide client +certficates: + +- You prepare a file for input to the SSLeay ca application. + The file contains a number of "name = value" pairs that identify + the subject. The names here are the same subject name component + identifiers used in the CA section of the lib/ssleay.conf file, + such as "emailAddress", "commonName" "organizationName" and so + forth. Both the long version and the short version (e.g. "Email", + "CN", "O") can be used. + + One more name is supported: this one is "SPKAC". Its value + is simply the value of the base-64 encoded SPKAC sent by the + browser (with all the newlines and other space charaters + removed -- and newline escapes are NOT supported). + + [ As of SSLeay 0.6.4, multiple lines are supported. + Put a \ at the end of each line and it will be joined with the + previous line with the '\n' removed - eay ] + + Here's a sample input file: + +C = US +SP = Georgia +O = Some Organization, Inc. +OU = Netscape Compatibility Group +CN = John X. Doe +Email = jxdoe@someorg.com +SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx + +- You execute the ca command (either from a CGI program run out of + the web server, or as a later manual task) giving it the above + file as input. For example, if the file were named /tmp/cert.req, + you'd run: + $SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert + + The output is in DER format (binary) if a -out argument is + provided, as above; otherwise, it's in the PEM format (base-64 + encoded DER). Also, the "-batch" switch is implied by the + "-spkac" so you don't get asked whether to complete the signing + (probably it shouldn't work this way but I was only interested + in hacking together an online CA that could be used for issuing + test certificates). + + The "-spkac" capability doesn't support multiple files (I think). + + Any CHALLENGE provided in the SPKAC is simply ignored. + + The interactions between the identification fields you provide + and those identified in your lib/ssleay.conf are the same as if + you did an ordinary "ca -in infile -out outfile" -- that is, if + something is marked as required in the ssleay.conf file and it + isn't found in the -spkac file, the certificate won't be issued. + +- Now, you pick up the output from /tmp/cert and pass it back to + the Navigator prepending the Content-type string described earlier. + +- In order to run the ca command out of a CGI program, you must + provide a password to decrypt the CA's private key. You can + do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..." + I think there's a way to not encrypt the key file in the first + place, but I didn't see how to do that, so I made a small change + to the library that allows the password to be accepted from a pipe. + Either way is UTTERLY INSECURE and a real CA would never do that. + + [ You can use the 'ssleay rsa' command to remove the password + from the private key, or you can use the '-key' option to the + ca command to specify the decryption key on the command line + or use the -nodes option when generating the key. + ca will try to clear the command line version of the password + but for quite a few operating systems, this is not possible. + - eric ] + +So, what do you have to do to make use of this stuff to create an online +demo CA capability with SSLeay? + +1 Create an HTML form for your users. The form should contain + fields for all of the required or optional fields in ssleay.conf. + The form must contain a KEYGEN tag somewhere with at least a NAME + attribute. + +2 Create a CGI program to process the form input submitted by the + browser. The CGI program must URL-decode the variables and create + the file described above, containing subject identification info + as well as the SPKAC block. It should then run the the ca program + with the -spkac option. If it works (check the exit status), + return the new certificate with the appropriate MIME type. If not, + return the output of the ca command with MIME type "text/plain". + +3 Set up your web server to accept connections signed by your demo + CA. This probably involves obtaining the PEM-encoded CA certificate + (ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a + server database. See your server manual for instructions. + diff --git a/doc/obj.doc b/doc/obj.doc new file mode 100644 index 0000000000000000000000000000000000000000..bad347c9366a4aa369ed207ed878db615b90ca26 --- /dev/null +++ b/doc/obj.doc @@ -0,0 +1,69 @@ +The Object library. + +As part of my Crypto library, I found I required a method of identifying various +objects. These objects normally had 3 different values associated with +them, a short text name, a long (or lower case) text name, and an +ASN.1 Object Identifier (which is a sequence of numbers). +This library contains a static list of objects and functions to lookup +according to one type and to return the other types. + +To use these routines, 'Object.h' needs to be included. + +For each supported object, #define entries are defined as follows +#define SN_Algorithm "Algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 38 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +SN_ stands for short name. +LN_ stands for either long name or lowercase name. +NID_ stands for Numeric ID. I each object has a unique NID and this + should be used internally to identify objects. +OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the + ASN1 routines. These values are used in ASN1 encoding. + +The following functions are to be used to return pointers into a static +definition of these types. What this means is "don't try to free() any +pointers returned from these functions. + +ASN1_OBJECT *OBJ_nid2obj( +int n); + Return the ASN1_OBJECT that corresponds to a NID of n. + +char *OBJ_nid2ln( +int n); + Return the long/lower case name of the object represented by the + NID of n. + +char *OBJ_nid2sn( +int n); + Return the short name for the object represented by the NID of n. + +ASN1_OBJECT *OBJ_dup( +ASN1_OBJECT *o); + Duplicate and return a new ASN1_OBJECT that is the same as the + passed parameter. + +int OBJ_obj2nid( +ASN1_OBJECT *o); + Given ASN1_OBJECT o, return the NID that corresponds. + +int OBJ_ln2nid( +char *s); + Given the long/lower case name 's', return the NID of the object. + +int OBJ_sn2nid( +char *s); + Given the short name 's', return the NID of the object. + +char *OBJ_bsearch( +char *key, +char *base, +int num, +int size, +int (*cmp)()); + Since I have come across a few platforms that do not have the + bsearch() function, OBJ_bsearch is my version of that function. + Feel free to use this function, but you may as well just use the + normal system bsearch(3) if it is present. This version also + has tolerance of being passed NULL pointers. diff --git a/doc/rand.doc b/doc/rand.doc new file mode 100644 index 0000000000000000000000000000000000000000..da02a07f64ff2823d1eb631dbf5221ff472f6302 --- /dev/null +++ b/doc/rand.doc @@ -0,0 +1,141 @@ +My Random number library. + +These routines can be used to generate pseudo random numbers and can be +used to 'seed' the pseudo random number generator (RNG). The RNG make no +effort to reproduce the same random number stream with each execution. +Various other routines in the SSLeay library 'seed' the RNG when suitable +'random' input data is available. Read the section at the end for details +on the design of the RNG. + +void RAND_bytes( +unsigned char *buf, +int num); + This routine puts 'num' random bytes into 'buf'. One should make + sure RAND_seed() has been called before using this routine. + +void RAND_seed( +unsigned char *buf, +int num); + This routine adds more 'seed' data the RNG state. 'num' bytes + are added to the RNG state, they are taken from 'buf'. This + routine can be called with sensitive data such as user entered + passwords. This sensitive data is in no way recoverable from + the RAND library routines or state. Try to pass as much data + from 'random' sources as possible into the RNG via this function. + Also strongly consider using the RAND_load_file() and + RAND_write_file() routines. + +void RAND_cleanup(); + When a program has finished with the RAND library, if it so + desires, it can 'zero' all RNG state. + +The following 3 routines are convenience routines that can be used to +'save' and 'restore' data from/to the RNG and it's state. +Since the more 'random' data that is feed as seed data the better, why not +keep it around between executions of the program? Of course the +application should pass more 'random' data in via RAND_seed() and +make sure no-one can read the 'random' data file. + +char *RAND_file_name( +char *buf, +int size); + This routine returns a 'default' name for the location of a 'rand' + file. The 'rand' file should keep a sequence of random bytes used + to initialise the RNG. The filename is put in 'buf'. Buf is 'size' + bytes long. Buf is returned if things go well, if they do not, + NULL is returned. The 'rand' file name is generated in the + following way. First, if there is a 'RANDFILE' environment + variable, it is returned. Second, if there is a 'HOME' environment + variable, $HOME/.rand is returned. Third, NULL is returned. NULL + is also returned if a buf would overflow. + +int RAND_load_file( +char *file, +long number); + This function 'adds' the 'file' into the RNG state. It does this by + doing a RAND_seed() on the value returned from a stat() system call + on the file and if 'number' is non-zero, upto 'number' bytes read + from the file. The number of bytes passed to RAND_seed() is returned. + +int RAND_write_file( +char *file), + RAND_write_file() writes N random bytes to the file 'file', where + N is the size of the internal RND state (currently 1k). + This is a suitable method of saving RNG state for reloading via + RAND_load_file(). + +What follows is a description of this RNG and a description of the rational +behind it's design. + +It should be noted that this RNG is intended to be used to generate +'random' keys for various ciphers including generation of DH and RSA keys. + +It should also be noted that I have just created a system that I am happy with. +It may be overkill but that does not worry me. I have not spent that much +time on this algorithm so if there are glaring errors, please let me know. +Speed has not been a consideration in the design of these routines. + +First up I will state the things I believe I need for a good RNG. +1) A good hashing algorithm to mix things up and to convert the RNG 'state' + to random numbers. +2) An initial source of random 'state'. +3) The state should be very large. If the RNG is being used to generate + 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). + If your RNG state only has 128 bits, you are obviously limiting the + search space to 128 bits, not 2048. I'm probably getting a little + carried away on this last point but it does indicate that it may not be + a bad idea to keep quite a lot of RNG state. It should be easier to + break a cipher than guess the RNG seed data. +4) Any RNG seed data should influence all subsequent random numbers + generated. This implies that any random seed data entered will have + an influence on all subsequent random numbers generated. +5) When using data to seed the RNG state, the data used should not be + extractable from the RNG state. I believe this should be a + requirement because one possible source of 'secret' semi random + data would be a private key or a password. This data must + not be disclosed by either subsequent random numbers or a + 'core' dump left by a program crash. +6) Given the same initial 'state', 2 systems should deviate in their RNG state + (and hence the random numbers generated) over time if at all possible. +7) Given the random number output stream, it should not be possible to determine + the RNG state or the next random number. + + +The algorithm is as follows. + +There is global state made up of a 1023 byte buffer (the 'state'), a +working message digest ('md') and a counter ('count'). + +Whenever seed data is added, it is inserted into the 'state' as +follows. + The input is chopped up into units of 16 bytes (or less for + the last block). Each of these blocks is run through the MD5 + message digest. The data passed to the MD5 digest is the + current 'md', the same number of bytes from the 'state' + (the location determined by in incremented looping index) as + the current 'block' and the new key data 'block'. The result + of this is kept in 'md' and also xored into the 'state' at the + same locations that were used as input into the MD5. + I believe this system addresses points 1 (MD5), 3 (the 'state'), + 4 (via the 'md'), 5 (by the use of MD5 and xor). + +When bytes are extracted from the RNG, the following process is used. +For each group of 8 bytes (or less), we do the following, + Input into MD5, the top 8 bytes from 'md', the byte that are + to be overwritten by the random bytes and bytes from the + 'state' (incrementing looping index). From this digest output + (which is kept in 'md'), the top (upto) 8 bytes are + returned to the caller and the bottom (upto) 8 bytes are xored + into the 'state'. + Finally, after we have finished 'generation' random bytes for the + called, 'count' (which is incremented) and 'md' are fed into MD5 and + the results are kept in 'md'. + I believe the above addressed points 1 (use of MD5), 6 (by + hashing into the 'state' the 'old' data from the caller that + is about to be overwritten) and 7 (by not using the 8 bytes + given to the caller to update the 'state', but they are used + to update 'md'). + +So of the points raised, only 2 is not addressed, but sources of +random data will always be a problem. + diff --git a/doc/rc2.doc b/doc/rc2.doc new file mode 100644 index 0000000000000000000000000000000000000000..efab015bd15430ddf19390fde0608ea2e594d944 --- /dev/null +++ b/doc/rc2.doc @@ -0,0 +1,165 @@ +The RC2 library. + +RC2 is a block cipher that operates on 64bit (8 byte) quantities. It +uses variable size key, but 128bit (16 byte) key would normally be considered +good. It can be used in all the modes that DES can be used. This +library implements the ecb, cbc, cfb64, ofb64 modes. + +I have implemented this library from an article posted to sci.crypt on +11-Feb-1996. I personally don't know how far to trust the RC2 cipher. +While it is capable of having a key of any size, not much reseach has +publically been done on it at this point in time (Apr-1996) +since the cipher has only been public for a few months :-) +It is of a similar speed to DES and IDEA, so unless it is required for +meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable +to stick to IDEA, or for the paranoid, Tripple DES. + +Mind you, having said all that, I should mention that I just read alot and +implement ciphers, I'm a 'babe in the woods' when it comes to evaluating +ciphers :-). + +For all calls that have an 'input' and 'output' variables, they can be the +same. + +This library requires the inclusion of 'rc2.h'. + +All of the encryption functions take what is called an RC2_KEY as an +argument. An RC2_KEY is an expanded form of the RC2 key. +For all modes of the RC2 algorithm, the RC2_KEY used for +decryption is the same one that was used for encryption. + +The define RC2_ENCRYPT is passed to specify encryption for the functions +that require an encryption/decryption flag. RC2_DECRYPT is passed to +specify decryption. + +Please note that any of the encryption modes specified in my DES library +could be used with RC2. I have only implemented ecb, cbc, cfb64 and +ofb64 for the following reasons. +- ecb is the basic RC2 encryption. +- cbc is the normal 'chaining' form for block ciphers. +- cfb64 can be used to encrypt single characters, therefore input and output + do not need to be a multiple of 8. +- ofb64 is similar to cfb64 but is more like a stream cipher, not as + secure (not cipher feedback) but it does not have an encrypt/decrypt mode. +- If you want triple RC2, thats 384 bits of key and you must be totally + obsessed with security. Still, if you want it, it is simple enough to + copy the function from the DES library and change the des_encrypt to + RC2_encrypt; an exercise left for the paranoid reader :-). + +The functions are as follows: + +void RC2_set_key( +RC2_KEY *ks; +int len; +unsigned char *key; +int bits; + RC2_set_key converts an 'len' byte key into a RC2_KEY. + A 'ks' is an expanded form of the 'key' which is used to + perform actual encryption. It can be regenerated from the RC2 key + so it only needs to be kept when encryption or decryption is about + to occur. Don't save or pass around RC2_KEY's since they + are CPU architecture dependent, 'key's are not. RC2 is an + interesting cipher in that it can be used with a variable length + key. 'len' is the length of 'key' to be used as the key. + A 'len' of 16 is recomended. The 'bits' argument is an + interesting addition which I only found out about in Aug 96. + BSAFE uses this parameter to 'limit' the number of bits used + for the key. To use the 'key' unmodified, set bits to 1024. + This is what old versions of my RC2 library did (SSLeay 0.6.3). + RSAs BSAFE library sets this parameter to be 128 if 128 bit + keys are being used. So to be compatable with BSAFE, set it + to 128, if you don't want to reduce RC2's key length, leave it + at 1024. + +void RC2_encrypt( +unsigned long *data, +RC2_KEY *key, +int encrypt); + This is the RC2 encryption function that gets called by just about + every other RC2 routine in the library. You should not use this + function except to implement 'modes' of RC2. I say this because the + functions that call this routine do the conversion from 'char *' to + long, and this needs to be done to make sure 'non-aligned' memory + access do not occur. + Data is a pointer to 2 unsigned long's and key is the + RC2_KEY to use. Encryption or decryption is indicated by 'encrypt'. + which can have the values RC2_ENCRYPT or RC2_DECRYPT. + +void RC2_ecb_encrypt( +unsigned char *in, +unsigned char *out, +RC2_KEY *key, +int encrypt); + This is the basic Electronic Code Book form of RC2 (in DES this + mode is called Electronic Code Book so I'm going to use the term + for rc2 as well. + Input is encrypted into output using the key represented by + key. Depending on the encrypt, encryption or + decryption occurs. Input is 8 bytes long and output is 8 bytes. + +void RC2_cbc_encrypt( +unsigned char *in, +unsigned char *out, +long length, +RC2_KEY *ks, +unsigned char *ivec, +int encrypt); + This routine implements RC2 in Cipher Block Chaining mode. + Input, which should be a multiple of 8 bytes is encrypted + (or decrypted) to output which will also be a multiple of 8 bytes. + The number of bytes is in length (and from what I've said above, + should be a multiple of 8). If length is not a multiple of 8, bad + things will probably happen. ivec is the initialisation vector. + This function updates iv after each call so that it can be passed to + the next call to RC2_cbc_encrypt(). + +void RC2_cfb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +RC2_KEY *schedule, +unsigned char *ivec, +int *num, +int encrypt); + This is one of the more useful functions in this RC2 library, it + implements CFB mode of RC2 with 64bit feedback. + This allows you to encrypt an arbitrary number of bytes, + you do not require 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. Num contains 'how far' we are though ivec. + 'Encrypt' is used to indicate encryption or decryption. + CFB64 mode operates by using the cipher to generate a stream + of bytes which is used to encrypt the plain text. + The cipher text is then encrypted to generate the next 64 bits to + be xored (incrementally) with the next 64 bits of plain + text. As can be seen from this, to encrypt or decrypt, + the same 'cipher stream' needs to be generated but the way the next + block of data is gathered for encryption is different for + encryption and decryption. + +void RC2_ofb64_encrypt( +unsigned char *in, +unsigned char *out, +long length, +RC2_KEY *schedule, +unsigned char *ivec, +int *num); + This functions implements OFB mode of RC2 with 64bit feedback. + This allows you to encrypt an arbitrary number of bytes, + you do not require 8 byte padding. Each call to this + routine will encrypt the input bytes to output and then update ivec + and num. Num contains 'how far' we are though ivec. + This is in effect a stream cipher, there is no encryption or + decryption mode. + +For reading passwords, I suggest using des_read_pw_string() from my DES library. +To generate a password from a text string, I suggest using MD5 (or MD2) to +produce a 16 byte message digest that can then be passed directly to +RC2_set_key(). + +===== +For more information about the specific RC2 modes in this library +(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the +documentation on my DES library. What is said about DES is directly +applicable for RC2. + diff --git a/doc/rc4.doc b/doc/rc4.doc new file mode 100644 index 0000000000000000000000000000000000000000..4b2897eb74349e9a02f39cf6e1676ead2eee68d6 --- /dev/null +++ b/doc/rc4.doc @@ -0,0 +1,44 @@ +The RC4 library. +RC4 is a stream cipher that operates on a byte stream. It can be used with +any length key but I would recommend normally using 16 bytes. + +This library requires the inclusion of 'rc4.h'. + +The RC4 encryption function takes what is called an RC4_KEY as an argument. +The RC4_KEY is generated by the RC4_set_key function from the key bytes. + +RC4, being a stream cipher, does not have an encryption or decryption mode. +It produces a stream of bytes that the input stream is xor'ed against and +so decryption is just a case of 'encrypting' again with the same key. + +I have only put in one 'mode' for RC4 which is the normal one. This means +there is no initialisation vector and there is no feedback of the cipher +text into the cipher. This implies that you should not ever use the +same key twice if you can help it. If you do, you leave yourself open to +known plain text attacks; if you know the plain text and +corresponding cipher text in one message, all messages that used the same +key can have the cipher text decoded for the corresponding positions in the +cipher stream. + +The main positive feature of RC4 is that it is a very fast cipher; about 4 +times faster that DES. This makes it ideally suited to protocols where the +key is randomly chosen, like SSL. + +The functions are as follows: + +void RC4_set_key( +RC4_KEY *key; +int len; +unsigned char *data); + This function initialises the RC4_KEY structure with the key passed + in 'data', which is 'len' bytes long. The key data can be any + length but 16 bytes seems to be a good number. + +void RC4( +RC4_KEY *key; +unsigned long len; +unsigned char *in; +unsigned char *out); + Do the actual RC4 encryption/decryption. Using the 'key', 'len' + bytes are transformed from 'in' to 'out'. As mentioned above, + decryption is the operation as encryption. diff --git a/doc/readme b/doc/readme new file mode 100644 index 0000000000000000000000000000000000000000..824d4fd0e26dd368194a4da28bd00215bad70edd --- /dev/null +++ b/doc/readme @@ -0,0 +1,6 @@ +This is the old 0.6.6 docuementation. Most of the cipher stuff is still +relevent but I'm working (very slowly) on new docuemtation. +The current version can be found online at + +http://www.cryptsoft.com/ssleay/doc + diff --git a/doc/ref.doc b/doc/ref.doc new file mode 100644 index 0000000000000000000000000000000000000000..211559900de3e43dcbbf393c75126329fdd040bc --- /dev/null +++ b/doc/ref.doc @@ -0,0 +1,48 @@ +I have lots more references etc, and will update this list in the future, +30 Aug 1996 - eay + + +SSL The SSL Protocol - from Netscapes. + +RC4 Newsgroups: sci.crypt + From: sterndark@netcom.com (David Sterndark) + Subject: RC4 Algorithm revealed. + Message-ID: + +RC2 Newsgroups: sci.crypt + From: pgut01@cs.auckland.ac.nz (Peter Gutmann) + Subject: Specification for Ron Rivests Cipher No.2 + Message-ID: <4fk39f$f70@net.auckland.ac.nz> + +MD2 RFC1319 The MD2 Message-Digest Algorithm +MD5 RFC1321 The MD5 Message-Digest Algorithm + +X509 Certificates + RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I + RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II + RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III + RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV + +RSA and various standard encoding + PKCS#1 RSA Encryption Standard + PKCS#5 Password-Based Encryption Standard + PKCS#7 Cryptographic Message Syntax Standard + A Layman's Guide to a Subset of ASN.1, BER, and DER + An Overview of the PKCS Standards + Some Examples of the PKCS Standards + +IDEA Chapter 3 The Block Cipher IDEA + +RSA, prime number generation and bignum algorithms + Introduction To Algorithms, + Thomas Cormen, Charles Leiserson, Ronald Rivest, + Section 29 Arithmetic Circuits + Section 33 Number-Theoretic Algorithms + +Fast Private Key algorithm + Fast Decipherment Algorithm for RSA Public-Key Cryptosystem + J.-J. Quisquater and C. Couvreur, Electronics Letters, + 14th October 1982, Vol. 18 No. 21 + +Prime number generation and bignum algorithms. + PGP-2.3a diff --git a/doc/req.1 b/doc/req.1 new file mode 100644 index 0000000000000000000000000000000000000000..684fda580efb824ac9f2411074fdb53ce5863adf --- /dev/null +++ b/doc/req.1 @@ -0,0 +1,137 @@ +The 'req' command is used to manipulate and deal with pkcs#10 +certificate requests. + +It's default mode of operation is to load a certificate and then +write it out again. + +By default the 'req' is read from stdin in 'PEM' format. +The -inform option can be used to specify 'pem' format or 'der' +format. PEM format is the base64 encoding of the DER format. + +By default 'req' then writes the request back out. -outform can be used +to indicate the desired output format, be it 'pem' or 'der'. + +To specify an input file, use the '-in' option and the '-out' option +can be used to specify the output file. + +If you wish to perform a command and not output the certificate +request afterwards, use the '-noout' option. + +When a certificate is loaded, it can be printed in a human readable +ascii format via the '-text' option. + +To check that the signature on a certificate request is correct, use +the '-verify' option to make sure that the private key contained in the +certificate request corresponds to the signature. + +Besides the default mode, there is also the 'generate a certificate +request' mode. There are several flags that trigger this mode. + +-new will generate a new RSA key (if required) and then prompts +the user for details for the certificate request. +-newkey has an argument that is the number of bits to make the new +key. This function also triggers '-new'. + +The '-new' option can have a key to use specified instead of having to +load one, '-key' is used to specify the file containg the key. +-keyform can be used to specify the format of the key. Only +'pem' and 'der' formats are supported, later, 'netscape' format may be added. + +Finally there is the '-x509' options which makes req output a self +signed x509 certificate instead of a certificate request. + +Now as you may have noticed, there are lots of default options that +cannot be specified via the command line. They are held in a 'template' +or 'configuration file'. The -config option specifies which configuration +file to use. See conf.doc for details on the syntax of this file. + +The req command uses the 'req' section of the config file. + +--- +# The following variables are defined. For this example I will populate +# the various values +[ req ] +default_bits = 512 # default number of bits to use. +default_keyfile = testkey.pem # Where to write the generated keyfile + # if not specified. +distinguished_name= req_dn # The section that contains the + # information about which 'object' we + # want to put in the DN. +attributes = req_attr # The objects we want for the + # attributes field. +encrypt_rsa_key = no # Should we encrypt newly generated + # keys. I strongly recommend 'yes'. + +# The distinguished name section. For the following entries, the +# object names must exist in the SSLeay header file objects.h. If they +# do not, they will be silently ignored. The entries have the following +# format. +# => string to prompt with +# _default => default value for people +# _value => Automatically use this value for this field. +# _min => minimum number of characters for data (def. 0) +# _max => maximum number of characters for data (def. inf.) +# All of these entries are optional except for the first one. +[ req_dn ] +countryName = Country Name (2 letter code) +countryName_default = AU + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Queensland + +localityName = Locality Name (eg, city) + +organizationName = Organization Name (eg, company) +organizationName_default = Mincom Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = MTR + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 40 + +# The next section is the attributes section. This is exactly the +# same as for the previous section except that the resulting objects are +# put in the attributes field. +[ req_attr ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +---- +Also note that the order that attributes appear in this file is the +order they will be put into the distinguished name. + +Once this request has been generated, it can be sent to a CA for +certifying. + +---- +A few quick examples.... + +To generate a new request and a new key +req -new + +To generate a new request and a 1058 bit key +req -newkey 1058 + +To generate a new request using a pre-existing key +req -new -key key.pem + +To generate a self signed x509 certificate from a certificate +request using a supplied key, and we want to see the text form of the +output certificate (which we will put in the file selfSign.pem +req -x509 -in req.pem -key key.pem -text -out selfSign.pem + +Verify that the signature is correct on a certificate request. +req -verify -in req.pem + +Verify that the signature was made using a specified public key. +req -verify -in req.pem -key key.pem + +Print the contents of a certificate request +req -text -in req.pem diff --git a/doc/rsa.doc b/doc/rsa.doc new file mode 100644 index 0000000000000000000000000000000000000000..f899a39bb89193259fbb953e00fd95e6da5d227f --- /dev/null +++ b/doc/rsa.doc @@ -0,0 +1,133 @@ +The RSA encryption and utility routines. + +The RSA routines are built on top of a big number library (the BN library). +There are support routines in the X509 library for loading and manipulating +the various objects in the RSA library. When errors are returned, read +about the ERR library for how to access the error codes. + +All RSA encryption is done according to the PKCS-1 standard which is +compatible with PEM and RSAref. This means that any values being encrypted +must be less than the size of the modulus in bytes, minus 10, bytes long. + +This library uses RAND_bytes()() for it's random data, make sure to feed +RAND_seed() with lots of interesting and varied data before using these +routines. + +The RSA library has one specific data type, the RSA structure. +It is composed of 8 BIGNUM variables (see the BN library for details) and +can hold either a private RSA key or a public RSA key. +Some RSA libraries have different structures for public and private keys, I +don't. For my libraries, a public key is determined by the fact that the +RSA->d value is NULL. These routines will operate on any size RSA keys. +While I'm sure 4096 bit keys are very very secure, they take a lot longer +to process that 1024 bit keys :-). + +The function in the RSA library are as follows. + +RSA *RSA_new(); + This function creates a new RSA object. The sub-fields of the RSA + type are also malloced so you should always use this routine to + create RSA variables. + +void RSA_free( +RSA *rsa); + This function 'frees' an RSA structure. This routine should always + be used to free the RSA structure since it will also 'free' any + sub-fields of the RSA type that need freeing. + +int RSA_size( +RSA *rsa); + This function returns the size of the RSA modulus in bytes. Why do + I need this you may ask, well the reason is that when you encrypt + with RSA, the output string will be the size of the RSA modulus. + So the output for the RSA_encrypt and the input for the RSA_decrypt + routines need to be RSA_size() bytes long, because this is how many + bytes are expected. + +For the following 4 RSA encryption routines, it should be noted that +RSA_private_decrypt() should be used on the output from +RSA_public_encrypt() and RSA_public_decrypt() should be used on +the output from RSA_private_encrypt(). + +int RSA_public_encrypt( +int from_len; +unsigned char *from +unsigned char *to +RSA *rsa); + This function implements RSA public encryption, the rsa variable + should be a public key (but can be a private key). 'from_len' + bytes taken from 'from' and encrypted and put into 'to'. 'to' needs + to be at least RSA_size(rsa) bytes long. The number of bytes + written into 'to' is returned. -1 is returned on an error. The + operation performed is + to = from^rsa->e mod rsa->n. + +int RSA_private_encrypt( +int from_len; +unsigned char *from +unsigned char *to +RSA *rsa); + This function implements RSA private encryption, the rsa variable + should be a private key. 'from_len' bytes taken from + 'from' and encrypted and put into 'to'. 'to' needs + to be at least RSA_size(rsa) bytes long. The number of bytes + written into 'to' is returned. -1 is returned on an error. The + operation performed is + to = from^rsa->d mod rsa->n. + +int RSA_public_decrypt( +int from_len; +unsigned char *from +unsigned char *to +RSA *rsa); + This function implements RSA public decryption, the rsa variable + should be a public key (but can be a private key). 'from_len' + bytes are taken from 'from' and decrypted. The decrypted data is + put into 'to'. The number of bytes encrypted is returned. -1 is + returned to indicate an error. The operation performed is + to = from^rsa->e mod rsa->n. + +int RSA_private_decrypt( +int from_len; +unsigned char *from +unsigned char *to +RSA *rsa); + This function implements RSA private decryption, the rsa variable + should be a private key. 'from_len' bytes are taken + from 'from' and decrypted. The decrypted data is + put into 'to'. The number of bytes encrypted is returned. -1 is + returned to indicate an error. The operation performed is + to = from^rsa->d mod rsa->n. + +int RSA_mod_exp( +BIGNUM *n; +BIGNUM *p; +RSA *rsa); + Normally you will never use this routine. + This is really an internal function which is called by + RSA_private_encrypt() and RSA_private_decrypt(). It performs + n=n^p mod rsa->n except that it uses the 5 extra variables in the + RSA structure to make this more efficient. + +RSA *RSA_generate_key( +int bits; +unsigned long e; +void (*callback)(); + This routine is used to generate RSA private keys. It takes + quite a period of time to run and should only be used to + generate initial private keys that should then be stored + for later use. The passed callback function + will be called periodically so that feedback can be given + as to how this function is progressing. + 'bits' is the length desired for the modulus, so it would be 1024 + to generate a 1024 bit private key. + 'e' is the value to use for the public exponent 'e'. Traditionally + it is set to either 3 or 0x10001. + The callback function (if not NULL) is called in the following + situations. + when we have generated a suspected prime number to test, + callback(0,num1++). When it passes a prime number test, + callback(1,num2++). When it is rejected as one of + the 2 primes required due to gcd(prime,e value) != 0, + callback(2,num3++). When finally accepted as one of the 2 primes, + callback(3,num4++). diff --git a/doc/rsaref.doc b/doc/rsaref.doc new file mode 100644 index 0000000000000000000000000000000000000000..0505b76f76268492cb7cf7fb1a04821261f832a4 --- /dev/null +++ b/doc/rsaref.doc @@ -0,0 +1,35 @@ +This package can be compiled to use the RSAref library. +This library is not allowed outside of the USA but inside the USA it is +claimed by RSA to be the only RSA public key library that can be used +besides BSAFE.. + +There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue +code to use RSAref. These files were written by looking at the PGP +source code and seeing which routines it used to access RSAref. +I have also been sent by some-one a copy of the RSAref header file that +contains the library error codes. + +[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from + South Africa and have been doing some performace tests. ] + +They have now been tested against the recently announced RSAEURO +library. + +There are 2 ways to use SSLeay and RSAref. First, to build so that +the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top +level makefile and -lrsaref (or where ever you are keeping RSAref) to +EX_LIBS. + +To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option. + +The second method is to build as per normal and link applications with +the RSAglue library. The correct library order would be +cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes +The RSAglue library is built in the rsa directory and is NOT +automatically installed. + +Be warned that the RSAEURO library, that is claimed to be compatible +with RSAref contains a different value for the maximum number of bits +supported. This changes structure sizes and so if you are using +RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h + diff --git a/doc/s_mult.doc b/doc/s_mult.doc new file mode 100644 index 0000000000000000000000000000000000000000..726085bc575d1ce1fbf89801b7fd783f37a9d7ba --- /dev/null +++ b/doc/s_mult.doc @@ -0,0 +1,17 @@ +s_mult is a test program I hacked up on a Sunday for testing non-blocking +IO. It has a select loop at it's centre that handles multiple readers +and writers. + +Try the following command +ssleay s_mult -echo -nbio -ssl -v +echo - sends any sent text back to the sender +nbio - turns on non-blocking IO +ssl - accept SSL connections, default is normal text +v - print lots + type Q to quit + +In another window, run the following +ssleay s_client -pause new_session_cb is a function pointer to a function of type +int new_session_callback(SSL *ssl,SSL_SESSION *new); +This function, if set in the SSL_CTX structure is called whenever a new +SSL_SESSION is added to the cache. If the callback returns non-zero, it +means that the application will have to do a SSL_SESSION_free() +on the structure (this is +to do with the cache keeping the reference counts correct, without the +application needing to know about it. +The 'active' parameter is the current SSL session for which this connection +was created. + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)()); +to set the callback, +int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx) +to get the callback. + +If the 'get session' callback is set, when a session id is looked up and +it is not in the session-id cache, this callback is called. The callback is +of the form +SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len, + int *copy); + +The get_session_callback is intended to return null if no session id is found. +The reference count on the SSL_SESSION in incremented by the SSL library, +if copy is 1. Otherwise, the reference count is not modified. + +void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and +int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback. + +These callbacks are basically indended to be used by processes to +send their session-id's to other processes. I currently have not implemented +non-blocking semantics for these callbacks, it is upto the appication +to make the callbacks effiecent if they require blocking (perhaps +by 'saving' them and then 'posting them' when control returns from +the SSL_accept(). + +LHASH *SSL_CTX_sessions(SSL_CTX *ctx) +This returns the session cache. The lhash strucutre can be accessed for +statistics about the cache. + +void lh_stats(LHASH *lh, FILE *out); +void lh_node_stats(LHASH *lh, FILE *out); +void lh_node_usage_stats(LHASH *lh, FILE *out); + +can be used to print details about it's activity and current state. +You can also delve directly into the lhash structure for 14 different +counters that are kept against the structure. When I wrote the lhash library, +I was interested in gathering statistics :-). +Have a read of doc/lhash.doc in the SSLeay distribution area for more details +on the lhash library. + +Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX. +SSL * SSL_new(SSL_CTX *); + +This stores a session. A session is secret information shared between 2 +SSL contexts. It will only be created if both ends of the connection have +authenticated their peer to their satisfaction. It basically contains +the information required to use a particular secret key cipher. + +To retrieve the SSL_CTX being used by a SSL, +SSL_CTX *SSL_get_SSL_CTX(SSL *s); + +Now when a SSL session is established between to programs, the 'session' +information that is cached in the SSL_CTX can me manipulated by the +following functions. +int SSL_set_session(SSL *s, SSL_SESSION *session); +This will set the SSL_SESSION to use for the next SSL_connect(). If you use +this function on an already 'open' established SSL connection, 'bad things +will happen'. This function is meaning-less when used on a ssl strucutre +that is just about to be used in a SSL_accept() call since the +SSL_accept() will either create a new session or retrieve one from the +cache. + +SSL_SESSION *SSL_get_session(SSL *s); +This will return the SSL_SESSION for the current SSL, NULL if there is +no session associated with the SSL structure. + +The SSL sessions are kept in the SSL_CTX in a hash table, to remove a +session +void SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); +and to add one +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +SSL_CTX_add_session() returns 1 if the session was already in the cache (so it +was not added). +Whenever a new session is created via SSL_connect()/SSL_accept(), +they are automatically added to the cache, depending on the session_cache_mode +settings. SSL_set_session() +does not add it to the cache. Just call SSL_CTX_add_session() if you do want the +session added. For a 'client' this would not normally be the case. +SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things +which the next 2 funtions help you do. + +int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); +These 2 functions are in the standard ASN1 library form and can be used to +load and save to a byte format, the SSL_SESSION structure. +With these functions, you can save and read these structures to a files or +arbitary byte string. +The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will +write to a file pointer in base64 encoding. + +What you can do with this, is pass session information between separate +processes. Please note, that you will probably also need to modify the +timeout information on the SSL_SESSIONs. + +long SSL_get_time(SSL_SESSION *s) +will return the 'time' that the session +was loaded. The timeout is relative to this time. This information is +saved when the SSL_SESSION is converted to binarary but it is stored +in as a unix long, which is rather OS dependant, but easy to convert back. + +long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time. +The time value is just the value returned from time(3), and should really +be defined by be to be time_t. + +long SSL_get_timeout(SSL_SESSION *s); +long SSL_set_timeout(SSL_SESSION *s,long t); +These 2 retrieve and set the timeout which is just a number of secconds +from the 'SSL_get_time()' value. When this time period has elapesed, +the session will no longer be in the cache (well it will actually be removed +the next time it is attempted to be retrieved, so you could 'bump' +the timeout so it remains valid). +The 'time' and 'timeout' are set on a session when it is created, not reset +each time it is reused. If you did wish to 'bump it', just after establishing +a connection, do a +SSL_set_time(ssl,time(NULL)); + +You can also use +SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and +SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for +all SSL connections created against a SSL_CTX. If you set a timeout in +an SSL_CTX, all new SSL's created will inherit the timeout. It can be over +written by the SSL_set_timeout(SSL *s,unsigned long t) function call. +If you 'set' the timeout back to 0, the system default will be used. + +SSL_SESSION *SSL_SESSION_new(); +void SSL_SESSION_free(SSL_SESSION *ses); +These 2 functions are used to create and dispose of SSL_SESSION functions. +You should not ever normally need to use them unless you are using +i2d_SSL_SESSION() and/or d2i_SSL_SESSION(). If you 'load' a SSL_SESSION +via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it. +Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the +structure (via reference counts) when it is passed to them. + +SSL_CTX_flush_sessions(ctx,time); +The first function will clear all sessions from the cache, which have expired +relative to 'time' (which could just be time(NULL)). + +SSL_CTX_flush_sessions(ctx,0); +This is a special case that clears everything. + +As a final comment, a 'session' is not enough to establish a new +connection. If a session has timed out, a certificate and private key +need to have been associated with the SSL structure. +SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session +strucutre but also the private key and certificate associated with +'from'. + +EXAMPLES. + +So lets play at being a wierd SSL server. + +/* setup a context */ +ctx=SSL_CTX_new(); + +/* Lets load some session from binary into the cache, why one would do + * this is not toally clear, but passing between programs does make sense + * Perhaps you are using 4096 bit keys and are happy to keep them + * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally + * sure, perhaps this is a process called from an SSL inetd and this is being + * passed to the application. */ +session=d2i_SSL_SESSION(....) +SSL_CTX_add_session(ctx,session); + +/* Lets even add a session from a file */ +session=PEM_read_SSL_SESSION(....) +SSL_CTX_add_session(ctx,session); + +/* create a new SSL structure */ +ssl=SSL_new(ctx); + +/* At this point we want to be able to 'create' new session if + * required, so we need a certificate and RSAkey. */ +SSL_use_RSAPrivateKey_file(ssl,...) +SSL_use_certificate_file(ssl,...) + +/* Now since we are a server, it make little sence to load a session against + * the ssl strucutre since a SSL_accept() will either create a new session or + * grab an existing one from the cache. */ + +/* grab a socket descriptor */ +fd=accept(...); + +/* associated it with the ssl strucutre */ +SSL_set_fd(ssl,fd); + +SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */ + +/* Lets print out the session details or lets save it to a file, + * perhaps with a secret key cipher, so that we can pass it to the FBI + * when they want to decode the session :-). While we have RSA + * this does not matter much but when I do SSLv3, this will allow a mechanism + * for the server/client to record the information needed to decode + * the traffic that went over the wire, even when using Diffie-Hellman */ +PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....) + +Lets 'connect' back to the caller using the same session id. + +ssl2=SSL_new(ctx); +fd2=connect(them); +SSL_set_fd(ssl2,fd2); +SSL_set_session(ssl2,SSL_get_session(ssl)); +SSL_connect(ssl2); + +/* what the hell, lets accept no more connections using this session */ +SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl)); + +/* we could have just as easily used ssl2 since they both are using the + * same session. + * You will note that both ssl and ssl2 are still using the session, and + * the SSL_SESSION structure will be free()ed when both ssl and ssl2 + * finish using the session. Also note that you could continue to initiate + * connections using this session by doing SSL_get_session(ssl) to get the + * existing session, but SSL_accept() will not be able to find it to + * use for incoming connections. + * Of corse, the session will timeout at the far end and it will no + * longer be accepted after a while. The time and timeout are ignored except + * by SSL_accept(). */ + +/* Since we have had our server running for 10 weeks, and memory is getting + * short, perhaps we should clear the session cache to remove those + * 100000 session entries that have expired. Some may consider this + * a memory leak :-) */ + +SSL_CTX_flush_sessions(ctx,time(NULL)); + +/* Ok, after a bit more time we wish to flush all sessions from the cache + * so that all new connections will be authenticated and incure the + * public key operation overhead */ + +SSL_CTX_flush_sessions(ctx,0); + +/* As a final note, to copy everything to do with a SSL, use */ +SSL_copy_session_id(SSL *to,SSL *from); +/* as this also copies the certificate and RSA key so new session can + * be established using the same details */ + diff --git a/doc/sha.doc b/doc/sha.doc new file mode 100644 index 0000000000000000000000000000000000000000..895fa182ed90f8e47f86957aa11b268f236458cb --- /dev/null +++ b/doc/sha.doc @@ -0,0 +1,52 @@ +The SHA (Secure Hash Algorithm) library. +SHA is a message digest algorithm that can be used to condense an arbitrary +length message down to a 20 byte hash. The functions all need to be passed +a SHA_CTX which is used to hold the SHA context during multiple SHA_Update() +function calls. The normal method of use for this library is as follows +This library contains both SHA and SHA-1 digest algorithms. SHA-1 is +an update to SHA (which should really be called SHA-0 now) which +tweaks the algorithm slightly. The SHA-1 algorithm is used by simply +using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the +SHA*() calls + +SHA_Init(...); +SHA_Update(...); +... +SHA_Update(...); +SHA_Final(...); + +This library requires the inclusion of 'sha.h'. + +The functions are as follows: + +void SHA_Init( +SHA_CTX *c); + This function needs to be called to initiate a SHA_CTX structure for + use. + +void SHA_Update( +SHA_CTX *c; +unsigned char *data; +unsigned long len); + This updates the message digest context being generated with 'len' + bytes from the 'data' pointer. The number of bytes can be any + length. + +void SHA_Final( +unsigned char *md; +SHA_CTX *c; + This function is called when a message digest of the data digested + with SHA_Update() is wanted. The message digest is put in the 'md' + array and is SHA_DIGEST_LENGTH (20) bytes long. + +unsigned char *SHA( +unsigned char *d; +unsigned long n; +unsigned char *md; + This function performs a SHA_Init(), followed by a SHA_Update() + followed by a SHA_Final() (using a local SHA_CTX). + The resulting digest is put into 'md' if it is not NULL. + Regardless of the value of 'md', the message + digest is returned from the function. If 'md' was NULL, the message + digest returned is being stored in a static structure. + diff --git a/doc/speed.doc b/doc/speed.doc new file mode 100644 index 0000000000000000000000000000000000000000..11dfa85f08d41c6e252215603e859d2a6d79ec8c --- /dev/null +++ b/doc/speed.doc @@ -0,0 +1,96 @@ +To get an idea of the performance of this library, use +ssleay speed + +perl util/sp-diff.pl file1 file2 + +will print out the relative differences between the 2 files which are +expected to be the output from the speed program. + +The performace of the library is very dependant on the Compiler +quality and various flags used to build. + +--- + +These are some numbers I did comparing RSAref and SSLeay on a Pentium 100. +[ These numbers are all out of date, as of SSL - 0.6.1 the RSA +operations are about 2 times faster, so check the version number ] + +RSA performance. + +SSLeay 0.6.0 +Pentium 100, 32meg, Windows NT Workstation 3.51 +linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486 +and +Windows NT - Windows NT 3.51 - Visual C++ 4.1 - 586 code + 32bit assember +Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember +NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember + +Times are how long it takes to do an RSA private key operation. + + 512bits 1024bits +------------------------------- +SSLeay NT dll 0.042s 0.202s see above +SSLeay linux 0.046s 0.218s Assember inner loops (normal build) +SSLeay linux 0.067s 0.380s Pure C code with BN_LLONG defined +SSLeay W3.1 dll 0.108s 0.478s see above +SSLeay linux 0.109s 0.713s C without BN_LLONG. +RSAref2.0 linux 0.149s 0.936s +SSLeay MS-DOS 0.197s 1.049s see above + +486DX66, 32meg, Windows NT Server 3.51 + 512bits 1024bits +------------------------------- +SSLeay NT dll 0.084s 0.495s <- SSLeay 0.6.3 +SSLeay NT dll 0.154s 0.882s +SSLeay W3.1 dll 0.335s 1.538s +SSLeay MS-DOS 0.490s 2.790s + +What I find cute is that I'm still faster than RSAref when using standard C, +without using the 'long long' data type :-), %35 faster for 512bit and we +scale up to 3.2 times faster for the 'default linux' build. I should mention +that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or +x86-sol.s for any x86 based unix they are building on. The only problems +with be with syntax but the performance gain is quite large, especially for +servers. The code is very simple, you just need to modify the 'header'. + +The message is, if you are stuck using RSAref, the RSA performance will be +bad. Considering the code was compiled for a pentium, the 486DX66 number +would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). +[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100 + into a 486DX33' :-) ] + +I won't tell people if the DLL's are using RSAref or my stuff if no-one +asks :-). + +eric + +PS while I know I could speed things up further, I will probably not do + so due to the effort involved. I did do some timings on the + SSLeay bignum format -> RSAref number format conversion that occurs + each time RSAref is used by SSLeay, and the numbers are trivial. + 0.00012s a call for 512bit vs 0.149s for the time spent in the function. + 0.00018s for 1024bit vs 0.938s. Insignificant. + So the 'way to go', to support faster RSA libraries, if people are keen, + is to write 'glue' code in a similar way that I do for RSAref and send it + to me :-). + My base library still has the advantage of being able to operate on + any size numbers, and is not that far from the performance from the + leaders in the field. (-%30?) + [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at + least very close :-) ] + + I suppose I should also mention some other numbers RSAref numbers, again + on my Pentium. + DES CBC EDE-DES MD5 + RSAref linux 830k/s 302k/s 4390k/s + SSLeay linux 855k/s 319k/s 10025k/s + SSLeay NT 1158k/s 410k/s 10470k/s + SSLeay w31 378k/s 143k/s 2383k/s (fully 16bit) + + Got to admit that Visual C++ 4.[01] is a damn fine compiler :-) +-- +Eric Young | BOOL is tri-state according to Bill Gates. +AARNet: eay@cryptsoft.com | RTFM Win32 GetMessage(). + + + diff --git a/doc/ssl-ciph.doc b/doc/ssl-ciph.doc new file mode 100644 index 0000000000000000000000000000000000000000..33a7e41f0e38f2745bafdba64cc287128eb27ed4 --- /dev/null +++ b/doc/ssl-ciph.doc @@ -0,0 +1,84 @@ +This is a quick high level summery of how things work now. + +Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra +minor ones. + +They are 'The key exchange algorithm', which is RSA for SSLv2 but can also +be Diffle-Hellman for SSLv3. + +An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or +none. + +The cipher + +The MAC digest. + +A cipher can also be an export cipher and is either an SSLv2 or a +SSLv3 ciphers. + +To specify which ciphers to use, one can either specify all the ciphers, +one at a time, or use 'aliases' to specify the preference and order for +the ciphers. + +There are a large number of aliases, but the most importaint are +kRSA, kDHr, kDHd and kEDH for key exchange types. + +aRSA, aDSS, aNULL and aDH for authentication +DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers +MD5, SHA0 and SHA1 digests + +Now where this becomes interesting is that these can be put together to +specify the order and ciphers you wish to use. + +To speed this up there are also aliases for certian groups of ciphers. +The main ones are +SSLv2 - all SSLv2 ciphers +SSLv3 - all SSLv3 ciphers +EXP - all export ciphers +LOW - all low strngth ciphers (no export ciphers, normally single DES) +MEDIUM - 128 bit encryption +HIGH - Triple DES + +These aliases can be joined in a : separated list which specifies to +add ciphers, move them to the current location and delete them. + +A simpler way to look at all of this is to use the 'ssleay ciphers -v' command. +The default library cipher spec is +!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP +which means, first, remove from consideration any ciphers that do not +authenticate. Next up, use ciphers using RC4 and RSA. Next include the HIGH, +MEDIUM and the LOW security ciphers. Finish up by adding all the export +ciphers on the end, then 'pull' all the SSLv2 and export ciphers to +the end of the list. + +The results are +$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP' + +RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 +RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 +EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 +EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 +DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 +IDEA-CBC-MD5 SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 +EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 +EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 +DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 +DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 +DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 +IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 +RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 +RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 +EXP-EDH-RSA-DES-CBC SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export +EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export +EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export +EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export +EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export +EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export +EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export + +I would recoment people use the 'ssleay ciphers -v "text"' +command to check what they are going to use. + +Anyway, I'm falling asleep here so I'll do some more tomorrow. + +eric diff --git a/doc/ssl.doc b/doc/ssl.doc new file mode 100644 index 0000000000000000000000000000000000000000..1f89cd5db2c4cd55f391cf077c3854ba7220f379 --- /dev/null +++ b/doc/ssl.doc @@ -0,0 +1,172 @@ +SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table. + +/* Session-id cache stats */ +SSL_CTX_sess_number +SSL_CTX_sess_connect +SSL_CTX_sess_connect_good +SSL_CTX_sess_accept +SSL_CTX_sess_accept_good +SSL_CTX_sess_hits +SSL_CTX_sess_cb_hits +SSL_CTX_sess_misses +SSL_CTX_sess_timeouts + +/* Session-id application notification callbacks */ +SSL_CTX_sess_set_new_cb +SSL_CTX_sess_get_new_cb +SSL_CTX_sess_set_get_cb +SSL_CTX_sess_get_get_cb + +/* Session-id cache operation mode */ +SSL_CTX_set_session_cache_mode +SSL_CTX_get_session_cache_mode + +/* Set default timeout values to use. */ +SSL_CTX_set_timeout +SSL_CTX_get_timeout + +/* Global SSL initalisation informational callback */ +SSL_CTX_set_info_callback +SSL_CTX_get_info_callback +SSL_set_info_callback +SSL_get_info_callback + +/* If the SSL_accept/SSL_connect returned with -1, these indicate when + * we should re-call *. +SSL_want +SSL_want_nothing +SSL_want_read +SSL_want_write +SSL_want_x509_lookup + +/* Where we are in SSL initalisation, used in non-blocking, perhaps + * have a look at ssl/bio_ssl.c */ +SSL_state +SSL_is_init_finished +SSL_in_init +SSL_in_connect_init +SSL_in_accept_init + +/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init + * can be used to work out which function to call. */ +SSL_set_connect_state +SSL_set_accept_state + +/* Where to look for certificates for authentication */ +SSL_set_default_verify_paths /* calles SSL_load_verify_locations */ +SSL_load_verify_locations + +/* get info from an established connection */ +SSL_get_session +SSL_get_certificate +SSL_get_SSL_CTX + +SSL_CTX_new +SSL_CTX_free +SSL_new +SSL_clear +SSL_free + +SSL_CTX_set_cipher_list +SSL_get_cipher +SSL_set_cipher_list +SSL_get_cipher_list +SSL_get_shared_ciphers + +SSL_accept +SSL_connect +SSL_read +SSL_write + +SSL_debug + +SSL_get_read_ahead +SSL_set_read_ahead +SSL_set_verify + +SSL_pending + +SSL_set_fd +SSL_set_rfd +SSL_set_wfd +SSL_set_bio +SSL_get_fd +SSL_get_rbio +SSL_get_wbio + +SSL_use_RSAPrivateKey +SSL_use_RSAPrivateKey_ASN1 +SSL_use_RSAPrivateKey_file +SSL_use_PrivateKey +SSL_use_PrivateKey_ASN1 +SSL_use_PrivateKey_file +SSL_use_certificate +SSL_use_certificate_ASN1 +SSL_use_certificate_file + +ERR_load_SSL_strings +SSL_load_error_strings + +/* human readable version of the 'state' of the SSL connection. */ +SSL_state_string +SSL_state_string_long +/* These 2 report what kind of IO operation the library was trying to + * perform last. Probably not very usefull. */ +SSL_rstate_string +SSL_rstate_string_long + +SSL_get_peer_certificate + +SSL_SESSION_new +SSL_SESSION_print_fp +SSL_SESSION_print +SSL_SESSION_free +i2d_SSL_SESSION +d2i_SSL_SESSION + +SSL_get_time +SSL_set_time +SSL_get_timeout +SSL_set_timeout +SSL_copy_session_id +SSL_set_session +SSL_CTX_add_session +SSL_CTX_remove_session +SSL_CTX_flush_sessions + +BIO_f_ssl + +/* used to hold information as to why a certificate verification failed */ +SSL_set_verify_result +SSL_get_verify_result + +/* can be used by the application to associate data with an SSL structure. + * It needs to be 'free()ed' by the application */ +SSL_set_app_data +SSL_get_app_data + +/* The following all set values that are kept in the SSL_CTX but + * are used as the default values when an SSL session is created. + * They are over writen by the relevent SSL_xxxx functions */ + +/* SSL_set_verify */ +void SSL_CTX_set_default_verify + +/* This callback, if set, totaly overrides the normal SSLeay verification + * functions and should return 1 on sucesss and 0 on failure */ +void SSL_CTX_set_cert_verify_callback + +/* The following are the same as the equivilent SSL_xxx functions. + * Only one copy of this information is kept and if a particular + * SSL structure has a local override, it is totally separate structure. + */ +int SSL_CTX_use_RSAPrivateKey +int SSL_CTX_use_RSAPrivateKey_ASN1 +int SSL_CTX_use_RSAPrivateKey_file +int SSL_CTX_use_PrivateKey +int SSL_CTX_use_PrivateKey_ASN1 +int SSL_CTX_use_PrivateKey_file +int SSL_CTX_use_certificate +int SSL_CTX_use_certificate_ASN1 +int SSL_CTX_use_certificate_file + diff --git a/doc/ssl_ctx.doc b/doc/ssl_ctx.doc new file mode 100644 index 0000000000000000000000000000000000000000..508394e75f119983481a86633f1d4707aa12df54 --- /dev/null +++ b/doc/ssl_ctx.doc @@ -0,0 +1,68 @@ +This is now a bit dated, quite a few of the SSL_ functions could be +SSL_CTX_ functions. I will update this in the future. 30 Aug 1996 + +From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995 +Received: by orb.mincom.oz.au id AA00696 + (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000 +Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST) +From: Eric Young +X-Sender: eay@orb +To: sameer +Cc: Eric Young +Subject: Re: PEM_readX509 oesn't seem to be working +In-Reply-To: <199512110102.RAA12521@infinity.c2.org> +Message-Id: +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Status: RO +X-Status: + +On Sun, 10 Dec 1995, sameer wrote: +> OK, that's solved. I've found out that it is saying "no +> certificate set" in SSL_accept because s->conn == NULL +> so there is some place I need to initialize s->conn that I am +> not initializing it. + +The full order of things for a server should be. + +ctx=SSL_CTX_new(); + +/* The next line should not really be using ctx->cert but I'll leave it + * this way right now... I don't want a X509_ routine to know about an SSL + * structure, there should be an SSL_load_verify_locations... hmm, I may + * add it tonight. + */ +X509_load_verify_locations(ctx->cert,CAfile,CApath); + +/* Ok now for each new connection we do the following */ +con=SSL_new(ctx); +SSL_set_fd(con,s); +SSL_set_verify(con,verify,verify_callback); + +/* set the certificate and private key to use. */ +SSL_use_certificate_ASN1(con,X509_certificate); +SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key); + +SSL_accept(con); + +SSL_read(con)/SSL_write(con); + +There is a bit more than that but that is basically the structure. + +Create a context and specify where to lookup certificates. + +foreach connection + { + create a SSL structure + set the certificate and private key + do a SSL_accept + + we should now be ok + } + +eric +-- +Eric Young | Signature removed since it was generating +AARNet: eay@mincom.oz.au | more followups than the message contents :-) + + diff --git a/doc/ssleay.doc b/doc/ssleay.doc new file mode 100644 index 0000000000000000000000000000000000000000..a0e86aef7c19c28a43c4ac9f8ed5af6ce036f9db --- /dev/null +++ b/doc/ssleay.doc @@ -0,0 +1,213 @@ +SSLeay: a cryptographic kitchen sink. + +1st December 1995 +Way back at the start of April 1995, I was looking for a mindless +programming project. A friend of mine (Tim Hudson) said "why don't you do SSL, +it has DES encryption in it and I would not mind using it in a SSL telnet". +While it was true I had written a DES library in previous years, litle +did I know what an expansive task SSL would turn into. + +First of all, the SSL protocol contains DES encryption. Well and good. My +DES library was fast and portable. It also contained the RSA's RC4 stream +cipher. Again, not a problem, some-one had just posted to sci.crypt +something that was claimed to be RC4. It also contained IDEA, I had the +specifications, not a problem to implement. MD5, an RFC, trivial, at most +I could spend a week or so trying to see if I could speed up the +implementation. All in all a nice set of ciphers. +Then the first 'expantion of the scope', RSA public key +encryption. Since I did not knowing a thing about public key encryption +or number theory, this appeared quite a daunting task. Just writing a +big number library would be problomatic in itself, let alone making it fast. +At this point the scope of 'implementing SSL' expands eponentialy. +First of all, the RSA private keys were being kept in ASN.1 format. +Thankfully the RSA PKCS series of documents explains this format. So I now +needed to be able to encode and decode arbitary ASN.1 objects. The Public +keys were embeded in X509 certificates. Hmm... these are not only +ASN.1 objects but they make up a heirachy of authentication. To +authenticate a X509 certificate one needs to retrieve it's issuers +certificate etc etc. Hmm..., so I also need to implement some kind +of certificate management software. I would also have to implement +software to authenticate certificates. At this point the support code made +the SSL part of my library look quite small. +Around this time, the first version of SSLeay was released. + +Ah, but here was the problem, I was not happy with the code so far. As may +have become obvious, I had been treating all of this as a learning +exersize, so I have completely written the library myself. As such, due +to the way it had grown like a fungus, much of the library was not +'elagent' or neat. There were global and static variables all over the +place, the SSL part did not even handle non-blocking IO. +The Great rewrite began. + +As of this point in time, the 'Great rewrite' has almost finished. So what +follows is an approximate list of what is actually SSLeay 0.5.0 + +/********* This needs to be updated for 0.6.0+ *************/ + +--- +The library contains the following routines. Please note that most of these +functions are not specfic for SSL or any other particular cipher +implementation. I have tried to make all the routines as general purpose +as possible. So you should not think of this library as an SSL +implemtation, but rather as a library of cryptographic functions +that also contains SSL. I refer to each of these function groupings as +libraries since they are often capable of functioning as independant +libraries + +First up, the general ciphers and message digests supported by the library. + +MD2 rfc???, a standard 'by parts' interface to this algorithm. +MD5 rfc???, the same type of interface as for the MD2 library except a + different algorithm. +SHA THe Secure Hash Algorithm. Again the same type of interface as + MD2/MD5 except the digest is 20 bytes. +SHA1 The 'revised' version of SHA. Just about identical to SHA except + for one tweak of an inner loop. +DES This is my libdes library that has been floating around for the last + few years. It has been enhanced for no other reason than completeness. + It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and + triple DES modes of ecb, cbc, cfb64 and ofb64. cfb64 and ofb64 are + functional interfaces to the 64 bit modes of cfb and ofb used in + such a way thay they function as single character interfaces. +RC4 The RSA Inc. stream cipher. +RC2 The RSA Inc. block cipher. +IDEA An implmentation of the IDEA cipher, the library supports ecb, cbc, + cfb64 and ofb64 modes of operation. + +Now all the above mentioned ciphers and digests libraries support high +speed, minimal 'crap in the way' type interfaces. For fastest and +lowest level access, these routines should be used directly. + +Now there was also the matter of public key crypto systems. These are +based on large integer arithmatic. + +BN This is my large integer library. It supports all the normal + arithmentic operations. It uses malloc extensivly and as such has + no limits of the size of the numbers being manipulated. If you + wish to use 4000 bit RSA moduli, these routines will handle it. + This library also contains routines to 'generate' prime numbers and + to test for primality. The RSA and DH libraries sit on top of this + library. As of this point in time, I don't support SHA, but + when I do add it, it will just sit on top of the routines contained + in this library. +RSA This implements the RSA public key algorithm. It also contains + routines that will generate a new private/public key pair. + All the RSA functions conform to the PKCS#1 standard. +DH This is an implementation of the + Diffie-Hellman protocol. There are all the require routines for + the protocol, plus extra routines that can be used to generate a + strong prime for use with a specified generator. While this last + routine is not generally required by applications implementing DH, + It is present for completeness and because I thing it is much + better to be able to 'generate' your own 'magic' numbers as oposed + to using numbers suplied by others. I conform to the PKCS#3 + standard where required. + +You may have noticed the preceeding section mentions the 'generation' of +prime numbers. Now this requries the use of 'random numbers'. + +RAND This psuedo-random number library is based on MD5 at it's core + and a large internal state (2k bytes). Once you have entered enough + seed data into this random number algorithm I don't feel + you will ever need to worry about it generating predictable output. + Due to the way I am writing a portable library, I have left the + issue of how to get good initial random seed data upto the + application but I do have support routines for saving and loading a + persistant random number state for use between program runs. + +Now to make all these ciphers easier to use, a higher level +interface was required. In this form, the same function would be used to +encrypt 'by parts', via any one of the above mentioned ciphers. + +EVP The Digital EnVeloPe library is quite large. At it's core are + function to perform encryption and decryption by parts while using + an initial parameter to specify which of the 17 different ciphers + or 4 different message digests to use. On top of these are implmented + the digital signature functions, sign, verify, seal and open. + Base64 encoding of binary data is also done in this library. + +PEM rfc???? describe the format for Privacy Enhanced eMail. + As part of this standard, methods of encoding digital enveloped + data is an ascii format are defined. As such, I use a form of these + to encode enveloped data. While at this point in time full support + for PEM has not been built into the library, a minimal subset of + the secret key and Base64 encoding is present. These reoutines are + mostly used to Ascii encode binary data with a 'type' associated + with it and perhaps details of private key encryption used to + encrypt the data. + +PKCS7 This is another Digital Envelope encoding standard which uses ASN.1 + to encode the data. At this point in time, while there are some + routines to encode and decode this binary format, full support is + not present. + +As Mentioned, above, there are several different ways to encode +data structures. + +ASN1 This library is more a set of primatives used to encode the packing + and unpacking of data structures. It is used by the X509 + certificate standard and by the PKCS standards which are used by + this library. It also contains routines for duplicating and signing + the structures asocisated with X509. + +X509 The X509 library contains routines for packing and unpacking, + verifying and just about every thing else you would want to do with + X509 certificates. + +PKCS7 PKCS-7 is a standard for encoding digital envelope data + structures. At this point in time the routines will load and save + DER forms of these structees. They need to be re-worked to support + the BER form which is the normal way PKCS-7 is encoded. If the + previous 2 sentances don't make much sense, don't worry, this + library is not used by this version of SSLeay anyway. + +OBJ ASN.1 uses 'object identifiers' to identify objects. A set of + functions were requred to translate from ASN.1 to an intenger, to a + character string. This library provieds these translations + +Now I mentioned an X509 library. X509 specified a hieachy of certificates +which needs to be traversed to authenticate particular certificates. + +METH This library is used to push 'methods' of retrieving certificates + into the library. There are some supplied 'methods' with SSLeay + but applications can add new methods if they so desire. + This library has not been finished and is not being used in this + version. + +Now all the above are required for use in the initial point of this project. + +SSL The SSL protocol. This is a full implmentation of SSL v 2. It + support both server and client authentication. SSL v 3 support + will be added when the SSL v 3 specification is released in it's + final form. + +Now quite a few of the above mentioned libraries rely on a few 'complex' +data structures. For each of these I have a library. + +Lhash This is a hash table library which is used extensivly. + +STACK An implemetation of a Stack data structure. + +BUF A simple character array structure that also support a function to + check that the array is greater that a certain size, if it is not, + it is realloced so that is it. + +TXT_DB A simple memory based text file data base. The application can specify + unique indexes that will be enforced at update time. + +CONF Most of the programs written for this library require a configuration + file. Instead of letting programs constantly re-implment this + subsystem, the CONF library provides a consistant and flexable + interface to not only configuration files but also environment + variables. + +But what about when something goes wrong? +The one advantage (and perhaps disadvantage) of all of these +functions being in one library was the ability to implement a +single error reporting system. + +ERR This library is used to report errors. The error system records + library number, function number (in the library) and reason + number. Multiple errors can be reported so that an 'error' trace + is created. The errors can be printed in numeric or textual form. + diff --git a/doc/ssluse.doc b/doc/ssluse.doc new file mode 100644 index 0000000000000000000000000000000000000000..2e3a26cbf3c3b7e2e92586e20c8279312e4e812a --- /dev/null +++ b/doc/ssluse.doc @@ -0,0 +1,45 @@ +We have an SSL_CTX which contains global information for lots of +SSL connections. The session-id cache and the certificate verificate cache. +It also contains default values for use when certificates are used. + +SSL_CTX + default cipher list + session-id cache + certificate cache + default session-id timeout period + New session-id callback + Required session-id callback + session-id stats + Informational callback + Callback that is set, overrides the SSLeay X509 certificate + verification + The default Certificate/Private Key pair + Default read ahead mode. + Default verify mode and verify callback. These are not used + if the over ride callback mentioned above is used. + +Each SSL can have the following defined for it before a connection is made. + +Certificate +Private key +Ciphers to use +Certificate verify mode and callback +IO object to use in the comunication. +Some 'read-ahead' mode information. +A previous session-id to re-use. + +A connection is made by using SSL_connect or SSL_accept. +When non-blocking IO is being used, there are functions that can be used +to determin where and why the SSL_connect or SSL_accept did not complete. +This information can be used to recall the functions when the 'error' +condition has dissapeared. + +After the connection has been made, information can be retrived about the +SSL session and the session-id values that have been decided apon. +The 'peer' certificate can be retrieved. + +The session-id values include +'start time' +'timeout length' + + diff --git a/doc/stack.doc b/doc/stack.doc new file mode 100644 index 0000000000000000000000000000000000000000..7c20b1b664a1b07761c68236f13ca1e40bc22cb8 --- /dev/null +++ b/doc/stack.doc @@ -0,0 +1,96 @@ +The stack data structure is used to store an ordered list of objects. +It is basically misnamed to call it a stack but it can function that way +and that is what I originally used it for. Due to the way element +pointers are kept in a malloc()ed array, the most efficient way to use this +structure is to add and delete elements from the end via sk_pop() and +sk_push(). If you wish to do 'lookups' sk_find() is quite efficient since +it will sort the stack (if required) and then do a binary search to lookup +the requested item. This sorting occurs automatically so just sk_push() +elements on the stack and don't worry about the order. Do remember that if +you do a sk_find(), the order of the elements will change. + +You should never need to 'touch' this structure directly. +typedef struct stack_st + { + unsigned int num; + char **data; + int sorted; + + unsigned int num_alloc; + int (*comp)(); + } STACK; + +'num' holds the number of elements in the stack, 'data' is the array of +elements. 'sorted' is 1 is the list has been sorted, 0 if not. + +num_alloc is the number of 'nodes' allocated in 'data'. When num becomes +larger than num_alloc, data is realloced to a larger size. +If 'comp' is set, it is a function that is used to compare 2 of the items +in the stack. The function should return -1, 0 or 1, depending on the +ordering. + +#define sk_num(sk) ((sk)->num) +#define sk_value(sk,n) ((sk)->data[n]) + +These 2 macros should be used to access the number of elements in the +'stack' and to access a pointer to one of the values. + +STACK *sk_new(int (*c)()); + This creates a new stack. If 'c', the comparison function, is not +specified, the various functions that operate on a sorted 'stack' will not +work (sk_find()). NULL is returned on failure. + +void sk_free(STACK *); + This function free()'s a stack structure. The elements in the +stack will not be freed so one should 'pop' and free all elements from the +stack before calling this function or call sk_pop_free() instead. + +void sk_pop_free(STACK *st; void (*func)()); + This function calls 'func' for each element on the stack, passing +the element as the argument. sk_free() is then called to free the 'stack' +structure. + +int sk_insert(STACK *sk,char *data,int where); + This function inserts 'data' into stack 'sk' at location 'where'. +If 'where' is larger that the number of elements in the stack, the element +is put at the end. This function tends to be used by other 'stack' +functions. Returns 0 on failure, otherwise the number of elements in the +new stack. + +char *sk_delete(STACK *st,int loc); + Remove the item a location 'loc' from the stack and returns it. +Returns NULL if the 'loc' is out of range. + +char *sk_delete_ptr(STACK *st, char *p); + If the data item pointed to by 'p' is in the stack, it is deleted +from the stack and returned. NULL is returned if the element is not in the +stack. + +int sk_find(STACK *st,char *data); + Returns the location that contains a value that is equal to +the 'data' item. If the comparison function was not set, this function +does a linear search. This function actually qsort()s the stack if it is not +in order and then uses bsearch() to do the initial search. If the +search fails,, -1 is returned. For mutliple items with the same +value, the index of the first in the array is returned. + +int sk_push(STACK *st,char *data); + Append 'data' to the stack. 0 is returned if there is a failure +(due to a malloc failure), else 1. This is +sk_insert(st,data,sk_num(st)); + +int sk_unshift(STACK *st,char *data); + Prepend 'data' to the front (location 0) of the stack. This is +sk_insert(st,data,0); + +char *sk_shift(STACK *st); + Return and delete from the stack the first element in the stack. +This is sk_delete(st,0); + +char *sk_pop(STACK *st); + Return and delete the last element on the stack. This is +sk_delete(st,sk_num(sk)-1); + +void sk_zero(STACK *st); + Removes all items from the stack. It does not 'free' +pointers but is a quick way to clear a 'stack of references'. diff --git a/doc/threads.doc b/doc/threads.doc new file mode 100644 index 0000000000000000000000000000000000000000..251061e8965cf9e3be65b25b4e26a51f65db4ac0 --- /dev/null +++ b/doc/threads.doc @@ -0,0 +1,90 @@ +How to compile SSLeay for multi-threading. + +Well basically it is quite simple, set the compiler flags and build. +I have only really done much testing under Solaris and Windows NT. +If you library supports localtime_r() and gmtime_r() add, +-DTHREADS to the makefile parameters. You can probably survive with out +this define unless you are going to have multiple threads generating +certificates at once. It will not affect the SSL side of things. + +The approach I have taken to doing locking is to make the application provide +callbacks to perform locking and so that the SSLeay library can distinguish +between threads (for the error state). + +To have a look at an example program, 'cd mt; vi mttest.c'. +To build under solaris, sh solaris.sh, for Windows NT or Windows 95, +win32.bat + +This will build mttest which will fire up 10 threads that talk SSL +to each other 10 times. +To enable everything to work, the application needs to call + +CRYPTO_set_id_callback(id_function); +CRYPTO_set_locking_callback(locking_function); + +before any multithreading is started. +id_function does not need to be defined under Windows NT or 95, the +correct function will be called if it is not. Under unix, getpid() +is call if the id_callback is not defined, for solaris this is wrong +(since threads id's are not pid's) but under IRIX it is correct +(threads are just processes sharing the data segement). + +The locking_callback is used to perform locking by the SSLeay library. +eg. + +void solaris_locking_callback(mode,type,file,line) +int mode; +int type; +char *file; +int line; + { + if (mode & CRYPTO_LOCK) + mutex_lock(&(lock_cs[type])); + else + mutex_unlock(&(lock_cs[type])); + } + +Now in this case I have used mutexes instead of read/write locks, since they +are faster and there are not many read locks in SSLeay, you may as well +always use write locks. file and line are __FILE__ and __LINE__ from +the compile and can be usefull when debugging. + +Now as you can see, 'type' can be one of a range of values, these values are +defined in crypto/crypto.h +CRYPTO_get_lock_name(type) will return a text version of what the lock is. +There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup +for multi-threading can be + +static mutex_t lock_cs[CRYPTO_NUM_LOCKS]; + +void thread_setup() + { + int i; + + for (i=0; i +# include +# include +# include +# include +# endif +# include +# include + +#if defined(WIN16) && (!defined(MONOLITH) || defined(SSLEAY)) && defined(_WINEXITNOPERSIST) +# define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); \ + return(n); } +#else +# define EXIT(n) return(n); +#endif +# define LIST_SEPARATOR_CHAR ';' +#ifndef X_OK +# define X_OK 0 +#endif +#ifndef W_OK +# define W_OK 2 +#endif +#ifndef R_OK +# define R_OK 4 +#endif +# define SSLEAY_CONF "ssleay.cnf" +# define NUL_DEV "nul" +# define RFILE ".rnd" + +#else /* The non-microsoft world world */ + +# ifdef VMS +# include +# else +# include +# endif + +# define SSLEAY_CONF "ssleay.cnf" +# define RFILE ".rnd" +# define LIST_SEPARATOR_CHAR ':' +# ifndef MONOLITH +# define EXIT(n) exit(n); return(n) +# else +# define EXIT(n) return(n) +# endif +# define NUL_DEV "/dev/null" + +# define SSLeay_getpid() getpid() + +#endif + +/*************/ + +#ifdef USE_SOCKETS +# if defined(WINDOWS) || defined(MSDOS) + /* windows world */ + +# ifdef NO_SOCK +# define SSLeay_Write(a,b,c) (-1) +# define SSLeay_Read(a,b,c) (-1) +# define SHUTDOWN(fd) close(fd) +# define SHUTDOWN2(fd) close(fd) +# else +# include +extern HINSTANCE _hInstance; +# define SSLeay_Write(a,b,c) send((a),(b),(c),0) +# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) +# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } +# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } +# endif + + +# else + +# ifndef VMS + /* unix world */ +# include +# include +# include +# include +# include /* Needed under linux for FD_XXX */ +# include +# endif + +# if defined(NeXT) || defined(_NEXT_SOURCE) +# include +# include +# endif + +# ifdef AIX +# include +# endif + +# if defined(sun) +# include +# else +# include +# endif + +# ifdef VMS +# include +# endif + +# define SSLeay_Read(a,b,c) read((a),(b),(c)) +# define SSLeay_Write(a,b,c) write((a),(b),(c)) +# define SHUTDOWN(fd) { shutdown((fd),0); close((fd)); } +# define SHUTDOWN2(fd) { shutdown((fd),2); close((fd)); } +# define INVALID_SOCKET -1 +# endif +#endif + +#if defined(THREADS) || defined(sun) +#ifndef _REENTRANT +#define _REENTRANT +#endif +#endif + +/***********************************************/ + +#ifndef NOPROTO +#define P_CC_CC const void *,const void * +#define P_I_I int,int +#define P_I_I_P_I int,int,char *,int +#define P_IP_I_I_P_I int *,int,int,char *,int +#define P_V void +#else +#define P_CC_CC +#define P_I_I +#define P_IP_I_I_P_I +#define P_I_I_P_I +#define P_V +#endif + +/* not used yet */ +#define CS_BEGIN +#define CS_END + +/* do we need to do this for getenv. + * Just define getenv for use under windows */ + +#ifdef WIN16 +/* How to do this needs to be thought out a bit more.... */ +/*char *GETENV(char *); +#define Getenv GETENV*/ +#define Getenv getenv +#else +#define Getenv getenv +#endif + +#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ + +#ifdef sgi +#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ +#endif + +#ifdef NO_MD2 +#define MD2_Init MD2Init +#define MD2_Update MD2Update +#define MD2_Final MD2Final +#define MD2_DIGEST_LENGTH 16 +#endif +#ifdef NO_MD5 +#define MD5_Init MD5Init +#define MD5_Update MD5Update +#define MD5_Final MD5Final +#define MD5_DIGEST_LENGTH 16 +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/makefile.one b/makefile.one new file mode 100644 index 0000000000000000000000000000000000000000..afb3127abd61ecb80f6c565813ba6a793e228740 --- /dev/null +++ b/makefile.one @@ -0,0 +1,1576 @@ +# This makefile has been automatically generated from the SSLeay distribution. +# This single makefile will build the complete SSLeay distribution and +# by default leave the 'intertesting' output files in ./out and the stuff +# that needs deleting in ./tmp. +# The file was generated by running 'make makefile.one', which +# does a 'make files', which writes all the environment variables from all +# the makefiles to the file call MINFO. This file is used by +# util/mk1mf.pl to generate makefile.one. +# The 'makefile per directory' system suites me when developing this +# library and also so I can 'distribute' indervidual library sections. +# The one monster makefile better suits building in non-unix +# environments. + +INSTALLTOP=/usr/local/ssl + +# Set your compiler options +CC=cc +CFLAG=-O -DTERMIO +APP_CFLAG= +LIB_CFLAG= +APP_EX_OBJ= +SHLIB_EX_OBJ= +# add extra libraries to this define, for solaris -lsocket -lnsl would +# be added +EX_LIBS= + +# The SSLeay directory +SRC_D=. + +LINK=${CC} +LFLAGS=${CFLAGS} + +BN_MULW_OBJ= +BN_MULW_SRC= +DES_ENC_OBJ= +DES_ENC_SRC= +DES_CRYPT_OBJ= +DES_CRYPT_SRC= +BF_ENC_OBJ= +BF_ENC_SRC= + +# The output directory for everything intersting +OUT_D=out +# The output directory for all the temporary muck +TMP_D=tmp + +CP=/bin/cp +RM=/bin/rm -f +RANLIB=$(SRC_D)/util/ranlib.sh +MKDIR=mkdir +MKLIB=ar r +MLFLAGS= +ASM=as + +###################################################### +# You should not need to touch anything below this point +###################################################### + +E_EXE=ssleay +SSL=ssl +CRYPTO=crypto +RSAGLUE=RSAglue + +# BIN_D - Binary output directory +# TEST_D - Binary test file output directory +# LIB_D - library output directory +# INC_D - include directory +BIN_D=$(OUT_D) +TEST_D=$(OUT_D) +LIB_D=$(OUT_D) +INC_D=$(OUT_D) + +# INCL_D - local library directory +# OBJ_D - temp object file directory +OBJ_D=$(TMP_D) +INCL_D=$(TMP_D) + +O_SSL= $(LIB_D)/lib$(SSL).a +O_CRYPTO= $(LIB_D)/lib$(CRYPTO).a +O_RSAGLUE= $(LIB_D)/lib$(RSAGLUE).a +L_SSL= $(LIB_D)/lib$(SSL).a +L_CRYPTO= $(LIB_D)/lib$(CRYPTO).a + +L_LIBS= $(L_SSL) $(L_CRYPTO) +#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO) + +###################################################### +# Don't touch anything below this point +###################################################### + +INC=-DFLAT_INC -I$(INC_D) -I$(INCL_D) +APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG) +LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) +LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL) + +############################################# +HEADER=$(INCL_D)/e_os.h \ + $(INCL_D)/cryptlib.h $(INCL_D)/date.h $(INCL_D)/md5_locl.h \ + $(INCL_D)/sha_locl.h $(INCL_D)/des_locl.h $(INCL_D)/rpc_des.h \ + $(INCL_D)/podd.h $(INCL_D)/sk.h $(INCL_D)/spr.h \ + $(INCL_D)/des_ver.h $(INCL_D)/rc2_locl.h $(INCL_D)/idea_lcl.h \ + $(INCL_D)/bf_pi.h $(INCL_D)/bf_locl.h $(INCL_D)/bn_lcl.h \ + $(INCL_D)/bn_prime.h $(INCL_D)/obj_dat.h $(INCL_D)/conf_lcl.h \ + $(INCL_D)/ssl_locl.h $(INCL_D)/rsaref.h $(INCL_D)/apps.h \ + $(INCL_D)/progs.h $(INCL_D)/s_apps.h $(INCL_D)/testdsa.h \ + $(INCL_D)/testrsa.h + +EXHEADER=$(INC_D)/crypto.h \ + $(INC_D)/cryptall.h $(INC_D)/md2.h $(INC_D)/md5.h \ + $(INC_D)/sha.h $(INC_D)/mdc2.h $(INC_D)/des.h \ + $(INC_D)/rc4.h $(INC_D)/rc2.h $(INC_D)/idea.h \ + $(INC_D)/blowfish.h $(INC_D)/bn.h $(INC_D)/rsa.h \ + $(INC_D)/dsa.h $(INC_D)/dh.h $(INC_D)/buffer.h \ + $(INC_D)/bio.h $(INC_D)/stack.h $(INC_D)/lhash.h \ + $(INC_D)/rand.h $(INC_D)/err.h $(INC_D)/objects.h \ + $(INC_D)/evp.h $(INC_D)/pem.h $(INC_D)/asn1.h \ + $(INC_D)/asn1_mac.h $(INC_D)/x509.h $(INC_D)/x509_vfy.h \ + $(INC_D)/conf.h $(INC_D)/txt_db.h $(INC_D)/pkcs7.h \ + $(INC_D)/ssl.h $(INC_D)/ssl2.h $(INC_D)/ssl3.h \ + $(INC_D)/ssl23.h + +T_OBJ=$(OBJ_D)/md2test.o \ + $(OBJ_D)/md5test.o $(OBJ_D)/shatest.o $(OBJ_D)/sha1test.o \ + $(OBJ_D)/mdc2test.o $(OBJ_D)/destest.o $(OBJ_D)/rc4test.o \ + $(OBJ_D)/rc2test.o $(OBJ_D)/ideatest.o $(OBJ_D)/bftest.o \ + $(OBJ_D)/bntest.o $(OBJ_D)/exptest.o $(OBJ_D)/dsatest.o \ + $(OBJ_D)/dhtest.o $(OBJ_D)/randtest.o $(OBJ_D)/ssltest.o + +E_OBJ=$(OBJ_D)/verify.o \ + $(OBJ_D)/asn1pars.o $(OBJ_D)/req.o $(OBJ_D)/dgst.o \ + $(OBJ_D)/dh.o $(OBJ_D)/enc.o $(OBJ_D)/gendh.o \ + $(OBJ_D)/errstr.o $(OBJ_D)/ca.o $(OBJ_D)/gendsa.o \ + $(OBJ_D)/pkcs7.o $(OBJ_D)/crl2p7.o $(OBJ_D)/crl.o \ + $(OBJ_D)/rsa.o $(OBJ_D)/dsa.o $(OBJ_D)/dsaparam.o \ + $(OBJ_D)/x509.o $(OBJ_D)/genrsa.o $(OBJ_D)/s_server.o \ + $(OBJ_D)/s_client.o $(OBJ_D)/speed.o $(OBJ_D)/s_time.o \ + $(OBJ_D)/apps.o $(OBJ_D)/s_cb.o $(OBJ_D)/s_socket.o \ + $(OBJ_D)/version.o $(OBJ_D)/sess_id.o $(OBJ_D)/ciphers.o \ + $(OBJ_D)/ssleay.o + +CRYPTOOBJ=$(OBJ_D)/cryptlib.o \ + $(OBJ_D)/mem.o $(OBJ_D)/cversion.o $(OBJ_D)/md2_dgst.o \ + $(OBJ_D)/md5_dgst.o $(OBJ_D)/md2_one.o $(OBJ_D)/md5_one.o \ + $(OBJ_D)/sha_dgst.o $(OBJ_D)/sha1dgst.o $(OBJ_D)/sha_one.o \ + $(OBJ_D)/sha1_one.o $(OBJ_D)/mdc2dgst.o $(OBJ_D)/mdc2_one.o \ + $(OBJ_D)/set_key.o $(OBJ_D)/ecb_enc.o $(OBJ_D)/ede_enc.o \ + $(OBJ_D)/cbc_enc.o $(OBJ_D)/cbc3_enc.o $(OBJ_D)/ecb3_enc.o \ + $(OBJ_D)/cfb64enc.o $(OBJ_D)/cfb64ede.o $(OBJ_D)/cfb_enc.o \ + $(OBJ_D)/ofb64ede.o $(OBJ_D)/enc_read.o $(OBJ_D)/enc_writ.o \ + $(OBJ_D)/ncbc_enc.o $(OBJ_D)/ofb64enc.o $(OBJ_D)/ofb_enc.o \ + $(OBJ_D)/str2key.o $(OBJ_D)/pcbc_enc.o $(OBJ_D)/qud_cksm.o \ + $(OBJ_D)/rand_key.o $(OBJ_D)/des_enc.o $(OBJ_D)/fcrypt_b.o \ + $(OBJ_D)/read2pwd.o $(OBJ_D)/fcrypt.o $(OBJ_D)/xcbc_enc.o \ + $(OBJ_D)/read_pwd.o $(OBJ_D)/rpc_enc.o $(OBJ_D)/cbc_cksm.o \ + $(OBJ_D)/supp.o $(OBJ_D)/rc4_enc.o $(OBJ_D)/rc2_ecb.o \ + $(OBJ_D)/rc2_skey.o $(OBJ_D)/rc2_cbc.o $(OBJ_D)/rc2cfb64.o \ + $(OBJ_D)/rc2ofb64.o $(OBJ_D)/i_cbc.o $(OBJ_D)/i_cfb64.o \ + $(OBJ_D)/i_ofb64.o $(OBJ_D)/i_ecb.o $(OBJ_D)/i_skey.o \ + $(OBJ_D)/bf_skey.o $(OBJ_D)/bf_ecb.o $(OBJ_D)/bf_enc.o \ + $(OBJ_D)/bf_cbc.o $(OBJ_D)/bf_cfb64.o $(OBJ_D)/bf_ofb64.o \ + $(OBJ_D)/bn_add.o $(OBJ_D)/bn_div.o $(OBJ_D)/bn_exp.o \ + $(OBJ_D)/bn_lib.o $(OBJ_D)/bn_mod.o $(OBJ_D)/bn_mul.o \ + $(OBJ_D)/bn_print.o $(OBJ_D)/bn_rand.o $(OBJ_D)/bn_shift.o \ + $(OBJ_D)/bn_sub.o $(OBJ_D)/bn_word.o $(OBJ_D)/bn_gcd.o \ + $(OBJ_D)/bn_prime.o $(OBJ_D)/bn_err.o $(OBJ_D)/bn_sqr.o \ + $(OBJ_D)/bn_mulw.o $(OBJ_D)/bn_recp.o $(OBJ_D)/bn_mont.o \ + $(OBJ_D)/rsa_enc.o $(OBJ_D)/rsa_gen.o $(OBJ_D)/rsa_lib.o \ + $(OBJ_D)/rsa_sign.o $(OBJ_D)/rsa_saos.o $(OBJ_D)/rsa_err.o \ + $(OBJ_D)/dsa_gen.o $(OBJ_D)/dsa_key.o $(OBJ_D)/dsa_lib.o \ + $(OBJ_D)/dsa_vrf.o $(OBJ_D)/dsa_sign.o $(OBJ_D)/dsa_err.o \ + $(OBJ_D)/dh_gen.o $(OBJ_D)/dh_key.o $(OBJ_D)/dh_lib.o \ + $(OBJ_D)/dh_check.o $(OBJ_D)/dh_err.o $(OBJ_D)/buffer.o \ + $(OBJ_D)/buf_err.o $(OBJ_D)/bio_lib.o $(OBJ_D)/bio_cb.o \ + $(OBJ_D)/bio_err.o $(OBJ_D)/bss_mem.o $(OBJ_D)/bss_null.o \ + $(OBJ_D)/bss_fd.o $(OBJ_D)/bss_file.o $(OBJ_D)/bss_sock.o \ + $(OBJ_D)/bss_conn.o $(OBJ_D)/bf_null.o $(OBJ_D)/bf_buff.o \ + $(OBJ_D)/b_print.o $(OBJ_D)/b_dump.o $(OBJ_D)/b_sock.o \ + $(OBJ_D)/bss_acpt.o $(OBJ_D)/bf_nbio.o $(OBJ_D)/stack.o \ + $(OBJ_D)/lhash.o $(OBJ_D)/lh_stats.o $(OBJ_D)/md_rand.o \ + $(OBJ_D)/randfile.o $(OBJ_D)/err.o $(OBJ_D)/err_all.o \ + $(OBJ_D)/err_prn.o $(OBJ_D)/obj_dat.o $(OBJ_D)/obj_lib.o \ + $(OBJ_D)/obj_err.o $(OBJ_D)/encode.o $(OBJ_D)/digest.o \ + $(OBJ_D)/evp_enc.o $(OBJ_D)/evp_key.o $(OBJ_D)/e_ecb_d.o \ + $(OBJ_D)/e_cbc_d.o $(OBJ_D)/e_cfb_d.o $(OBJ_D)/e_ofb_d.o \ + $(OBJ_D)/e_ecb_i.o $(OBJ_D)/e_cbc_i.o $(OBJ_D)/e_cfb_i.o \ + $(OBJ_D)/e_ofb_i.o $(OBJ_D)/e_ecb_3d.o $(OBJ_D)/e_cbc_3d.o \ + $(OBJ_D)/e_rc4.o $(OBJ_D)/names.o $(OBJ_D)/e_cfb_3d.o \ + $(OBJ_D)/e_ofb_3d.o $(OBJ_D)/e_xcbc_d.o $(OBJ_D)/e_ecb_r2.o \ + $(OBJ_D)/e_cbc_r2.o $(OBJ_D)/e_cfb_r2.o $(OBJ_D)/e_ofb_r2.o \ + $(OBJ_D)/e_ecb_bf.o $(OBJ_D)/e_cbc_bf.o $(OBJ_D)/e_cfb_bf.o \ + $(OBJ_D)/e_ofb_bf.o $(OBJ_D)/m_null.o $(OBJ_D)/m_md2.o \ + $(OBJ_D)/m_md5.o $(OBJ_D)/m_sha.o $(OBJ_D)/m_sha1.o \ + $(OBJ_D)/m_dss.o $(OBJ_D)/m_dss1.o $(OBJ_D)/m_mdc2.o \ + $(OBJ_D)/p_open.o $(OBJ_D)/p_seal.o $(OBJ_D)/p_sign.o \ + $(OBJ_D)/p_verify.o $(OBJ_D)/p_lib.o $(OBJ_D)/bio_md.o \ + $(OBJ_D)/bio_b64.o $(OBJ_D)/bio_enc.o $(OBJ_D)/evp_err.o \ + $(OBJ_D)/e_null.o $(OBJ_D)/c_all.o $(OBJ_D)/pem_sign.o \ + $(OBJ_D)/pem_seal.o $(OBJ_D)/pem_info.o $(OBJ_D)/pem_lib.o \ + $(OBJ_D)/pem_all.o $(OBJ_D)/pem_err.o $(OBJ_D)/a_object.o \ + $(OBJ_D)/a_bitstr.o $(OBJ_D)/a_utctm.o $(OBJ_D)/a_int.o \ + $(OBJ_D)/a_octet.o $(OBJ_D)/a_print.o $(OBJ_D)/a_type.o \ + $(OBJ_D)/a_set.o $(OBJ_D)/a_dup.o $(OBJ_D)/a_d2i_fp.o \ + $(OBJ_D)/a_i2d_fp.o $(OBJ_D)/a_sign.o $(OBJ_D)/a_digest.o \ + $(OBJ_D)/a_verify.o $(OBJ_D)/x_algor.o $(OBJ_D)/x_val.o \ + $(OBJ_D)/x_pubkey.o $(OBJ_D)/x_sig.o $(OBJ_D)/x_req.o \ + $(OBJ_D)/x_attrib.o $(OBJ_D)/x_name.o $(OBJ_D)/x_cinf.o \ + $(OBJ_D)/x_x509.o $(OBJ_D)/x_crl.o $(OBJ_D)/x_info.o \ + $(OBJ_D)/x_spki.o $(OBJ_D)/d2i_r_pr.o $(OBJ_D)/i2d_r_pr.o \ + $(OBJ_D)/d2i_r_pu.o $(OBJ_D)/i2d_r_pu.o $(OBJ_D)/d2i_s_pr.o \ + $(OBJ_D)/i2d_s_pr.o $(OBJ_D)/d2i_s_pu.o $(OBJ_D)/i2d_s_pu.o \ + $(OBJ_D)/d2i_pu.o $(OBJ_D)/d2i_pr.o $(OBJ_D)/i2d_pu.o \ + $(OBJ_D)/i2d_pr.o $(OBJ_D)/t_req.o $(OBJ_D)/t_x509.o \ + $(OBJ_D)/t_pkey.o $(OBJ_D)/p7_i_s.o $(OBJ_D)/p7_signi.o \ + $(OBJ_D)/p7_signd.o $(OBJ_D)/p7_recip.o $(OBJ_D)/p7_enc_c.o \ + $(OBJ_D)/p7_evp.o $(OBJ_D)/p7_dgst.o $(OBJ_D)/p7_s_e.o \ + $(OBJ_D)/p7_enc.o $(OBJ_D)/p7_lib.o $(OBJ_D)/f_int.o \ + $(OBJ_D)/f_string.o $(OBJ_D)/i2d_dhp.o $(OBJ_D)/i2d_dsap.o \ + $(OBJ_D)/d2i_dhp.o $(OBJ_D)/d2i_dsap.o $(OBJ_D)/n_pkey.o \ + $(OBJ_D)/a_hdr.o $(OBJ_D)/x_pkey.o $(OBJ_D)/a_bool.o \ + $(OBJ_D)/x_exten.o $(OBJ_D)/asn1_par.o $(OBJ_D)/asn1_lib.o \ + $(OBJ_D)/asn1_err.o $(OBJ_D)/a_meth.o $(OBJ_D)/a_bytes.o \ + $(OBJ_D)/x509_def.o $(OBJ_D)/x509_d2.o $(OBJ_D)/x509_r2x.o \ + $(OBJ_D)/x509_cmp.o $(OBJ_D)/x509_obj.o $(OBJ_D)/x509_req.o \ + $(OBJ_D)/x509_vfy.o $(OBJ_D)/x509_set.o $(OBJ_D)/x509rset.o \ + $(OBJ_D)/x509_err.o $(OBJ_D)/x509name.o $(OBJ_D)/x509_v3.o \ + $(OBJ_D)/x509_ext.o $(OBJ_D)/x509pack.o $(OBJ_D)/x509type.o \ + $(OBJ_D)/x509_lu.o $(OBJ_D)/x_all.o $(OBJ_D)/x509_txt.o \ + $(OBJ_D)/by_file.o $(OBJ_D)/by_dir.o $(OBJ_D)/v3_net.o \ + $(OBJ_D)/v3_x509.o $(OBJ_D)/conf.o $(OBJ_D)/conf_err.o \ + $(OBJ_D)/txt_db.o $(OBJ_D)/pk7_lib.o $(OBJ_D)/pkcs7err.o \ + $(OBJ_D)/pk7_doit.o + +SSLOBJ=$(OBJ_D)/s2_meth.o \ + $(OBJ_D)/s2_srvr.o $(OBJ_D)/s2_clnt.o $(OBJ_D)/s2_lib.o \ + $(OBJ_D)/s2_pkt.o $(OBJ_D)/s2_enc.o $(OBJ_D)/s3_meth.o \ + $(OBJ_D)/s3_srvr.o $(OBJ_D)/s3_clnt.o $(OBJ_D)/s3_lib.o \ + $(OBJ_D)/s3_pkt.o $(OBJ_D)/s3_enc.o $(OBJ_D)/s3_both.o \ + $(OBJ_D)/s23_meth.o $(OBJ_D)/s23_srvr.o $(OBJ_D)/s23_clnt.o \ + $(OBJ_D)/s23_lib.o $(OBJ_D)/s23_pkt.o $(OBJ_D)/ssl_lib.o \ + $(OBJ_D)/ssl_err2.o $(OBJ_D)/ssl_cert.o $(OBJ_D)/ssl_sess.o \ + $(OBJ_D)/ssl_ciph.o $(OBJ_D)/ssl_stat.o $(OBJ_D)/ssl_rsa.o \ + $(OBJ_D)/ssl_asn1.o $(OBJ_D)/ssl_txt.o $(OBJ_D)/ssl_algs.o \ + $(OBJ_D)/bio_ssl.o $(OBJ_D)/ssl_err.o + +RSAGLUEOBJ=$(OBJ_D)/rsaref.o \ + $(OBJ_D)/rsar_err.o + +T_EXE=$(TEST_D)/md2test \ + $(TEST_D)/md5test $(TEST_D)/shatest $(TEST_D)/sha1test \ + $(TEST_D)/mdc2test $(TEST_D)/destest $(TEST_D)/rc4test \ + $(TEST_D)/rc2test $(TEST_D)/ideatest $(TEST_D)/bftest \ + $(TEST_D)/bntest $(TEST_D)/exptest $(TEST_D)/dsatest \ + $(TEST_D)/dhtest $(TEST_D)/randtest $(TEST_D)/ssltest + +################################################################### +all: banner $(OUT_D) $(TMP_D) headers lib exe + +banner: + + +$(OUT_D): + $(MKDIR) $(OUT_D) + +$(TMP_D): + $(MKDIR) $(TMP_D) + +headers: $(HEADER) $(EXHEADER) + +lib: $(LIBS_DEP) + +exe: $(T_EXE) $(BIN_D)/$(E_EXE) + +install: + $(MKDIR) $(INSTALLTOP) + $(MKDIR) $(INSTALLTOP)/bin + $(MKDIR) $(INSTALLTOP)/include + $(MKDIR) $(INSTALLTOP)/lib + $(CP) $(INC_D)/*.h $(INSTALLTOP)/include + $(CP) $(BIN_D)/$(E_EXE) $(INSTALLTOP)/bin + $(CP) $(LIB_D)/$(O_SSL) $(INSTALLTOP)/lib + $(CP) $(LIB_D)/$(O_CRYPTO) $(INSTALLTOP)/lib + +clean: + $(RM) $(TMP_D)/*.* + +vclean: + $(RM) $(TMP_D)/*.* + $(RM) $(OUT_D)/*.* + +$(INCL_D)/e_os.h: $(SRC_D)/./e_os.h + $(CP) $(SRC_D)/./e_os.h $(INCL_D)/e_os.h + +$(INCL_D)/cryptlib.h: $(SRC_D)/crypto/cryptlib.h + $(CP) $(SRC_D)/crypto/cryptlib.h $(INCL_D)/cryptlib.h + +$(INCL_D)/date.h: $(SRC_D)/crypto/date.h + $(CP) $(SRC_D)/crypto/date.h $(INCL_D)/date.h + +$(INCL_D)/md5_locl.h: $(SRC_D)/crypto/md/md5_locl.h + $(CP) $(SRC_D)/crypto/md/md5_locl.h $(INCL_D)/md5_locl.h + +$(INCL_D)/sha_locl.h: $(SRC_D)/crypto/sha/sha_locl.h + $(CP) $(SRC_D)/crypto/sha/sha_locl.h $(INCL_D)/sha_locl.h + +$(INCL_D)/des_locl.h: $(SRC_D)/crypto/des/des_locl.h + $(CP) $(SRC_D)/crypto/des/des_locl.h $(INCL_D)/des_locl.h + +$(INCL_D)/rpc_des.h: $(SRC_D)/crypto/des/rpc_des.h + $(CP) $(SRC_D)/crypto/des/rpc_des.h $(INCL_D)/rpc_des.h + +$(INCL_D)/podd.h: $(SRC_D)/crypto/des/podd.h + $(CP) $(SRC_D)/crypto/des/podd.h $(INCL_D)/podd.h + +$(INCL_D)/sk.h: $(SRC_D)/crypto/des/sk.h + $(CP) $(SRC_D)/crypto/des/sk.h $(INCL_D)/sk.h + +$(INCL_D)/spr.h: $(SRC_D)/crypto/des/spr.h + $(CP) $(SRC_D)/crypto/des/spr.h $(INCL_D)/spr.h + +$(INCL_D)/des_ver.h: $(SRC_D)/crypto/des/des_ver.h + $(CP) $(SRC_D)/crypto/des/des_ver.h $(INCL_D)/des_ver.h + +$(INCL_D)/rc2_locl.h: $(SRC_D)/crypto/rc2/rc2_locl.h + $(CP) $(SRC_D)/crypto/rc2/rc2_locl.h $(INCL_D)/rc2_locl.h + +$(INCL_D)/idea_lcl.h: $(SRC_D)/crypto/idea/idea_lcl.h + $(CP) $(SRC_D)/crypto/idea/idea_lcl.h $(INCL_D)/idea_lcl.h + +$(INCL_D)/bf_pi.h: $(SRC_D)/crypto/bf/bf_pi.h + $(CP) $(SRC_D)/crypto/bf/bf_pi.h $(INCL_D)/bf_pi.h + +$(INCL_D)/bf_locl.h: $(SRC_D)/crypto/bf/bf_locl.h + $(CP) $(SRC_D)/crypto/bf/bf_locl.h $(INCL_D)/bf_locl.h + +$(INCL_D)/bn_lcl.h: $(SRC_D)/crypto/bn/bn_lcl.h + $(CP) $(SRC_D)/crypto/bn/bn_lcl.h $(INCL_D)/bn_lcl.h + +$(INCL_D)/bn_prime.h: $(SRC_D)/crypto/bn/bn_prime.h + $(CP) $(SRC_D)/crypto/bn/bn_prime.h $(INCL_D)/bn_prime.h + +$(INCL_D)/obj_dat.h: $(SRC_D)/crypto/objects/obj_dat.h + $(CP) $(SRC_D)/crypto/objects/obj_dat.h $(INCL_D)/obj_dat.h + +$(INCL_D)/conf_lcl.h: $(SRC_D)/crypto/conf/conf_lcl.h + $(CP) $(SRC_D)/crypto/conf/conf_lcl.h $(INCL_D)/conf_lcl.h + +$(INCL_D)/ssl_locl.h: $(SRC_D)/ssl/ssl_locl.h + $(CP) $(SRC_D)/ssl/ssl_locl.h $(INCL_D)/ssl_locl.h + +$(INCL_D)/rsaref.h: $(SRC_D)/rsaref/rsaref.h + $(CP) $(SRC_D)/rsaref/rsaref.h $(INCL_D)/rsaref.h + +$(INCL_D)/apps.h: $(SRC_D)/apps/apps.h + $(CP) $(SRC_D)/apps/apps.h $(INCL_D)/apps.h + +$(INCL_D)/progs.h: $(SRC_D)/apps/progs.h + $(CP) $(SRC_D)/apps/progs.h $(INCL_D)/progs.h + +$(INCL_D)/s_apps.h: $(SRC_D)/apps/s_apps.h + $(CP) $(SRC_D)/apps/s_apps.h $(INCL_D)/s_apps.h + +$(INCL_D)/testdsa.h: $(SRC_D)/apps/testdsa.h + $(CP) $(SRC_D)/apps/testdsa.h $(INCL_D)/testdsa.h + +$(INCL_D)/testrsa.h: $(SRC_D)/apps/testrsa.h + $(CP) $(SRC_D)/apps/testrsa.h $(INCL_D)/testrsa.h + +$(INC_D)/crypto.h: $(SRC_D)/crypto/crypto.h + $(CP) $(SRC_D)/crypto/crypto.h $(INC_D)/crypto.h + +$(INC_D)/cryptall.h: $(SRC_D)/crypto/cryptall.h + $(CP) $(SRC_D)/crypto/cryptall.h $(INC_D)/cryptall.h + +$(INC_D)/md2.h: $(SRC_D)/crypto/md/md2.h + $(CP) $(SRC_D)/crypto/md/md2.h $(INC_D)/md2.h + +$(INC_D)/md5.h: $(SRC_D)/crypto/md/md5.h + $(CP) $(SRC_D)/crypto/md/md5.h $(INC_D)/md5.h + +$(INC_D)/sha.h: $(SRC_D)/crypto/sha/sha.h + $(CP) $(SRC_D)/crypto/sha/sha.h $(INC_D)/sha.h + +$(INC_D)/mdc2.h: $(SRC_D)/crypto/mdc2/mdc2.h + $(CP) $(SRC_D)/crypto/mdc2/mdc2.h $(INC_D)/mdc2.h + +$(INC_D)/des.h: $(SRC_D)/crypto/des/des.h + $(CP) $(SRC_D)/crypto/des/des.h $(INC_D)/des.h + +$(INC_D)/rc4.h: $(SRC_D)/crypto/rc4/rc4.h + $(CP) $(SRC_D)/crypto/rc4/rc4.h $(INC_D)/rc4.h + +$(INC_D)/rc2.h: $(SRC_D)/crypto/rc2/rc2.h + $(CP) $(SRC_D)/crypto/rc2/rc2.h $(INC_D)/rc2.h + +$(INC_D)/idea.h: $(SRC_D)/crypto/idea/idea.h + $(CP) $(SRC_D)/crypto/idea/idea.h $(INC_D)/idea.h + +$(INC_D)/blowfish.h: $(SRC_D)/crypto/bf/blowfish.h + $(CP) $(SRC_D)/crypto/bf/blowfish.h $(INC_D)/blowfish.h + +$(INC_D)/bn.h: $(SRC_D)/crypto/bn/bn.h + $(CP) $(SRC_D)/crypto/bn/bn.h $(INC_D)/bn.h + +$(INC_D)/rsa.h: $(SRC_D)/crypto/rsa/rsa.h + $(CP) $(SRC_D)/crypto/rsa/rsa.h $(INC_D)/rsa.h + +$(INC_D)/dsa.h: $(SRC_D)/crypto/dsa/dsa.h + $(CP) $(SRC_D)/crypto/dsa/dsa.h $(INC_D)/dsa.h + +$(INC_D)/dh.h: $(SRC_D)/crypto/dh/dh.h + $(CP) $(SRC_D)/crypto/dh/dh.h $(INC_D)/dh.h + +$(INC_D)/buffer.h: $(SRC_D)/crypto/buffer/buffer.h + $(CP) $(SRC_D)/crypto/buffer/buffer.h $(INC_D)/buffer.h + +$(INC_D)/bio.h: $(SRC_D)/crypto/bio/bio.h + $(CP) $(SRC_D)/crypto/bio/bio.h $(INC_D)/bio.h + +$(INC_D)/stack.h: $(SRC_D)/crypto/stack/stack.h + $(CP) $(SRC_D)/crypto/stack/stack.h $(INC_D)/stack.h + +$(INC_D)/lhash.h: $(SRC_D)/crypto/lhash/lhash.h + $(CP) $(SRC_D)/crypto/lhash/lhash.h $(INC_D)/lhash.h + +$(INC_D)/rand.h: $(SRC_D)/crypto/rand/rand.h + $(CP) $(SRC_D)/crypto/rand/rand.h $(INC_D)/rand.h + +$(INC_D)/err.h: $(SRC_D)/crypto/err/err.h + $(CP) $(SRC_D)/crypto/err/err.h $(INC_D)/err.h + +$(INC_D)/objects.h: $(SRC_D)/crypto/objects/objects.h + $(CP) $(SRC_D)/crypto/objects/objects.h $(INC_D)/objects.h + +$(INC_D)/evp.h: $(SRC_D)/crypto/evp/evp.h + $(CP) $(SRC_D)/crypto/evp/evp.h $(INC_D)/evp.h + +$(INC_D)/pem.h: $(SRC_D)/crypto/pem/pem.h + $(CP) $(SRC_D)/crypto/pem/pem.h $(INC_D)/pem.h + +$(INC_D)/asn1.h: $(SRC_D)/crypto/asn1/asn1.h + $(CP) $(SRC_D)/crypto/asn1/asn1.h $(INC_D)/asn1.h + +$(INC_D)/asn1_mac.h: $(SRC_D)/crypto/asn1/asn1_mac.h + $(CP) $(SRC_D)/crypto/asn1/asn1_mac.h $(INC_D)/asn1_mac.h + +$(INC_D)/x509.h: $(SRC_D)/crypto/x509/x509.h + $(CP) $(SRC_D)/crypto/x509/x509.h $(INC_D)/x509.h + +$(INC_D)/x509_vfy.h: $(SRC_D)/crypto/x509/x509_vfy.h + $(CP) $(SRC_D)/crypto/x509/x509_vfy.h $(INC_D)/x509_vfy.h + +$(INC_D)/conf.h: $(SRC_D)/crypto/conf/conf.h + $(CP) $(SRC_D)/crypto/conf/conf.h $(INC_D)/conf.h + +$(INC_D)/txt_db.h: $(SRC_D)/crypto/txt_db/txt_db.h + $(CP) $(SRC_D)/crypto/txt_db/txt_db.h $(INC_D)/txt_db.h + +$(INC_D)/pkcs7.h: $(SRC_D)/crypto/pkcs7/pkcs7.h + $(CP) $(SRC_D)/crypto/pkcs7/pkcs7.h $(INC_D)/pkcs7.h + +$(INC_D)/ssl.h: $(SRC_D)/ssl/ssl.h + $(CP) $(SRC_D)/ssl/ssl.h $(INC_D)/ssl.h + +$(INC_D)/ssl2.h: $(SRC_D)/ssl/ssl2.h + $(CP) $(SRC_D)/ssl/ssl2.h $(INC_D)/ssl2.h + +$(INC_D)/ssl3.h: $(SRC_D)/ssl/ssl3.h + $(CP) $(SRC_D)/ssl/ssl3.h $(INC_D)/ssl3.h + +$(INC_D)/ssl23.h: $(SRC_D)/ssl/ssl23.h + $(CP) $(SRC_D)/ssl/ssl23.h $(INC_D)/ssl23.h + +$(OBJ_D)/md2test.o: $(SRC_D)/crypto/md/md2test.c + $(CC) -o $(OBJ_D)/md2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md/md2test.c + +$(OBJ_D)/md5test.o: $(SRC_D)/crypto/md/md5test.c + $(CC) -o $(OBJ_D)/md5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md/md5test.c + +$(OBJ_D)/shatest.o: $(SRC_D)/crypto/sha/shatest.c + $(CC) -o $(OBJ_D)/shatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/shatest.c + +$(OBJ_D)/sha1test.o: $(SRC_D)/crypto/sha/sha1test.c + $(CC) -o $(OBJ_D)/sha1test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/sha1test.c + +$(OBJ_D)/mdc2test.o: $(SRC_D)/crypto/mdc2/mdc2test.c + $(CC) -o $(OBJ_D)/mdc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2test.c + +$(OBJ_D)/destest.o: $(SRC_D)/crypto/des/destest.c + $(CC) -o $(OBJ_D)/destest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/des/destest.c + +$(OBJ_D)/rc4test.o: $(SRC_D)/crypto/rc4/rc4test.c + $(CC) -o $(OBJ_D)/rc4test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4test.c + +$(OBJ_D)/rc2test.o: $(SRC_D)/crypto/rc2/rc2test.c + $(CC) -o $(OBJ_D)/rc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2test.c + +$(OBJ_D)/ideatest.o: $(SRC_D)/crypto/idea/ideatest.c + $(CC) -o $(OBJ_D)/ideatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/idea/ideatest.c + +$(OBJ_D)/bftest.o: $(SRC_D)/crypto/bf/bftest.c + $(CC) -o $(OBJ_D)/bftest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bf/bftest.c + +$(OBJ_D)/bntest.o: $(SRC_D)/crypto/bn/bntest.c + $(CC) -o $(OBJ_D)/bntest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/bntest.c + +$(OBJ_D)/exptest.o: $(SRC_D)/crypto/bn/exptest.c + $(CC) -o $(OBJ_D)/exptest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/exptest.c + +$(OBJ_D)/dsatest.o: $(SRC_D)/crypto/dsa/dsatest.c + $(CC) -o $(OBJ_D)/dsatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/dsa/dsatest.c + +$(OBJ_D)/dhtest.o: $(SRC_D)/crypto/dh/dhtest.c + $(CC) -o $(OBJ_D)/dhtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/dh/dhtest.c + +$(OBJ_D)/randtest.o: $(SRC_D)/crypto/rand/randtest.c + $(CC) -o $(OBJ_D)/randtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rand/randtest.c + +$(OBJ_D)/ssltest.o: $(SRC_D)/ssl/ssltest.c + $(CC) -o $(OBJ_D)/ssltest.o $(APP_CFLAGS) -c $(SRC_D)/ssl/ssltest.c + +$(OBJ_D)/verify.o: $(SRC_D)/apps/verify.c + $(CC) -o $(OBJ_D)/verify.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/verify.c + +$(OBJ_D)/asn1pars.o: $(SRC_D)/apps/asn1pars.c + $(CC) -o $(OBJ_D)/asn1pars.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/asn1pars.c + +$(OBJ_D)/req.o: $(SRC_D)/apps/req.c + $(CC) -o $(OBJ_D)/req.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/req.c + +$(OBJ_D)/dgst.o: $(SRC_D)/apps/dgst.c + $(CC) -o $(OBJ_D)/dgst.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dgst.c + +$(OBJ_D)/dh.o: $(SRC_D)/apps/dh.c + $(CC) -o $(OBJ_D)/dh.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dh.c + +$(OBJ_D)/enc.o: $(SRC_D)/apps/enc.c + $(CC) -o $(OBJ_D)/enc.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/enc.c + +$(OBJ_D)/gendh.o: $(SRC_D)/apps/gendh.c + $(CC) -o $(OBJ_D)/gendh.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/gendh.c + +$(OBJ_D)/errstr.o: $(SRC_D)/apps/errstr.c + $(CC) -o $(OBJ_D)/errstr.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/errstr.c + +$(OBJ_D)/ca.o: $(SRC_D)/apps/ca.c + $(CC) -o $(OBJ_D)/ca.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ca.c + +$(OBJ_D)/gendsa.o: $(SRC_D)/apps/gendsa.c + $(CC) -o $(OBJ_D)/gendsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/gendsa.c + +$(OBJ_D)/pkcs7.o: $(SRC_D)/apps/pkcs7.c + $(CC) -o $(OBJ_D)/pkcs7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/pkcs7.c + +$(OBJ_D)/crl2p7.o: $(SRC_D)/apps/crl2p7.c + $(CC) -o $(OBJ_D)/crl2p7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/crl2p7.c + +$(OBJ_D)/crl.o: $(SRC_D)/apps/crl.c + $(CC) -o $(OBJ_D)/crl.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/crl.c + +$(OBJ_D)/rsa.o: $(SRC_D)/apps/rsa.c + $(CC) -o $(OBJ_D)/rsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/rsa.c + +$(OBJ_D)/dsa.o: $(SRC_D)/apps/dsa.c + $(CC) -o $(OBJ_D)/dsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dsa.c + +$(OBJ_D)/dsaparam.o: $(SRC_D)/apps/dsaparam.c + $(CC) -o $(OBJ_D)/dsaparam.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dsaparam.c + +$(OBJ_D)/x509.o: $(SRC_D)/apps/x509.c + $(CC) -o $(OBJ_D)/x509.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/x509.c + +$(OBJ_D)/genrsa.o: $(SRC_D)/apps/genrsa.c + $(CC) -o $(OBJ_D)/genrsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/genrsa.c + +$(OBJ_D)/s_server.o: $(SRC_D)/apps/s_server.c + $(CC) -o $(OBJ_D)/s_server.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_server.c + +$(OBJ_D)/s_client.o: $(SRC_D)/apps/s_client.c + $(CC) -o $(OBJ_D)/s_client.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_client.c + +$(OBJ_D)/speed.o: $(SRC_D)/apps/speed.c + $(CC) -o $(OBJ_D)/speed.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/speed.c + +$(OBJ_D)/s_time.o: $(SRC_D)/apps/s_time.c + $(CC) -o $(OBJ_D)/s_time.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_time.c + +$(OBJ_D)/apps.o: $(SRC_D)/apps/apps.c + $(CC) -o $(OBJ_D)/apps.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/apps.c + +$(OBJ_D)/s_cb.o: $(SRC_D)/apps/s_cb.c + $(CC) -o $(OBJ_D)/s_cb.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_cb.c + +$(OBJ_D)/s_socket.o: $(SRC_D)/apps/s_socket.c + $(CC) -o $(OBJ_D)/s_socket.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_socket.c + +$(OBJ_D)/version.o: $(SRC_D)/apps/version.c + $(CC) -o $(OBJ_D)/version.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/version.c + +$(OBJ_D)/sess_id.o: $(SRC_D)/apps/sess_id.c + $(CC) -o $(OBJ_D)/sess_id.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/sess_id.c + +$(OBJ_D)/ciphers.o: $(SRC_D)/apps/ciphers.c + $(CC) -o $(OBJ_D)/ciphers.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ciphers.c + +$(OBJ_D)/ssleay.o: $(SRC_D)/apps/ssleay.c + $(CC) -o $(OBJ_D)/ssleay.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ssleay.c + +$(OBJ_D)/cryptlib.o: $(SRC_D)/crypto/cryptlib.c + $(CC) -o $(OBJ_D)/cryptlib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/cryptlib.c + +$(OBJ_D)/mem.o: $(SRC_D)/crypto/mem.c + $(CC) -o $(OBJ_D)/mem.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/mem.c + +$(OBJ_D)/cversion.o: $(SRC_D)/crypto/cversion.c + $(CC) -o $(OBJ_D)/cversion.o $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)/crypto/cversion.c + +$(OBJ_D)/md2_dgst.o: $(SRC_D)/crypto/md/md2_dgst.c + $(CC) -o $(OBJ_D)/md2_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md2_dgst.c + +$(OBJ_D)/md5_dgst.o: $(SRC_D)/crypto/md/md5_dgst.c + $(CC) -o $(OBJ_D)/md5_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md5_dgst.c + +$(OBJ_D)/md2_one.o: $(SRC_D)/crypto/md/md2_one.c + $(CC) -o $(OBJ_D)/md2_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md2_one.c + +$(OBJ_D)/md5_one.o: $(SRC_D)/crypto/md/md5_one.c + $(CC) -o $(OBJ_D)/md5_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/md/md5_one.c + +$(OBJ_D)/sha_dgst.o: $(SRC_D)/crypto/sha/sha_dgst.c + $(CC) -o $(OBJ_D)/sha_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_dgst.c + +$(OBJ_D)/sha1dgst.o: $(SRC_D)/crypto/sha/sha1dgst.c + $(CC) -o $(OBJ_D)/sha1dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1dgst.c + +$(OBJ_D)/sha_one.o: $(SRC_D)/crypto/sha/sha_one.c + $(CC) -o $(OBJ_D)/sha_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_one.c + +$(OBJ_D)/sha1_one.o: $(SRC_D)/crypto/sha/sha1_one.c + $(CC) -o $(OBJ_D)/sha1_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1_one.c + +$(OBJ_D)/mdc2dgst.o: $(SRC_D)/crypto/mdc2/mdc2dgst.c + $(CC) -o $(OBJ_D)/mdc2dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2dgst.c + +$(OBJ_D)/mdc2_one.o: $(SRC_D)/crypto/mdc2/mdc2_one.c + $(CC) -o $(OBJ_D)/mdc2_one.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2_one.c + +$(OBJ_D)/set_key.o: $(SRC_D)/crypto/des/set_key.c + $(CC) -o $(OBJ_D)/set_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/set_key.c + +$(OBJ_D)/ecb_enc.o: $(SRC_D)/crypto/des/ecb_enc.c + $(CC) -o $(OBJ_D)/ecb_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb_enc.c + +$(OBJ_D)/ede_enc.o: $(SRC_D)/crypto/des/ede_enc.c + $(CC) -o $(OBJ_D)/ede_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ede_enc.c + +$(OBJ_D)/cbc_enc.o: $(SRC_D)/crypto/des/cbc_enc.c + $(CC) -o $(OBJ_D)/cbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_enc.c + +$(OBJ_D)/cbc3_enc.o: $(SRC_D)/crypto/des/cbc3_enc.c + $(CC) -o $(OBJ_D)/cbc3_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc3_enc.c + +$(OBJ_D)/ecb3_enc.o: $(SRC_D)/crypto/des/ecb3_enc.c + $(CC) -o $(OBJ_D)/ecb3_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb3_enc.c + +$(OBJ_D)/cfb64enc.o: $(SRC_D)/crypto/des/cfb64enc.c + $(CC) -o $(OBJ_D)/cfb64enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64enc.c + +$(OBJ_D)/cfb64ede.o: $(SRC_D)/crypto/des/cfb64ede.c + $(CC) -o $(OBJ_D)/cfb64ede.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64ede.c + +$(OBJ_D)/cfb_enc.o: $(SRC_D)/crypto/des/cfb_enc.c + $(CC) -o $(OBJ_D)/cfb_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb_enc.c + +$(OBJ_D)/ofb64ede.o: $(SRC_D)/crypto/des/ofb64ede.c + $(CC) -o $(OBJ_D)/ofb64ede.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64ede.c + +$(OBJ_D)/enc_read.o: $(SRC_D)/crypto/des/enc_read.c + $(CC) -o $(OBJ_D)/enc_read.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_read.c + +$(OBJ_D)/enc_writ.o: $(SRC_D)/crypto/des/enc_writ.c + $(CC) -o $(OBJ_D)/enc_writ.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_writ.c + +$(OBJ_D)/ncbc_enc.o: $(SRC_D)/crypto/des/ncbc_enc.c + $(CC) -o $(OBJ_D)/ncbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ncbc_enc.c + +$(OBJ_D)/ofb64enc.o: $(SRC_D)/crypto/des/ofb64enc.c + $(CC) -o $(OBJ_D)/ofb64enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64enc.c + +$(OBJ_D)/ofb_enc.o: $(SRC_D)/crypto/des/ofb_enc.c + $(CC) -o $(OBJ_D)/ofb_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb_enc.c + +$(OBJ_D)/str2key.o: $(SRC_D)/crypto/des/str2key.c + $(CC) -o $(OBJ_D)/str2key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/str2key.c + +$(OBJ_D)/pcbc_enc.o: $(SRC_D)/crypto/des/pcbc_enc.c + $(CC) -o $(OBJ_D)/pcbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/pcbc_enc.c + +$(OBJ_D)/qud_cksm.o: $(SRC_D)/crypto/des/qud_cksm.c + $(CC) -o $(OBJ_D)/qud_cksm.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/qud_cksm.c + +$(OBJ_D)/rand_key.o: $(SRC_D)/crypto/des/rand_key.c + $(CC) -o $(OBJ_D)/rand_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rand_key.c + +$(OBJ_D)/des_enc.o: $(SRC_D)/crypto/des/des_enc.c + $(CC) -o $(OBJ_D)/des_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/des_enc.c + +$(OBJ_D)/fcrypt_b.o: $(SRC_D)/crypto/des/fcrypt_b.c + $(CC) -o $(OBJ_D)/fcrypt_b.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt_b.c + +$(OBJ_D)/read2pwd.o: $(SRC_D)/crypto/des/read2pwd.c + $(CC) -o $(OBJ_D)/read2pwd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read2pwd.c + +$(OBJ_D)/fcrypt.o: $(SRC_D)/crypto/des/fcrypt.c + $(CC) -o $(OBJ_D)/fcrypt.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt.c + +$(OBJ_D)/xcbc_enc.o: $(SRC_D)/crypto/des/xcbc_enc.c + $(CC) -o $(OBJ_D)/xcbc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/xcbc_enc.c + +$(OBJ_D)/read_pwd.o: $(SRC_D)/crypto/des/read_pwd.c + $(CC) -o $(OBJ_D)/read_pwd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read_pwd.c + +$(OBJ_D)/rpc_enc.o: $(SRC_D)/crypto/des/rpc_enc.c + $(CC) -o $(OBJ_D)/rpc_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rpc_enc.c + +$(OBJ_D)/cbc_cksm.o: $(SRC_D)/crypto/des/cbc_cksm.c + $(CC) -o $(OBJ_D)/cbc_cksm.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_cksm.c + +$(OBJ_D)/supp.o: $(SRC_D)/crypto/des/supp.c + $(CC) -o $(OBJ_D)/supp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/supp.c + +$(OBJ_D)/rc4_enc.o: $(SRC_D)/crypto/rc4/rc4_enc.c + $(CC) -o $(OBJ_D)/rc4_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_enc.c + +$(OBJ_D)/rc2_ecb.o: $(SRC_D)/crypto/rc2/rc2_ecb.c + $(CC) -o $(OBJ_D)/rc2_ecb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_ecb.c + +$(OBJ_D)/rc2_skey.o: $(SRC_D)/crypto/rc2/rc2_skey.c + $(CC) -o $(OBJ_D)/rc2_skey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_skey.c + +$(OBJ_D)/rc2_cbc.o: $(SRC_D)/crypto/rc2/rc2_cbc.c + $(CC) -o $(OBJ_D)/rc2_cbc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_cbc.c + +$(OBJ_D)/rc2cfb64.o: $(SRC_D)/crypto/rc2/rc2cfb64.c + $(CC) -o $(OBJ_D)/rc2cfb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2cfb64.c + +$(OBJ_D)/rc2ofb64.o: $(SRC_D)/crypto/rc2/rc2ofb64.c + $(CC) -o $(OBJ_D)/rc2ofb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2ofb64.c + +$(OBJ_D)/i_cbc.o: $(SRC_D)/crypto/idea/i_cbc.c + $(CC) -o $(OBJ_D)/i_cbc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cbc.c + +$(OBJ_D)/i_cfb64.o: $(SRC_D)/crypto/idea/i_cfb64.c + $(CC) -o $(OBJ_D)/i_cfb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cfb64.c + +$(OBJ_D)/i_ofb64.o: $(SRC_D)/crypto/idea/i_ofb64.c + $(CC) -o $(OBJ_D)/i_ofb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ofb64.c + +$(OBJ_D)/i_ecb.o: $(SRC_D)/crypto/idea/i_ecb.c + $(CC) -o $(OBJ_D)/i_ecb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ecb.c + +$(OBJ_D)/i_skey.o: $(SRC_D)/crypto/idea/i_skey.c + $(CC) -o $(OBJ_D)/i_skey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_skey.c + +$(OBJ_D)/bf_skey.o: $(SRC_D)/crypto/bf/bf_skey.c + $(CC) -o $(OBJ_D)/bf_skey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_skey.c + +$(OBJ_D)/bf_ecb.o: $(SRC_D)/crypto/bf/bf_ecb.c + $(CC) -o $(OBJ_D)/bf_ecb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ecb.c + +$(OBJ_D)/bf_enc.o: $(SRC_D)/crypto/bf/bf_enc.c + $(CC) -o $(OBJ_D)/bf_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_enc.c + +$(OBJ_D)/bf_cbc.o: $(SRC_D)/crypto/bf/bf_cbc.c + $(CC) -o $(OBJ_D)/bf_cbc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cbc.c + +$(OBJ_D)/bf_cfb64.o: $(SRC_D)/crypto/bf/bf_cfb64.c + $(CC) -o $(OBJ_D)/bf_cfb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cfb64.c + +$(OBJ_D)/bf_ofb64.o: $(SRC_D)/crypto/bf/bf_ofb64.c + $(CC) -o $(OBJ_D)/bf_ofb64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ofb64.c + +$(OBJ_D)/bn_add.o: $(SRC_D)/crypto/bn/bn_add.c + $(CC) -o $(OBJ_D)/bn_add.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_add.c + +$(OBJ_D)/bn_div.o: $(SRC_D)/crypto/bn/bn_div.c + $(CC) -o $(OBJ_D)/bn_div.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_div.c + +$(OBJ_D)/bn_exp.o: $(SRC_D)/crypto/bn/bn_exp.c + $(CC) -o $(OBJ_D)/bn_exp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_exp.c + +$(OBJ_D)/bn_lib.o: $(SRC_D)/crypto/bn/bn_lib.c + $(CC) -o $(OBJ_D)/bn_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_lib.c + +$(OBJ_D)/bn_mod.o: $(SRC_D)/crypto/bn/bn_mod.c + $(CC) -o $(OBJ_D)/bn_mod.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mod.c + +$(OBJ_D)/bn_mul.o: $(SRC_D)/crypto/bn/bn_mul.c + $(CC) -o $(OBJ_D)/bn_mul.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mul.c + +$(OBJ_D)/bn_print.o: $(SRC_D)/crypto/bn/bn_print.c + $(CC) -o $(OBJ_D)/bn_print.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_print.c + +$(OBJ_D)/bn_rand.o: $(SRC_D)/crypto/bn/bn_rand.c + $(CC) -o $(OBJ_D)/bn_rand.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_rand.c + +$(OBJ_D)/bn_shift.o: $(SRC_D)/crypto/bn/bn_shift.c + $(CC) -o $(OBJ_D)/bn_shift.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_shift.c + +$(OBJ_D)/bn_sub.o: $(SRC_D)/crypto/bn/bn_sub.c + $(CC) -o $(OBJ_D)/bn_sub.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sub.c + +$(OBJ_D)/bn_word.o: $(SRC_D)/crypto/bn/bn_word.c + $(CC) -o $(OBJ_D)/bn_word.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_word.c + +$(OBJ_D)/bn_gcd.o: $(SRC_D)/crypto/bn/bn_gcd.c + $(CC) -o $(OBJ_D)/bn_gcd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_gcd.c + +$(OBJ_D)/bn_prime.o: $(SRC_D)/crypto/bn/bn_prime.c + $(CC) -o $(OBJ_D)/bn_prime.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_prime.c + +$(OBJ_D)/bn_err.o: $(SRC_D)/crypto/bn/bn_err.c + $(CC) -o $(OBJ_D)/bn_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_err.c + +$(OBJ_D)/bn_sqr.o: $(SRC_D)/crypto/bn/bn_sqr.c + $(CC) -o $(OBJ_D)/bn_sqr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sqr.c + +$(OBJ_D)/bn_mulw.o: $(SRC_D)/crypto/bn/bn_mulw.c + $(CC) -o $(OBJ_D)/bn_mulw.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mulw.c + +$(OBJ_D)/bn_recp.o: $(SRC_D)/crypto/bn/bn_recp.c + $(CC) -o $(OBJ_D)/bn_recp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_recp.c + +$(OBJ_D)/bn_mont.o: $(SRC_D)/crypto/bn/bn_mont.c + $(CC) -o $(OBJ_D)/bn_mont.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mont.c + +$(OBJ_D)/rsa_enc.o: $(SRC_D)/crypto/rsa/rsa_enc.c + $(CC) -o $(OBJ_D)/rsa_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_enc.c + +$(OBJ_D)/rsa_gen.o: $(SRC_D)/crypto/rsa/rsa_gen.c + $(CC) -o $(OBJ_D)/rsa_gen.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_gen.c + +$(OBJ_D)/rsa_lib.o: $(SRC_D)/crypto/rsa/rsa_lib.c + $(CC) -o $(OBJ_D)/rsa_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_lib.c + +$(OBJ_D)/rsa_sign.o: $(SRC_D)/crypto/rsa/rsa_sign.c + $(CC) -o $(OBJ_D)/rsa_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_sign.c + +$(OBJ_D)/rsa_saos.o: $(SRC_D)/crypto/rsa/rsa_saos.c + $(CC) -o $(OBJ_D)/rsa_saos.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_saos.c + +$(OBJ_D)/rsa_err.o: $(SRC_D)/crypto/rsa/rsa_err.c + $(CC) -o $(OBJ_D)/rsa_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_err.c + +$(OBJ_D)/dsa_gen.o: $(SRC_D)/crypto/dsa/dsa_gen.c + $(CC) -o $(OBJ_D)/dsa_gen.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_gen.c + +$(OBJ_D)/dsa_key.o: $(SRC_D)/crypto/dsa/dsa_key.c + $(CC) -o $(OBJ_D)/dsa_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_key.c + +$(OBJ_D)/dsa_lib.o: $(SRC_D)/crypto/dsa/dsa_lib.c + $(CC) -o $(OBJ_D)/dsa_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_lib.c + +$(OBJ_D)/dsa_vrf.o: $(SRC_D)/crypto/dsa/dsa_vrf.c + $(CC) -o $(OBJ_D)/dsa_vrf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_vrf.c + +$(OBJ_D)/dsa_sign.o: $(SRC_D)/crypto/dsa/dsa_sign.c + $(CC) -o $(OBJ_D)/dsa_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_sign.c + +$(OBJ_D)/dsa_err.o: $(SRC_D)/crypto/dsa/dsa_err.c + $(CC) -o $(OBJ_D)/dsa_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_err.c + +$(OBJ_D)/dh_gen.o: $(SRC_D)/crypto/dh/dh_gen.c + $(CC) -o $(OBJ_D)/dh_gen.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_gen.c + +$(OBJ_D)/dh_key.o: $(SRC_D)/crypto/dh/dh_key.c + $(CC) -o $(OBJ_D)/dh_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_key.c + +$(OBJ_D)/dh_lib.o: $(SRC_D)/crypto/dh/dh_lib.c + $(CC) -o $(OBJ_D)/dh_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_lib.c + +$(OBJ_D)/dh_check.o: $(SRC_D)/crypto/dh/dh_check.c + $(CC) -o $(OBJ_D)/dh_check.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_check.c + +$(OBJ_D)/dh_err.o: $(SRC_D)/crypto/dh/dh_err.c + $(CC) -o $(OBJ_D)/dh_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_err.c + +$(OBJ_D)/buffer.o: $(SRC_D)/crypto/buffer/buffer.c + $(CC) -o $(OBJ_D)/buffer.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buffer.c + +$(OBJ_D)/buf_err.o: $(SRC_D)/crypto/buffer/buf_err.c + $(CC) -o $(OBJ_D)/buf_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buf_err.c + +$(OBJ_D)/bio_lib.o: $(SRC_D)/crypto/bio/bio_lib.c + $(CC) -o $(OBJ_D)/bio_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_lib.c + +$(OBJ_D)/bio_cb.o: $(SRC_D)/crypto/bio/bio_cb.c + $(CC) -o $(OBJ_D)/bio_cb.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_cb.c + +$(OBJ_D)/bio_err.o: $(SRC_D)/crypto/bio/bio_err.c + $(CC) -o $(OBJ_D)/bio_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_err.c + +$(OBJ_D)/bss_mem.o: $(SRC_D)/crypto/bio/bss_mem.c + $(CC) -o $(OBJ_D)/bss_mem.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_mem.c + +$(OBJ_D)/bss_null.o: $(SRC_D)/crypto/bio/bss_null.c + $(CC) -o $(OBJ_D)/bss_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_null.c + +$(OBJ_D)/bss_fd.o: $(SRC_D)/crypto/bio/bss_fd.c + $(CC) -o $(OBJ_D)/bss_fd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_fd.c + +$(OBJ_D)/bss_file.o: $(SRC_D)/crypto/bio/bss_file.c + $(CC) -o $(OBJ_D)/bss_file.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_file.c + +$(OBJ_D)/bss_sock.o: $(SRC_D)/crypto/bio/bss_sock.c + $(CC) -o $(OBJ_D)/bss_sock.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_sock.c + +$(OBJ_D)/bss_conn.o: $(SRC_D)/crypto/bio/bss_conn.c + $(CC) -o $(OBJ_D)/bss_conn.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_conn.c + +$(OBJ_D)/bf_null.o: $(SRC_D)/crypto/bio/bf_null.c + $(CC) -o $(OBJ_D)/bf_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_null.c + +$(OBJ_D)/bf_buff.o: $(SRC_D)/crypto/bio/bf_buff.c + $(CC) -o $(OBJ_D)/bf_buff.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_buff.c + +$(OBJ_D)/b_print.o: $(SRC_D)/crypto/bio/b_print.c + $(CC) -o $(OBJ_D)/b_print.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_print.c + +$(OBJ_D)/b_dump.o: $(SRC_D)/crypto/bio/b_dump.c + $(CC) -o $(OBJ_D)/b_dump.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_dump.c + +$(OBJ_D)/b_sock.o: $(SRC_D)/crypto/bio/b_sock.c + $(CC) -o $(OBJ_D)/b_sock.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_sock.c + +$(OBJ_D)/bss_acpt.o: $(SRC_D)/crypto/bio/bss_acpt.c + $(CC) -o $(OBJ_D)/bss_acpt.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_acpt.c + +$(OBJ_D)/bf_nbio.o: $(SRC_D)/crypto/bio/bf_nbio.c + $(CC) -o $(OBJ_D)/bf_nbio.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_nbio.c + +$(OBJ_D)/stack.o: $(SRC_D)/crypto/stack/stack.c + $(CC) -o $(OBJ_D)/stack.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/stack/stack.c + +$(OBJ_D)/lhash.o: $(SRC_D)/crypto/lhash/lhash.c + $(CC) -o $(OBJ_D)/lhash.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lhash.c + +$(OBJ_D)/lh_stats.o: $(SRC_D)/crypto/lhash/lh_stats.c + $(CC) -o $(OBJ_D)/lh_stats.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lh_stats.c + +$(OBJ_D)/md_rand.o: $(SRC_D)/crypto/rand/md_rand.c + $(CC) -o $(OBJ_D)/md_rand.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/md_rand.c + +$(OBJ_D)/randfile.o: $(SRC_D)/crypto/rand/randfile.c + $(CC) -o $(OBJ_D)/randfile.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/randfile.c + +$(OBJ_D)/err.o: $(SRC_D)/crypto/err/err.c + $(CC) -o $(OBJ_D)/err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err.c + +$(OBJ_D)/err_all.o: $(SRC_D)/crypto/err/err_all.c + $(CC) -o $(OBJ_D)/err_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_all.c + +$(OBJ_D)/err_prn.o: $(SRC_D)/crypto/err/err_prn.c + $(CC) -o $(OBJ_D)/err_prn.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_prn.c + +$(OBJ_D)/obj_dat.o: $(SRC_D)/crypto/objects/obj_dat.c + $(CC) -o $(OBJ_D)/obj_dat.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_dat.c + +$(OBJ_D)/obj_lib.o: $(SRC_D)/crypto/objects/obj_lib.c + $(CC) -o $(OBJ_D)/obj_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_lib.c + +$(OBJ_D)/obj_err.o: $(SRC_D)/crypto/objects/obj_err.c + $(CC) -o $(OBJ_D)/obj_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_err.c + +$(OBJ_D)/encode.o: $(SRC_D)/crypto/evp/encode.c + $(CC) -o $(OBJ_D)/encode.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/encode.c + +$(OBJ_D)/digest.o: $(SRC_D)/crypto/evp/digest.c + $(CC) -o $(OBJ_D)/digest.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/digest.c + +$(OBJ_D)/evp_enc.o: $(SRC_D)/crypto/evp/evp_enc.c + $(CC) -o $(OBJ_D)/evp_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_enc.c + +$(OBJ_D)/evp_key.o: $(SRC_D)/crypto/evp/evp_key.c + $(CC) -o $(OBJ_D)/evp_key.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_key.c + +$(OBJ_D)/e_ecb_d.o: $(SRC_D)/crypto/evp/e_ecb_d.c + $(CC) -o $(OBJ_D)/e_ecb_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_d.c + +$(OBJ_D)/e_cbc_d.o: $(SRC_D)/crypto/evp/e_cbc_d.c + $(CC) -o $(OBJ_D)/e_cbc_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_d.c + +$(OBJ_D)/e_cfb_d.o: $(SRC_D)/crypto/evp/e_cfb_d.c + $(CC) -o $(OBJ_D)/e_cfb_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_d.c + +$(OBJ_D)/e_ofb_d.o: $(SRC_D)/crypto/evp/e_ofb_d.c + $(CC) -o $(OBJ_D)/e_ofb_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_d.c + +$(OBJ_D)/e_ecb_i.o: $(SRC_D)/crypto/evp/e_ecb_i.c + $(CC) -o $(OBJ_D)/e_ecb_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_i.c + +$(OBJ_D)/e_cbc_i.o: $(SRC_D)/crypto/evp/e_cbc_i.c + $(CC) -o $(OBJ_D)/e_cbc_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_i.c + +$(OBJ_D)/e_cfb_i.o: $(SRC_D)/crypto/evp/e_cfb_i.c + $(CC) -o $(OBJ_D)/e_cfb_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_i.c + +$(OBJ_D)/e_ofb_i.o: $(SRC_D)/crypto/evp/e_ofb_i.c + $(CC) -o $(OBJ_D)/e_ofb_i.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_i.c + +$(OBJ_D)/e_ecb_3d.o: $(SRC_D)/crypto/evp/e_ecb_3d.c + $(CC) -o $(OBJ_D)/e_ecb_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_3d.c + +$(OBJ_D)/e_cbc_3d.o: $(SRC_D)/crypto/evp/e_cbc_3d.c + $(CC) -o $(OBJ_D)/e_cbc_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_3d.c + +$(OBJ_D)/e_rc4.o: $(SRC_D)/crypto/evp/e_rc4.c + $(CC) -o $(OBJ_D)/e_rc4.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_rc4.c + +$(OBJ_D)/names.o: $(SRC_D)/crypto/evp/names.c + $(CC) -o $(OBJ_D)/names.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/names.c + +$(OBJ_D)/e_cfb_3d.o: $(SRC_D)/crypto/evp/e_cfb_3d.c + $(CC) -o $(OBJ_D)/e_cfb_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_3d.c + +$(OBJ_D)/e_ofb_3d.o: $(SRC_D)/crypto/evp/e_ofb_3d.c + $(CC) -o $(OBJ_D)/e_ofb_3d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_3d.c + +$(OBJ_D)/e_xcbc_d.o: $(SRC_D)/crypto/evp/e_xcbc_d.c + $(CC) -o $(OBJ_D)/e_xcbc_d.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_xcbc_d.c + +$(OBJ_D)/e_ecb_r2.o: $(SRC_D)/crypto/evp/e_ecb_r2.c + $(CC) -o $(OBJ_D)/e_ecb_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r2.c + +$(OBJ_D)/e_cbc_r2.o: $(SRC_D)/crypto/evp/e_cbc_r2.c + $(CC) -o $(OBJ_D)/e_cbc_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r2.c + +$(OBJ_D)/e_cfb_r2.o: $(SRC_D)/crypto/evp/e_cfb_r2.c + $(CC) -o $(OBJ_D)/e_cfb_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r2.c + +$(OBJ_D)/e_ofb_r2.o: $(SRC_D)/crypto/evp/e_ofb_r2.c + $(CC) -o $(OBJ_D)/e_ofb_r2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r2.c + +$(OBJ_D)/e_ecb_bf.o: $(SRC_D)/crypto/evp/e_ecb_bf.c + $(CC) -o $(OBJ_D)/e_ecb_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_bf.c + +$(OBJ_D)/e_cbc_bf.o: $(SRC_D)/crypto/evp/e_cbc_bf.c + $(CC) -o $(OBJ_D)/e_cbc_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_bf.c + +$(OBJ_D)/e_cfb_bf.o: $(SRC_D)/crypto/evp/e_cfb_bf.c + $(CC) -o $(OBJ_D)/e_cfb_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_bf.c + +$(OBJ_D)/e_ofb_bf.o: $(SRC_D)/crypto/evp/e_ofb_bf.c + $(CC) -o $(OBJ_D)/e_ofb_bf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_bf.c + +$(OBJ_D)/m_null.o: $(SRC_D)/crypto/evp/m_null.c + $(CC) -o $(OBJ_D)/m_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_null.c + +$(OBJ_D)/m_md2.o: $(SRC_D)/crypto/evp/m_md2.c + $(CC) -o $(OBJ_D)/m_md2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md2.c + +$(OBJ_D)/m_md5.o: $(SRC_D)/crypto/evp/m_md5.c + $(CC) -o $(OBJ_D)/m_md5.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md5.c + +$(OBJ_D)/m_sha.o: $(SRC_D)/crypto/evp/m_sha.c + $(CC) -o $(OBJ_D)/m_sha.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha.c + +$(OBJ_D)/m_sha1.o: $(SRC_D)/crypto/evp/m_sha1.c + $(CC) -o $(OBJ_D)/m_sha1.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha1.c + +$(OBJ_D)/m_dss.o: $(SRC_D)/crypto/evp/m_dss.c + $(CC) -o $(OBJ_D)/m_dss.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss.c + +$(OBJ_D)/m_dss1.o: $(SRC_D)/crypto/evp/m_dss1.c + $(CC) -o $(OBJ_D)/m_dss1.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss1.c + +$(OBJ_D)/m_mdc2.o: $(SRC_D)/crypto/evp/m_mdc2.c + $(CC) -o $(OBJ_D)/m_mdc2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_mdc2.c + +$(OBJ_D)/p_open.o: $(SRC_D)/crypto/evp/p_open.c + $(CC) -o $(OBJ_D)/p_open.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_open.c + +$(OBJ_D)/p_seal.o: $(SRC_D)/crypto/evp/p_seal.c + $(CC) -o $(OBJ_D)/p_seal.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_seal.c + +$(OBJ_D)/p_sign.o: $(SRC_D)/crypto/evp/p_sign.c + $(CC) -o $(OBJ_D)/p_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_sign.c + +$(OBJ_D)/p_verify.o: $(SRC_D)/crypto/evp/p_verify.c + $(CC) -o $(OBJ_D)/p_verify.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_verify.c + +$(OBJ_D)/p_lib.o: $(SRC_D)/crypto/evp/p_lib.c + $(CC) -o $(OBJ_D)/p_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_lib.c + +$(OBJ_D)/bio_md.o: $(SRC_D)/crypto/evp/bio_md.c + $(CC) -o $(OBJ_D)/bio_md.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_md.c + +$(OBJ_D)/bio_b64.o: $(SRC_D)/crypto/evp/bio_b64.c + $(CC) -o $(OBJ_D)/bio_b64.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_b64.c + +$(OBJ_D)/bio_enc.o: $(SRC_D)/crypto/evp/bio_enc.c + $(CC) -o $(OBJ_D)/bio_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_enc.c + +$(OBJ_D)/evp_err.o: $(SRC_D)/crypto/evp/evp_err.c + $(CC) -o $(OBJ_D)/evp_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_err.c + +$(OBJ_D)/e_null.o: $(SRC_D)/crypto/evp/e_null.c + $(CC) -o $(OBJ_D)/e_null.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_null.c + +$(OBJ_D)/c_all.o: $(SRC_D)/crypto/evp/c_all.c + $(CC) -o $(OBJ_D)/c_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/c_all.c + +$(OBJ_D)/pem_sign.o: $(SRC_D)/crypto/pem/pem_sign.c + $(CC) -o $(OBJ_D)/pem_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_sign.c + +$(OBJ_D)/pem_seal.o: $(SRC_D)/crypto/pem/pem_seal.c + $(CC) -o $(OBJ_D)/pem_seal.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_seal.c + +$(OBJ_D)/pem_info.o: $(SRC_D)/crypto/pem/pem_info.c + $(CC) -o $(OBJ_D)/pem_info.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_info.c + +$(OBJ_D)/pem_lib.o: $(SRC_D)/crypto/pem/pem_lib.c + $(CC) -o $(OBJ_D)/pem_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_lib.c + +$(OBJ_D)/pem_all.o: $(SRC_D)/crypto/pem/pem_all.c + $(CC) -o $(OBJ_D)/pem_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_all.c + +$(OBJ_D)/pem_err.o: $(SRC_D)/crypto/pem/pem_err.c + $(CC) -o $(OBJ_D)/pem_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_err.c + +$(OBJ_D)/a_object.o: $(SRC_D)/crypto/asn1/a_object.c + $(CC) -o $(OBJ_D)/a_object.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_object.c + +$(OBJ_D)/a_bitstr.o: $(SRC_D)/crypto/asn1/a_bitstr.c + $(CC) -o $(OBJ_D)/a_bitstr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bitstr.c + +$(OBJ_D)/a_utctm.o: $(SRC_D)/crypto/asn1/a_utctm.c + $(CC) -o $(OBJ_D)/a_utctm.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_utctm.c + +$(OBJ_D)/a_int.o: $(SRC_D)/crypto/asn1/a_int.c + $(CC) -o $(OBJ_D)/a_int.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_int.c + +$(OBJ_D)/a_octet.o: $(SRC_D)/crypto/asn1/a_octet.c + $(CC) -o $(OBJ_D)/a_octet.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_octet.c + +$(OBJ_D)/a_print.o: $(SRC_D)/crypto/asn1/a_print.c + $(CC) -o $(OBJ_D)/a_print.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_print.c + +$(OBJ_D)/a_type.o: $(SRC_D)/crypto/asn1/a_type.c + $(CC) -o $(OBJ_D)/a_type.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_type.c + +$(OBJ_D)/a_set.o: $(SRC_D)/crypto/asn1/a_set.c + $(CC) -o $(OBJ_D)/a_set.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_set.c + +$(OBJ_D)/a_dup.o: $(SRC_D)/crypto/asn1/a_dup.c + $(CC) -o $(OBJ_D)/a_dup.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_dup.c + +$(OBJ_D)/a_d2i_fp.o: $(SRC_D)/crypto/asn1/a_d2i_fp.c + $(CC) -o $(OBJ_D)/a_d2i_fp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_d2i_fp.c + +$(OBJ_D)/a_i2d_fp.o: $(SRC_D)/crypto/asn1/a_i2d_fp.c + $(CC) -o $(OBJ_D)/a_i2d_fp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_i2d_fp.c + +$(OBJ_D)/a_sign.o: $(SRC_D)/crypto/asn1/a_sign.c + $(CC) -o $(OBJ_D)/a_sign.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_sign.c + +$(OBJ_D)/a_digest.o: $(SRC_D)/crypto/asn1/a_digest.c + $(CC) -o $(OBJ_D)/a_digest.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_digest.c + +$(OBJ_D)/a_verify.o: $(SRC_D)/crypto/asn1/a_verify.c + $(CC) -o $(OBJ_D)/a_verify.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_verify.c + +$(OBJ_D)/x_algor.o: $(SRC_D)/crypto/asn1/x_algor.c + $(CC) -o $(OBJ_D)/x_algor.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_algor.c + +$(OBJ_D)/x_val.o: $(SRC_D)/crypto/asn1/x_val.c + $(CC) -o $(OBJ_D)/x_val.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_val.c + +$(OBJ_D)/x_pubkey.o: $(SRC_D)/crypto/asn1/x_pubkey.c + $(CC) -o $(OBJ_D)/x_pubkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pubkey.c + +$(OBJ_D)/x_sig.o: $(SRC_D)/crypto/asn1/x_sig.c + $(CC) -o $(OBJ_D)/x_sig.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_sig.c + +$(OBJ_D)/x_req.o: $(SRC_D)/crypto/asn1/x_req.c + $(CC) -o $(OBJ_D)/x_req.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_req.c + +$(OBJ_D)/x_attrib.o: $(SRC_D)/crypto/asn1/x_attrib.c + $(CC) -o $(OBJ_D)/x_attrib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_attrib.c + +$(OBJ_D)/x_name.o: $(SRC_D)/crypto/asn1/x_name.c + $(CC) -o $(OBJ_D)/x_name.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_name.c + +$(OBJ_D)/x_cinf.o: $(SRC_D)/crypto/asn1/x_cinf.c + $(CC) -o $(OBJ_D)/x_cinf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_cinf.c + +$(OBJ_D)/x_x509.o: $(SRC_D)/crypto/asn1/x_x509.c + $(CC) -o $(OBJ_D)/x_x509.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_x509.c + +$(OBJ_D)/x_crl.o: $(SRC_D)/crypto/asn1/x_crl.c + $(CC) -o $(OBJ_D)/x_crl.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_crl.c + +$(OBJ_D)/x_info.o: $(SRC_D)/crypto/asn1/x_info.c + $(CC) -o $(OBJ_D)/x_info.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_info.c + +$(OBJ_D)/x_spki.o: $(SRC_D)/crypto/asn1/x_spki.c + $(CC) -o $(OBJ_D)/x_spki.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_spki.c + +$(OBJ_D)/d2i_r_pr.o: $(SRC_D)/crypto/asn1/d2i_r_pr.c + $(CC) -o $(OBJ_D)/d2i_r_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pr.c + +$(OBJ_D)/i2d_r_pr.o: $(SRC_D)/crypto/asn1/i2d_r_pr.c + $(CC) -o $(OBJ_D)/i2d_r_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pr.c + +$(OBJ_D)/d2i_r_pu.o: $(SRC_D)/crypto/asn1/d2i_r_pu.c + $(CC) -o $(OBJ_D)/d2i_r_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pu.c + +$(OBJ_D)/i2d_r_pu.o: $(SRC_D)/crypto/asn1/i2d_r_pu.c + $(CC) -o $(OBJ_D)/i2d_r_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pu.c + +$(OBJ_D)/d2i_s_pr.o: $(SRC_D)/crypto/asn1/d2i_s_pr.c + $(CC) -o $(OBJ_D)/d2i_s_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pr.c + +$(OBJ_D)/i2d_s_pr.o: $(SRC_D)/crypto/asn1/i2d_s_pr.c + $(CC) -o $(OBJ_D)/i2d_s_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pr.c + +$(OBJ_D)/d2i_s_pu.o: $(SRC_D)/crypto/asn1/d2i_s_pu.c + $(CC) -o $(OBJ_D)/d2i_s_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pu.c + +$(OBJ_D)/i2d_s_pu.o: $(SRC_D)/crypto/asn1/i2d_s_pu.c + $(CC) -o $(OBJ_D)/i2d_s_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pu.c + +$(OBJ_D)/d2i_pu.o: $(SRC_D)/crypto/asn1/d2i_pu.c + $(CC) -o $(OBJ_D)/d2i_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pu.c + +$(OBJ_D)/d2i_pr.o: $(SRC_D)/crypto/asn1/d2i_pr.c + $(CC) -o $(OBJ_D)/d2i_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pr.c + +$(OBJ_D)/i2d_pu.o: $(SRC_D)/crypto/asn1/i2d_pu.c + $(CC) -o $(OBJ_D)/i2d_pu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pu.c + +$(OBJ_D)/i2d_pr.o: $(SRC_D)/crypto/asn1/i2d_pr.c + $(CC) -o $(OBJ_D)/i2d_pr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pr.c + +$(OBJ_D)/t_req.o: $(SRC_D)/crypto/asn1/t_req.c + $(CC) -o $(OBJ_D)/t_req.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_req.c + +$(OBJ_D)/t_x509.o: $(SRC_D)/crypto/asn1/t_x509.c + $(CC) -o $(OBJ_D)/t_x509.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_x509.c + +$(OBJ_D)/t_pkey.o: $(SRC_D)/crypto/asn1/t_pkey.c + $(CC) -o $(OBJ_D)/t_pkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_pkey.c + +$(OBJ_D)/p7_i_s.o: $(SRC_D)/crypto/asn1/p7_i_s.c + $(CC) -o $(OBJ_D)/p7_i_s.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_i_s.c + +$(OBJ_D)/p7_signi.o: $(SRC_D)/crypto/asn1/p7_signi.c + $(CC) -o $(OBJ_D)/p7_signi.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signi.c + +$(OBJ_D)/p7_signd.o: $(SRC_D)/crypto/asn1/p7_signd.c + $(CC) -o $(OBJ_D)/p7_signd.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signd.c + +$(OBJ_D)/p7_recip.o: $(SRC_D)/crypto/asn1/p7_recip.c + $(CC) -o $(OBJ_D)/p7_recip.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_recip.c + +$(OBJ_D)/p7_enc_c.o: $(SRC_D)/crypto/asn1/p7_enc_c.c + $(CC) -o $(OBJ_D)/p7_enc_c.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc_c.c + +$(OBJ_D)/p7_evp.o: $(SRC_D)/crypto/asn1/p7_evp.c + $(CC) -o $(OBJ_D)/p7_evp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_evp.c + +$(OBJ_D)/p7_dgst.o: $(SRC_D)/crypto/asn1/p7_dgst.c + $(CC) -o $(OBJ_D)/p7_dgst.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_dgst.c + +$(OBJ_D)/p7_s_e.o: $(SRC_D)/crypto/asn1/p7_s_e.c + $(CC) -o $(OBJ_D)/p7_s_e.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_s_e.c + +$(OBJ_D)/p7_enc.o: $(SRC_D)/crypto/asn1/p7_enc.c + $(CC) -o $(OBJ_D)/p7_enc.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc.c + +$(OBJ_D)/p7_lib.o: $(SRC_D)/crypto/asn1/p7_lib.c + $(CC) -o $(OBJ_D)/p7_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_lib.c + +$(OBJ_D)/f_int.o: $(SRC_D)/crypto/asn1/f_int.c + $(CC) -o $(OBJ_D)/f_int.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_int.c + +$(OBJ_D)/f_string.o: $(SRC_D)/crypto/asn1/f_string.c + $(CC) -o $(OBJ_D)/f_string.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_string.c + +$(OBJ_D)/i2d_dhp.o: $(SRC_D)/crypto/asn1/i2d_dhp.c + $(CC) -o $(OBJ_D)/i2d_dhp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dhp.c + +$(OBJ_D)/i2d_dsap.o: $(SRC_D)/crypto/asn1/i2d_dsap.c + $(CC) -o $(OBJ_D)/i2d_dsap.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dsap.c + +$(OBJ_D)/d2i_dhp.o: $(SRC_D)/crypto/asn1/d2i_dhp.c + $(CC) -o $(OBJ_D)/d2i_dhp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dhp.c + +$(OBJ_D)/d2i_dsap.o: $(SRC_D)/crypto/asn1/d2i_dsap.c + $(CC) -o $(OBJ_D)/d2i_dsap.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dsap.c + +$(OBJ_D)/n_pkey.o: $(SRC_D)/crypto/asn1/n_pkey.c + $(CC) -o $(OBJ_D)/n_pkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/n_pkey.c + +$(OBJ_D)/a_hdr.o: $(SRC_D)/crypto/asn1/a_hdr.c + $(CC) -o $(OBJ_D)/a_hdr.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_hdr.c + +$(OBJ_D)/x_pkey.o: $(SRC_D)/crypto/asn1/x_pkey.c + $(CC) -o $(OBJ_D)/x_pkey.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pkey.c + +$(OBJ_D)/a_bool.o: $(SRC_D)/crypto/asn1/a_bool.c + $(CC) -o $(OBJ_D)/a_bool.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bool.c + +$(OBJ_D)/x_exten.o: $(SRC_D)/crypto/asn1/x_exten.c + $(CC) -o $(OBJ_D)/x_exten.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_exten.c + +$(OBJ_D)/asn1_par.o: $(SRC_D)/crypto/asn1/asn1_par.c + $(CC) -o $(OBJ_D)/asn1_par.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_par.c + +$(OBJ_D)/asn1_lib.o: $(SRC_D)/crypto/asn1/asn1_lib.c + $(CC) -o $(OBJ_D)/asn1_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_lib.c + +$(OBJ_D)/asn1_err.o: $(SRC_D)/crypto/asn1/asn1_err.c + $(CC) -o $(OBJ_D)/asn1_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_err.c + +$(OBJ_D)/a_meth.o: $(SRC_D)/crypto/asn1/a_meth.c + $(CC) -o $(OBJ_D)/a_meth.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_meth.c + +$(OBJ_D)/a_bytes.o: $(SRC_D)/crypto/asn1/a_bytes.c + $(CC) -o $(OBJ_D)/a_bytes.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bytes.c + +$(OBJ_D)/x509_def.o: $(SRC_D)/crypto/x509/x509_def.c + $(CC) -o $(OBJ_D)/x509_def.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_def.c + +$(OBJ_D)/x509_d2.o: $(SRC_D)/crypto/x509/x509_d2.c + $(CC) -o $(OBJ_D)/x509_d2.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_d2.c + +$(OBJ_D)/x509_r2x.o: $(SRC_D)/crypto/x509/x509_r2x.c + $(CC) -o $(OBJ_D)/x509_r2x.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_r2x.c + +$(OBJ_D)/x509_cmp.o: $(SRC_D)/crypto/x509/x509_cmp.c + $(CC) -o $(OBJ_D)/x509_cmp.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_cmp.c + +$(OBJ_D)/x509_obj.o: $(SRC_D)/crypto/x509/x509_obj.c + $(CC) -o $(OBJ_D)/x509_obj.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_obj.c + +$(OBJ_D)/x509_req.o: $(SRC_D)/crypto/x509/x509_req.c + $(CC) -o $(OBJ_D)/x509_req.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_req.c + +$(OBJ_D)/x509_vfy.o: $(SRC_D)/crypto/x509/x509_vfy.c + $(CC) -o $(OBJ_D)/x509_vfy.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_vfy.c + +$(OBJ_D)/x509_set.o: $(SRC_D)/crypto/x509/x509_set.c + $(CC) -o $(OBJ_D)/x509_set.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_set.c + +$(OBJ_D)/x509rset.o: $(SRC_D)/crypto/x509/x509rset.c + $(CC) -o $(OBJ_D)/x509rset.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509rset.c + +$(OBJ_D)/x509_err.o: $(SRC_D)/crypto/x509/x509_err.c + $(CC) -o $(OBJ_D)/x509_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_err.c + +$(OBJ_D)/x509name.o: $(SRC_D)/crypto/x509/x509name.c + $(CC) -o $(OBJ_D)/x509name.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509name.c + +$(OBJ_D)/x509_v3.o: $(SRC_D)/crypto/x509/x509_v3.c + $(CC) -o $(OBJ_D)/x509_v3.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_v3.c + +$(OBJ_D)/x509_ext.o: $(SRC_D)/crypto/x509/x509_ext.c + $(CC) -o $(OBJ_D)/x509_ext.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_ext.c + +$(OBJ_D)/x509pack.o: $(SRC_D)/crypto/x509/x509pack.c + $(CC) -o $(OBJ_D)/x509pack.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509pack.c + +$(OBJ_D)/x509type.o: $(SRC_D)/crypto/x509/x509type.c + $(CC) -o $(OBJ_D)/x509type.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509type.c + +$(OBJ_D)/x509_lu.o: $(SRC_D)/crypto/x509/x509_lu.c + $(CC) -o $(OBJ_D)/x509_lu.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_lu.c + +$(OBJ_D)/x_all.o: $(SRC_D)/crypto/x509/x_all.c + $(CC) -o $(OBJ_D)/x_all.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x_all.c + +$(OBJ_D)/x509_txt.o: $(SRC_D)/crypto/x509/x509_txt.c + $(CC) -o $(OBJ_D)/x509_txt.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_txt.c + +$(OBJ_D)/by_file.o: $(SRC_D)/crypto/x509/by_file.c + $(CC) -o $(OBJ_D)/by_file.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_file.c + +$(OBJ_D)/by_dir.o: $(SRC_D)/crypto/x509/by_dir.c + $(CC) -o $(OBJ_D)/by_dir.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_dir.c + +$(OBJ_D)/v3_net.o: $(SRC_D)/crypto/x509/v3_net.c + $(CC) -o $(OBJ_D)/v3_net.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_net.c + +$(OBJ_D)/v3_x509.o: $(SRC_D)/crypto/x509/v3_x509.c + $(CC) -o $(OBJ_D)/v3_x509.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_x509.c + +$(OBJ_D)/conf.o: $(SRC_D)/crypto/conf/conf.c + $(CC) -o $(OBJ_D)/conf.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf.c + +$(OBJ_D)/conf_err.o: $(SRC_D)/crypto/conf/conf_err.c + $(CC) -o $(OBJ_D)/conf_err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf_err.c + +$(OBJ_D)/txt_db.o: $(SRC_D)/crypto/txt_db/txt_db.c + $(CC) -o $(OBJ_D)/txt_db.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/txt_db/txt_db.c + +$(OBJ_D)/pk7_lib.o: $(SRC_D)/crypto/pkcs7/pk7_lib.c + $(CC) -o $(OBJ_D)/pk7_lib.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_lib.c + +$(OBJ_D)/pkcs7err.o: $(SRC_D)/crypto/pkcs7/pkcs7err.c + $(CC) -o $(OBJ_D)/pkcs7err.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pkcs7err.c + +$(OBJ_D)/pk7_doit.o: $(SRC_D)/crypto/pkcs7/pk7_doit.c + $(CC) -o $(OBJ_D)/pk7_doit.o $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_doit.c + +$(OBJ_D)/s2_meth.o: $(SRC_D)/ssl/s2_meth.c + $(CC) -o $(OBJ_D)/s2_meth.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_meth.c + +$(OBJ_D)/s2_srvr.o: $(SRC_D)/ssl/s2_srvr.c + $(CC) -o $(OBJ_D)/s2_srvr.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_srvr.c + +$(OBJ_D)/s2_clnt.o: $(SRC_D)/ssl/s2_clnt.c + $(CC) -o $(OBJ_D)/s2_clnt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_clnt.c + +$(OBJ_D)/s2_lib.o: $(SRC_D)/ssl/s2_lib.c + $(CC) -o $(OBJ_D)/s2_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_lib.c + +$(OBJ_D)/s2_pkt.o: $(SRC_D)/ssl/s2_pkt.c + $(CC) -o $(OBJ_D)/s2_pkt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_pkt.c + +$(OBJ_D)/s2_enc.o: $(SRC_D)/ssl/s2_enc.c + $(CC) -o $(OBJ_D)/s2_enc.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_enc.c + +$(OBJ_D)/s3_meth.o: $(SRC_D)/ssl/s3_meth.c + $(CC) -o $(OBJ_D)/s3_meth.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_meth.c + +$(OBJ_D)/s3_srvr.o: $(SRC_D)/ssl/s3_srvr.c + $(CC) -o $(OBJ_D)/s3_srvr.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_srvr.c + +$(OBJ_D)/s3_clnt.o: $(SRC_D)/ssl/s3_clnt.c + $(CC) -o $(OBJ_D)/s3_clnt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_clnt.c + +$(OBJ_D)/s3_lib.o: $(SRC_D)/ssl/s3_lib.c + $(CC) -o $(OBJ_D)/s3_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_lib.c + +$(OBJ_D)/s3_pkt.o: $(SRC_D)/ssl/s3_pkt.c + $(CC) -o $(OBJ_D)/s3_pkt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_pkt.c + +$(OBJ_D)/s3_enc.o: $(SRC_D)/ssl/s3_enc.c + $(CC) -o $(OBJ_D)/s3_enc.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_enc.c + +$(OBJ_D)/s3_both.o: $(SRC_D)/ssl/s3_both.c + $(CC) -o $(OBJ_D)/s3_both.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_both.c + +$(OBJ_D)/s23_meth.o: $(SRC_D)/ssl/s23_meth.c + $(CC) -o $(OBJ_D)/s23_meth.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_meth.c + +$(OBJ_D)/s23_srvr.o: $(SRC_D)/ssl/s23_srvr.c + $(CC) -o $(OBJ_D)/s23_srvr.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_srvr.c + +$(OBJ_D)/s23_clnt.o: $(SRC_D)/ssl/s23_clnt.c + $(CC) -o $(OBJ_D)/s23_clnt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_clnt.c + +$(OBJ_D)/s23_lib.o: $(SRC_D)/ssl/s23_lib.c + $(CC) -o $(OBJ_D)/s23_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_lib.c + +$(OBJ_D)/s23_pkt.o: $(SRC_D)/ssl/s23_pkt.c + $(CC) -o $(OBJ_D)/s23_pkt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_pkt.c + +$(OBJ_D)/ssl_lib.o: $(SRC_D)/ssl/ssl_lib.c + $(CC) -o $(OBJ_D)/ssl_lib.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_lib.c + +$(OBJ_D)/ssl_err2.o: $(SRC_D)/ssl/ssl_err2.c + $(CC) -o $(OBJ_D)/ssl_err2.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err2.c + +$(OBJ_D)/ssl_cert.o: $(SRC_D)/ssl/ssl_cert.c + $(CC) -o $(OBJ_D)/ssl_cert.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_cert.c + +$(OBJ_D)/ssl_sess.o: $(SRC_D)/ssl/ssl_sess.c + $(CC) -o $(OBJ_D)/ssl_sess.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_sess.c + +$(OBJ_D)/ssl_ciph.o: $(SRC_D)/ssl/ssl_ciph.c + $(CC) -o $(OBJ_D)/ssl_ciph.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_ciph.c + +$(OBJ_D)/ssl_stat.o: $(SRC_D)/ssl/ssl_stat.c + $(CC) -o $(OBJ_D)/ssl_stat.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_stat.c + +$(OBJ_D)/ssl_rsa.o: $(SRC_D)/ssl/ssl_rsa.c + $(CC) -o $(OBJ_D)/ssl_rsa.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_rsa.c + +$(OBJ_D)/ssl_asn1.o: $(SRC_D)/ssl/ssl_asn1.c + $(CC) -o $(OBJ_D)/ssl_asn1.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_asn1.c + +$(OBJ_D)/ssl_txt.o: $(SRC_D)/ssl/ssl_txt.c + $(CC) -o $(OBJ_D)/ssl_txt.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_txt.c + +$(OBJ_D)/ssl_algs.o: $(SRC_D)/ssl/ssl_algs.c + $(CC) -o $(OBJ_D)/ssl_algs.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_algs.c + +$(OBJ_D)/bio_ssl.o: $(SRC_D)/ssl/bio_ssl.c + $(CC) -o $(OBJ_D)/bio_ssl.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/bio_ssl.c + +$(OBJ_D)/ssl_err.o: $(SRC_D)/ssl/ssl_err.c + $(CC) -o $(OBJ_D)/ssl_err.o $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err.c + +$(OBJ_D)/rsaref.o: $(SRC_D)/rsaref/rsaref.c + $(CC) -o $(OBJ_D)/rsaref.o $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsaref.c + +$(OBJ_D)/rsar_err.o: $(SRC_D)/rsaref/rsar_err.c + $(CC) -o $(OBJ_D)/rsar_err.o $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsar_err.c + +$(TEST_D)/md2test: $(OBJ_D)/md2test.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/md2test $(LFLAGS) $(OBJ_D)/md2test.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/md5test: $(OBJ_D)/md5test.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/md5test $(LFLAGS) $(OBJ_D)/md5test.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/shatest: $(OBJ_D)/shatest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/shatest $(LFLAGS) $(OBJ_D)/shatest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/sha1test: $(OBJ_D)/sha1test.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/sha1test $(LFLAGS) $(OBJ_D)/sha1test.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/mdc2test: $(OBJ_D)/mdc2test.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/mdc2test $(LFLAGS) $(OBJ_D)/mdc2test.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/destest: $(OBJ_D)/destest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/destest $(LFLAGS) $(OBJ_D)/destest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/rc4test: $(OBJ_D)/rc4test.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/rc4test $(LFLAGS) $(OBJ_D)/rc4test.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/rc2test: $(OBJ_D)/rc2test.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/rc2test $(LFLAGS) $(OBJ_D)/rc2test.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/ideatest: $(OBJ_D)/ideatest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/ideatest $(LFLAGS) $(OBJ_D)/ideatest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/bftest: $(OBJ_D)/bftest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/bftest $(LFLAGS) $(OBJ_D)/bftest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/bntest: $(OBJ_D)/bntest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/bntest $(LFLAGS) $(OBJ_D)/bntest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/exptest: $(OBJ_D)/exptest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/exptest $(LFLAGS) $(OBJ_D)/exptest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/dsatest: $(OBJ_D)/dsatest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/dsatest $(LFLAGS) $(OBJ_D)/dsatest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/dhtest: $(OBJ_D)/dhtest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/dhtest $(LFLAGS) $(OBJ_D)/dhtest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/randtest: $(OBJ_D)/randtest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/randtest $(LFLAGS) $(OBJ_D)/randtest.o $(L_LIBS) $(EX_LIBS) + +$(TEST_D)/ssltest: $(OBJ_D)/ssltest.o $(LIBS_DEP) + $(LINK) -o $(TEST_D)/ssltest $(LFLAGS) $(OBJ_D)/ssltest.o $(L_LIBS) $(EX_LIBS) + +$(O_SSL): $(SSLOBJ) + $(RM) $(O_SSL) + $(MKLIB) $(O_SSL) $(SSLOBJ) + $(RANLIB) $(O_SSL) + +$(O_RSAGLUE): $(RSAGLUEOBJ) + $(RM) $(O_RSAGLUE) + $(MKLIB) $(O_RSAGLUE) $(RSAGLUEOBJ) + $(RANLIB) $(O_RSAGLUE) + +$(O_CRYPTO): $(CRYPTOOBJ) + $(RM) $(O_CRYPTO) + $(MKLIB) $(O_CRYPTO) $(CRYPTOOBJ) + $(RANLIB) $(O_CRYPTO) + +$(BIN_D)/$(E_EXE): $(E_OBJ) $(LIBS_DEP) + $(LINK) -o $(BIN_D)/$(E_EXE) $(LFLAGS) $(E_OBJ) $(L_LIBS) $(EX_LIBS) + diff --git a/makevms.com b/makevms.com new file mode 100755 index 0000000000000000000000000000000000000000..2f4792aa9ac09d66a74d51f3972668f1ffc5c828 --- /dev/null +++ b/makevms.com @@ -0,0 +1,65 @@ +$! +$! This procedure compiles the SSL sources into 2 libraries: +$! [.CRYPTO]CRYPTO-xxx.OLB ! crypto-graphics subroutines +$! [.SSL]SSL-xxx.OLB ! SSL protocol. +$! +$! where 'xxx' specifies the machine achitecture: AXP or VAX +$! +$! To perform 1 sub-option, specify P1 as one of: +$! INCLUDE CRYPTO SSL SSL_TASK +$! +$! Requirements: +$! DECC 4.0 (may work with other versions) +$! OpenVMS 6.1 (may work with other versions) +$! +$ original_default = f$environment("DEFAULT") +$ proc = f$environment("PROCEDURE") +$ proc_dir = f$parse("1.1;1",proc) - "1.1;1" +$ set default 'proc_dir' +$! +$! Copy all include files to [.include] +$! +$ set noon +$ if P1 .nes. "" then goto do_'p1' +$ do_include +$ write sys$output "Rebuilding [.include] directory..." +$ delete [.include]*.h;* +$ backup [.*...]*.h; includes.bck/save +$ backup includes.bck/save [.include] +$ delete includes.bck; +$ if p1 .nes. "" then goto cleanup +$! +$! Build crypto lib. +$! +$ do_crypto: +$ write sys$Output "Making CRYPTO library" +$ set default [.crypto] +$ @libvms +$ set default [-] +$ if p1 .nes. "" then goto cleanup +$! +$! Build SSL lib. +$! +$ do_ssl: +$ write sys$output "Making SSL library" +$ set default [.ssl] +$ libname = "ssl-axp.olb" +$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb" +$ if f$search(libname) .eqs. "" then library/create/log 'libname' +$ cc ssl.c/include=[-.include]/prefix=all +$ library/replace 'libname' ssl.obj +$ set default [-] +$ if p1 .nes. "" then goto cleanup +$! +$ do_ssl_task: +$ write sys$output "Building SSL_TASK.EXE, the DECnet-based SSL engine" +$ set default [.ssl] +$ libname = "ssl-axp.olb" +$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb" +$ cc ssl_task/include=[-.include]/prefix=all +$ cryptolib = "[-.crypto]crypto-" + f$element(1,"-",libname) +$ link ssl_task,'libname'/library,'cryptolib'/library +$! +$ cleanup: +$ set default 'original_default' +$ write sys$output "Done" diff --git a/ms/README b/ms/README new file mode 100644 index 0000000000000000000000000000000000000000..5804a2d84a670049c700591ffae1066102e2929e --- /dev/null +++ b/ms/README @@ -0,0 +1,18 @@ +Run these makefiles from the top level as in +nmake -f ms\makefilename +to build with visual C++ 4.[01]. + +The results will be in the out directory. + +These makefiles and def files were generated my typing + +perl util\mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak +perl util\mk1mf.pl VC-W31-32 >ms/w31.mak +perl util\mk1mf.pl VC-W31-32 dll >ms/w31dll.mak +perl util\mk1mf.pl VC-NT >ms/nt.mak +perl util\mk1mf.pl VC-NT dll >ms/ntdll.mak + +perl util\mkdef.pl 16 crypto > ms/crypto16.def +perl util\mkdef.pl 32 crypto > ms/crypto32.def +perl util\mkdef.pl 16 ssl > ms/ssl16.def +perl util\mkdef.pl 32 ssl > ms/ssl32.def diff --git a/ms/certCA.srl b/ms/certCA.srl new file mode 100644 index 0000000000000000000000000000000000000000..60d3b2f4a4cd5f1637eba020358bfe5ecb5edcf2 --- /dev/null +++ b/ms/certCA.srl @@ -0,0 +1 @@ +15 diff --git a/ms/certCA.ss b/ms/certCA.ss new file mode 100644 index 0000000000000000000000000000000000000000..7ce37179dc03f582a25ccb3a2f8b283d0562f1c9 --- /dev/null +++ b/ms/certCA.ss @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXDCCAQYCAQAwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV +BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzA3MTkx +MTA1MTFaFw05NzA4MTgxMTA1MTFaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E +b2RneSBCcm90aGVyczERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEA3dU4kgK/MVnr7Q3p+Nl5y1TRXPk5L9dNOJ0BoCjKC2wLXSzwcj5c +Vx2X5WiIeDDH2Dt7AbDvtGhBLVOiq0LuuwIDAQABMA0GCSqGSIb3DQEBBAUAA0EA +gT6uyZYLx1chz1oV3GnvlbUsWd1x1Y4UQ/KqIP3wr2Bh270CYlWZfm1xiHlQQ6Jf +DPEMSzr1e1VcRUCT25z7KQ== +-----END CERTIFICATE----- diff --git a/ms/certU.ss b/ms/certU.ss new file mode 100644 index 0000000000000000000000000000000000000000..6166bf9de1243d3c79a15834a19e4cda3a9dcb38 --- /dev/null +++ b/ms/certU.ss @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcTCCARsCARQwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV +BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzA3MTkx +MTA1MTZaFw05NzA4MTgxMTA1MTZaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E +b2RneSBCcm90aGVyczESMBAGA1UEAxMJQnJvdGhlciAxMRIwEAYDVQQDEwlCcm90 +aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxcxzGnflhfIiyt/ijc3WvWKK +ajZOXnzKDmIo+ENc3Q16oJLkom0FdsYyVbYs9LEyHhApuurrLUH/odPyegqcAQID +AQABMA0GCSqGSIb3DQEBBAUAA0EAlWvxkrsdbIUj3KSDqvMPYewgV1BAaluuYGCu +TwllD+yfuZjSzOZbE0tQCigh2yhcGWRin6ngwd+wtxTAnaomMQ== +-----END CERTIFICATE----- diff --git a/ms/cmp.pl b/ms/cmp.pl new file mode 100644 index 0000000000000000000000000000000000000000..95b257fe4caa74ecf9e4a5f8784065ef2328e502 --- /dev/null +++ b/ms/cmp.pl @@ -0,0 +1,47 @@ +#!/usr/local/bin/perl + +($#ARGV == 1) || die "usage: cmp.pl \n"; + +open(IN0,"<$ARGV[0]") || die "unable to open $ARGV[0]\n"; +open(IN1,"<$ARGV[1]") || die "unable to open $ARGV[1]\n"; +binmode IN0; +binmode IN1; + +$tot=0; +$ret=1; +for (;;) + { + $n1=sysread(IN0,$b1,4096); + $n2=sysread(IN1,$b2,4096); + + last if ($n1 != $n2); + last if ($b1 ne $b2); + last if ($n1 < 0); + if ($n1 == 0) + { + $ret=0; + last; + } + $tot+=$n1; + } + +close(IN0); +close(IN1); +if ($ret) + { + printf STDERR "$ARGV[0] and $ARGV[1] are different\n"; + @a1=unpack("C*",$b1); + @a2=unpack("C*",$b2); + for ($i=0; $i<=$#a1; $i++) + { + if ($a1[$i] ne $a2[$i]) + { + printf "%02X %02X <<\n",$a1[$i],$a2[$i]; + last; + } + } + $nm=$tot+$n1; + $tot+=$i+1; + printf STDERR "diff at char $tot of $nm\n"; + } +exit($ret); diff --git a/ms/do_ms.bat b/ms/do_ms.bat new file mode 100755 index 0000000000000000000000000000000000000000..673d706a1ad282fa348b106e4bed4aaa52375040 --- /dev/null +++ b/ms/do_ms.bat @@ -0,0 +1,11 @@ + +rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak +rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak +perl util\mk1mf.pl VC-W31-32 dll >ms\w31dll.mak +rem perl util\mk1mf.pl VC-WIN32 >ms\nt.mak +perl util\mk1mf.pl VC-WIN32 dll >ms\ntdll.mak + +perl util\mkdef.pl 16 libeay > ms\libeay16.def +perl util\mkdef.pl 32 libeay > ms\libeay32.def +perl util\mkdef.pl 16 ssleay > ms\ssleay16.def +perl util\mkdef.pl 32 ssleay > ms\ssleay32.def diff --git a/ms/keyCA.ss b/ms/keyCA.ss new file mode 100644 index 0000000000000000000000000000000000000000..6c007bdad1b51d4a33f9e8c3b38fec5d5e66def7 --- /dev/null +++ b/ms/keyCA.ss @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBAN3VOJICvzFZ6+0N6fjZectU0Vz5OS/XTTidAaAoygtsC10s8HI+ +XFcdl+VoiHgwx9g7ewGw77RoQS1ToqtC7rsCAwEAAQJAECcKa3dPvKQzjZtJwhjz +yV5vsDlldJpUwR6Nk7/kllgw4rK2AQJKVXqe6lAv8+P3Pny/XEtUe7YZ0Q/i1L23 +QQIhAP8cckDTFzyaP8O7Hy/SL70e8a8FbHbSl5keVIkNHL2pAiEA3psXWV+eruDd +l9ERN9ARLqR5VehhnTLKIw+MhHKPH8MCIQCVXDBAZ9Z48s5WaF3v/51XmqBhmklQ +oCeFzE4uF3E2UQIhAN3T92ScoOjsNGZBdMMFmNm+FRvCwuN/5Wci64hhELc5AiAd +RjOJzXN5tfiPfl97WF0LCb1UXsL54/+2yI6hTg3xng== +-----END RSA PRIVATE KEY----- diff --git a/ms/keyU.ss b/ms/keyU.ss new file mode 100644 index 0000000000000000000000000000000000000000..fad45f9467295becfa0dc4b9408c12cf31dd249b --- /dev/null +++ b/ms/keyU.ss @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAMXMcxp35YXyIsrf4o3N1r1iimo2Tl58yg5iKPhDXN0NeqCS5KJt +BXbGMlW2LPSxMh4QKbrq6y1B/6HT8noKnAECAwEAAQJAVJ21z+jio36GK8vDG26n +IrV5CR7aP8malrSfWjVXEKjm4BR5on5C+TuVeV67WgwIEtIuwyzRefQuBLnmtJsT +UQIhAOhPQ4NjInS7vXTrvVM/cXEHj+gMN0yq1Lrijo6qM/QrAiEA2fg7mr8Erj86 +t5kM2/clEnA4lMNg2UnfMEkBbEyW/oMCIQClSUgq4kzwq2coGlaRNZGcLxo3qwFp +fh5vfaSaYwUmEwIhALRkw/ezRY1sWQ0gBst5hF35MGq2NE5A3A1bLmlSDdk/AiEA +kuVZHwwJIzGrCf9RqJ7CEHs4gPda3OeOiu0+f6M9dvc= +-----END RSA PRIVATE KEY----- diff --git a/ms/libeay16.def b/ms/libeay16.def new file mode 100644 index 0000000000000000000000000000000000000000..9e036c5c6f0e6d2f453f13afd34270f9736c140b --- /dev/null +++ b/ms/libeay16.def @@ -0,0 +1,875 @@ +; +; Definition file for the DDL version of the LIBEAY16 library from SSLeay +; + +LIBRARY LIBEAY16 + +DESCRIPTION 'SSLeay LIBEAY16 - eay@cryptsoft.com' + +CODE PRELOAD MOVEABLE +DATA PRELOAD MOVEABLE SINGLE + +EXETYPE WINDOWS + +HEAPSIZE 4096 +STACKSIZE 8192 + +EXPORTS + _SSLeay @1 + _SSLeay_add_all_algorithms @508 + _SSLeay_add_all_ciphers @509 + _SSLeay_add_all_digests @510 + _SSLeay_version @2 + _ASN1_BIT_STRING_asn1_meth @3 + _ASN1_HEADER_free @4 + _ASN1_HEADER_new @5 + _ASN1_IA5STRING_asn1_meth @6 + _ASN1_INTEGER_get @7 + _ASN1_INTEGER_set @8 + _ASN1_INTEGER_to_BN @9 + _ASN1_OBJECT_create @10 + _ASN1_OBJECT_free @11 + _ASN1_OBJECT_new @12 + _ASN1_PRINTABLE_type @13 + _ASN1_STRING_cmp @14 + _ASN1_STRING_dup @15 + _ASN1_STRING_free @16 + _ASN1_STRING_new @17 + _ASN1_STRING_print @18 + _ASN1_STRING_set @19 + _ASN1_STRING_type_new @20 + _ASN1_TYPE_free @21 + _ASN1_TYPE_get @916 + _ASN1_TYPE_new @22 + _ASN1_TYPE_set @917 + _ASN1_UNIVERSALSTRING_to_string @23 + _ASN1_UTCTIME_check @24 + _ASN1_UTCTIME_print @25 + _ASN1_UTCTIME_set @26 + _ASN1_check_infinite_end @27 + _ASN1_d2i_bio @28 + _ASN1_digest @30 + _ASN1_dup @31 + _ASN1_get_object @32 + _ASN1_i2d_bio @33 + _ASN1_object_size @35 + _ASN1_parse @36 + _ASN1_put_object @37 + _ASN1_sign @38 + _ASN1_verify @39 + _BF_cbc_encrypt @40 + _BF_cfb64_encrypt @41 + _BF_ecb_encrypt @42 + _BF_encrypt @43 + _BF_ofb64_encrypt @44 + _BF_options @45 + _BF_set_key @46 + _BIO_accept @51 + _BIO_copy_next_retry @955 + _BIO_ctrl @52 + _BIO_ctrl_int @53 + _BIO_debug_callback @54 + _BIO_dump @55 + _BIO_dup_chain @56 + _BIO_f_base64 @57 + _BIO_f_buffer @58 + _BIO_f_cipher @59 + _BIO_f_md @60 + _BIO_f_nbio_test @915 + _BIO_f_null @61 + _BIO_fd_non_fatal_error @63 + _BIO_fd_should_retry @64 + _BIO_find_type @65 + _BIO_free @66 + _BIO_free_all @67 + _BIO_get_accept_socket @69 + _BIO_get_host_ip @71 + _BIO_get_port @72 + _BIO_get_retry_BIO @73 + _BIO_get_retry_reason @74 + _BIO_gethostbyname @75 + _BIO_gets @76 + _BIO_new @78 + _BIO_new_accept @79 + _BIO_new_connect @80 + _BIO_new_fd @81 + _BIO_new_socket @84 + _BIO_pop @85 + _BIO_printf @86 + _BIO_push @87 + _BIO_puts @88 + _BIO_read @89 + _BIO_s_accept @90 + _BIO_s_connect @91 + _BIO_s_fd @92 + _BIO_s_file_internal_w16 @94 + _BIO_s_mem @95 + _BIO_s_null @96 + _BIO_s_socket @99 + _BIO_set @100 + _BIO_set_cipher @101 + _BIO_set_tcp_ndelay @102 + _BIO_sock_cleanup @103 + _BIO_sock_error @104 + _BIO_sock_init @105 + _BIO_sock_non_fatal_error @106 + _BIO_sock_should_retry @107 + _BIO_socket_ioctl @108 + _BIO_write @109 + _BN_CTX_free @110 + _BN_CTX_new @111 + _BN_MONT_CTX_free @112 + _BN_MONT_CTX_new @113 + _BN_MONT_CTX_set @114 + _BN_add @115 + _BN_add_word @116 + _BN_ascii2bn @117 + _BN_bin2bn @118 + _BN_bn2ascii @119 + _BN_bn2bin @120 + _BN_clear @121 + _BN_clear_bit @122 + _BN_clear_free @123 + _BN_cmp @124 + _BN_copy @125 + _BN_div @126 + _BN_div_word @127 + _BN_dup @128 + _BN_free @129 + _BN_from_montgomery @130 + _BN_gcd @131 + _BN_generate_prime @132 + _BN_get_word @133 + _BN_is_bit_set @134 + _BN_is_prime @135 + _BN_lshift @136 + _BN_lshift1 @137 + _BN_mask_bits @138 + _BN_mod @139 + _BN_mod_exp @140 + _BN_mod_exp_mont @141 + _BN_mod_exp_recp @142 + _BN_mod_exp_simple @143 + _BN_mod_inverse @144 + _BN_mod_mul @145 + _BN_mod_mul_montgomery @146 + _BN_mod_mul_reciprocal @147 + _BN_mod_word @148 + _BN_mul @149 + _BN_new @150 + _BN_num_bits @151 + _BN_num_bits_word @152 + _BN_options @153 + _BN_print @154 + _BN_rand @156 + _BN_reciprocal @157 + _BN_rshift @158 + _BN_rshift1 @159 + _BN_set_bit @160 + _BN_set_word @161 + _BN_sqr @162 + _BN_sub @163 + _BN_to_ASN1_INTEGER @164 + _BN_ucmp @165 + _BN_value_one @166 + _BUF_MEM_free @167 + _BUF_MEM_grow @168 + _BUF_MEM_new @169 + _BUF_strdup @170 + _CONF_free @171 + _CONF_get_number @172 + _CONF_get_section @173 + _CONF_get_string @174 + _CONF_load @175 + _CRYPTO_add_lock @176 + _CRYPTO_dbg_free @177 + _CRYPTO_dbg_malloc @178 + _CRYPTO_dbg_realloc @179 + _CRYPTO_dbg_remalloc @180 + _CRYPTO_free @181 + _CRYPTO_get_add_lock_callback @182 + _CRYPTO_get_id_callback @183 + _CRYPTO_get_lock_name @184 + _CRYPTO_get_locking_callback @185 + _CRYPTO_get_mem_functions @186 + _CRYPTO_lock @187 + _CRYPTO_malloc @188 + _CRYPTO_mem_ctrl @189 + _CRYPTO_mem_leaks @190 + _CRYPTO_mem_leaks_cb @191 + _CRYPTO_realloc @193 + _CRYPTO_remalloc @194 + _CRYPTO_set_add_lock_callback @195 + _CRYPTO_set_id_callback @196 + _CRYPTO_set_locking_callback @197 + _CRYPTO_set_mem_functions @198 + _CRYPTO_thread_id @199 + _DH_check @200 + _DH_compute_key @201 + _DH_free @202 + _DH_generate_key @203 + _DH_generate_parameters @204 + _DH_new @205 + _DH_size @206 + _DHparams_print @207 + _DSA_free @209 + _DSA_generate_key @210 + _DSA_generate_parameters @211 + _DSA_is_prime @212 + _DSA_new @213 + _DSA_print @214 + _DSA_sign @216 + _DSA_sign_setup @217 + _DSA_size @218 + _DSA_verify @219 + _DSAparams_print @220 + _ERR_clear_error @222 + _ERR_error_string @223 + _ERR_free_strings @224 + _ERR_func_error_string @225 + _ERR_get_err_state_table @226 + _ERR_get_error @227 + _ERR_get_error_line @228 + _ERR_get_state @229 + _ERR_get_string_table @230 + _ERR_lib_error_string @231 + _ERR_load_ASN1_strings @232 + _ERR_load_BIO_strings @233 + _ERR_load_BN_strings @234 + _ERR_load_BUF_strings @235 + _ERR_load_CONF_strings @236 + _ERR_load_DH_strings @237 + _ERR_load_DSA_strings @238 + _ERR_load_ERR_strings @239 + _ERR_load_EVP_strings @240 + _ERR_load_OBJ_strings @241 + _ERR_load_PEM_strings @242 + _ERR_load_PKCS7_strings @919 + _ERR_load_RSA_strings @244 + _ERR_load_X509_strings @245 + _ERR_load_crypto_strings @246 + _ERR_load_strings @247 + _ERR_peek_error @248 + _ERR_peek_error_line @249 + _ERR_print_errors @250 + _ERR_put_error @252 + _ERR_reason_error_string @253 + _ERR_remove_state @254 + _EVP_BytesToKey @255 + _EVP_CIPHER_CTX_cleanup @256 + _EVP_CipherFinal @257 + _EVP_CipherInit @258 + _EVP_CipherUpdate @259 + _EVP_DecodeBlock @260 + _EVP_DecodeFinal @261 + _EVP_DecodeInit @262 + _EVP_DecodeUpdate @263 + _EVP_DecryptFinal @264 + _EVP_DecryptInit @265 + _EVP_DecryptUpdate @266 + _EVP_DigestFinal @267 + _EVP_DigestInit @268 + _EVP_DigestUpdate @269 + _EVP_EncodeBlock @270 + _EVP_EncodeFinal @271 + _EVP_EncodeInit @272 + _EVP_EncodeUpdate @273 + _EVP_EncryptFinal @274 + _EVP_EncryptInit @275 + _EVP_EncryptUpdate @276 + _EVP_OpenFinal @277 + _EVP_OpenInit @278 + _EVP_PKEY_assign @279 + _EVP_PKEY_copy_parameters @280 + _EVP_PKEY_free @281 + _EVP_PKEY_missing_parameters @282 + _EVP_PKEY_new @283 + _EVP_PKEY_save_parameters @284 + _EVP_PKEY_size @285 + _EVP_PKEY_type @286 + _EVP_SealFinal @287 + _EVP_SealInit @288 + _EVP_SignFinal @289 + _EVP_VerifyFinal @290 + _EVP_add_alias @291 + _EVP_add_cipher @292 + _EVP_add_digest @293 + _EVP_bf_cbc @294 + _EVP_bf_cfb @295 + _EVP_bf_ecb @296 + _EVP_bf_ofb @297 + _EVP_cleanup @298 + _EVP_delete_alias @941 + _EVP_des_cbc @299 + _EVP_des_cfb @300 + _EVP_des_ecb @301 + _EVP_des_ede @302 + _EVP_des_ede3 @303 + _EVP_des_ede3_cbc @304 + _EVP_des_ede3_cfb @305 + _EVP_des_ede3_ofb @306 + _EVP_des_ede_cbc @307 + _EVP_des_ede_cfb @308 + _EVP_des_ede_ofb @309 + _EVP_des_ofb @310 + _EVP_desx_cbc @311 + _EVP_dss @312 + _EVP_dss1 @313 + _EVP_enc_null @314 + _EVP_get_cipherbyname @315 + _EVP_get_digestbyname @316 + _EVP_get_pw_prompt @317 + _EVP_idea_cbc @318 + _EVP_idea_cfb @319 + _EVP_idea_ecb @320 + _EVP_idea_ofb @321 + _EVP_md2 @322 + _EVP_md5 @323 + _EVP_md_null @324 + _EVP_mdc2 @942 + _EVP_rc2_cbc @325 + _EVP_rc2_cfb @326 + _EVP_rc2_ecb @327 + _EVP_rc2_ofb @328 + _EVP_rc4 @329 + _EVP_read_pw_string @330 + _EVP_set_pw_prompt @331 + _EVP_sha @332 + _EVP_sha1 @333 + _MD2 @334 + _MD2_Final @335 + _MD2_Init @336 + _MD2_Update @337 + _MD2_options @338 + _MD5 @339 + _MD5_Final @340 + _MD5_Init @341 + _MD5_Update @342 + _MDC2 @343 + _MDC2_Final @344 + _MDC2_Init @345 + _MDC2_Update @346 + _NETSCAPE_SPKAC_free @347 + _NETSCAPE_SPKAC_new @348 + _NETSCAPE_SPKI_free @349 + _NETSCAPE_SPKI_new @350 + _NETSCAPE_SPKI_sign @351 + _NETSCAPE_SPKI_verify @352 + _OBJ_add_object @353 + _OBJ_bsearch @354 + _OBJ_cleanup @355 + _OBJ_cmp @356 + _OBJ_create_and_add_object @357 + _OBJ_dup @358 + _OBJ_ln2nid @359 + _OBJ_new_nid @360 + _OBJ_nid2ln @361 + _OBJ_nid2obj @362 + _OBJ_nid2sn @363 + _OBJ_obj2nid @364 + _OBJ_sn2nid @365 + _OBJ_txt2nid @366 + _PEM_ASN1_read_bio @368 + _PEM_ASN1_write_bio @370 + _PEM_SealFinal @371 + _PEM_SealInit @372 + _PEM_SealUpdate @373 + _PEM_SignFinal @374 + _PEM_X509_INFO_read_bio @378 + _PEM_X509_INFO_write_bio @379 + _PEM_dek_info @380 + _PEM_do_header @381 + _PEM_get_EVP_CIPHER_INFO @382 + _PEM_proc_type @383 + _PEM_read_bio @394 + _PEM_read_bio_DHparams @395 + _PEM_read_bio_DSAPrivateKey @396 + _PEM_read_bio_DSAparams @397 + _PEM_read_bio_PKCS7 @398 + _PEM_read_bio_PrivateKey @399 + _PEM_read_bio_RSAPrivateKey @400 + _PEM_read_bio_RSAPublicKey @948 + _PEM_read_bio_X509 @401 + _PEM_read_bio_X509_CRL @402 + _PEM_read_bio_X509_REQ @403 + _PEM_write_bio @414 + _PEM_write_bio_DHparams @415 + _PEM_write_bio_DSAPrivateKey @416 + _PEM_write_bio_DSAparams @417 + _PEM_write_bio_PKCS7 @418 + _PEM_write_bio_PrivateKey @419 + _PEM_write_bio_RSAPrivateKey @420 + _PEM_write_bio_RSAPublicKey @950 + _PEM_write_bio_X509 @421 + _PEM_write_bio_X509_CRL @422 + _PEM_write_bio_X509_REQ @423 + _PKCS7_DIGEST_free @424 + _PKCS7_DIGEST_new @425 + _PKCS7_ENCRYPT_free @426 + _PKCS7_ENCRYPT_new @427 + _PKCS7_ENC_CONTENT_free @428 + _PKCS7_ENC_CONTENT_new @429 + _PKCS7_ENVELOPE_free @430 + _PKCS7_ENVELOPE_new @431 + _PKCS7_ISSUER_AND_SERIAL_digest @432 + _PKCS7_ISSUER_AND_SERIAL_free @433 + _PKCS7_ISSUER_AND_SERIAL_new @434 + _PKCS7_RECIP_INFO_free @435 + _PKCS7_RECIP_INFO_new @436 + _PKCS7_SIGNED_free @437 + _PKCS7_SIGNED_new @438 + _PKCS7_SIGNER_INFO_free @439 + _PKCS7_SIGNER_INFO_new @440 + _PKCS7_SIGNER_INFO_set @930 + _PKCS7_SIGN_ENVELOPE_free @441 + _PKCS7_SIGN_ENVELOPE_new @442 + _PKCS7_add_certificate @932 + _PKCS7_add_crl @933 + _PKCS7_add_signature @938 + _PKCS7_add_signer @931 + _PKCS7_cert_from_signer_info @939 + _PKCS7_content_free @918 + _PKCS7_content_new @934 + _PKCS7_ctrl @927 + _PKCS7_dataInit @937 + _PKCS7_dataSign @935 + _PKCS7_dataVerify @936 + _PKCS7_dup @924 + _PKCS7_free @444 + _PKCS7_get_signer_info @940 + _PKCS7_new @445 + _PKCS7_set_content @929 + _PKCS7_set_type @928 + _RAND_bytes @464 + _RAND_cleanup @465 + _RAND_file_name @466 + _RAND_load_file @467 + _RAND_screen @468 + _RAND_seed @469 + _RAND_write_file @470 + _RC2_cbc_encrypt @471 + _RC2_cfb64_encrypt @472 + _RC2_ecb_encrypt @473 + _RC2_encrypt @474 + _RC2_ofb64_encrypt @475 + _RC2_set_key @476 + _RC4 @477 + _RC4_options @478 + _RC4_set_key @479 + _RSAPrivateKey_asn1_meth @480 + _RSAPrivateKey_dup @481 + _RSAPublicKey_dup @482 + _RSA_PKCS1_SSLeay @483 + _RSA_free @484 + _RSA_generate_key @485 + _RSA_new @486 + _RSA_new_method @487 + _RSA_print @488 + _RSA_private_decrypt @490 + _RSA_private_encrypt @491 + _RSA_public_decrypt @492 + _RSA_public_encrypt @493 + _RSA_set_default_method @494 + _RSA_sign @495 + _RSA_sign_ASN1_OCTET_STRING @496 + _RSA_size @497 + _RSA_verify @498 + _RSA_verify_ASN1_OCTET_STRING @499 + _SHA @500 + _SHA1 @501 + _SHA1_Final @502 + _SHA1_Init @503 + _SHA1_Update @504 + _SHA_Final @505 + _SHA_Init @506 + _SHA_Update @507 + _TXT_DB_create_index @511 + _TXT_DB_free @512 + _TXT_DB_get_by_index @513 + _TXT_DB_insert @514 + _TXT_DB_read @515 + _TXT_DB_write @516 + _X509_ALGOR_free @517 + _X509_ALGOR_new @518 + _X509_ATTRIBUTE_free @519 + _X509_ATTRIBUTE_new @520 + _X509_CINF_free @521 + _X509_CINF_new @522 + _X509_CRL_INFO_free @523 + _X509_CRL_INFO_new @524 + _X509_CRL_add_ext @525 + _X509_CRL_cmp @526 + _X509_CRL_delete_ext @527 + _X509_CRL_dup @528 + _X509_CRL_free @529 + _X509_CRL_get_ext @530 + _X509_CRL_get_ext_by_NID @531 + _X509_CRL_get_ext_by_OBJ @532 + _X509_CRL_get_ext_by_critical @533 + _X509_CRL_get_ext_count @534 + _X509_CRL_new @535 + _X509_CRL_sign @536 + _X509_CRL_verify @537 + _X509_EXTENSION_create_by_NID @538 + _X509_EXTENSION_create_by_OBJ @539 + _X509_EXTENSION_dup @540 + _X509_EXTENSION_free @541 + _X509_EXTENSION_get_critical @542 + _X509_EXTENSION_get_data @543 + _X509_EXTENSION_get_object @544 + _X509_EXTENSION_new @545 + _X509_EXTENSION_set_critical @546 + _X509_EXTENSION_set_data @547 + _X509_EXTENSION_set_object @548 + _X509_INFO_free @549 + _X509_INFO_new @550 + _X509_LOOKUP_by_alias @551 + _X509_LOOKUP_by_fingerprint @552 + _X509_LOOKUP_by_issuer_serial @553 + _X509_LOOKUP_by_subject @554 + _X509_LOOKUP_ctrl @555 + _X509_LOOKUP_file @556 + _X509_LOOKUP_free @557 + _X509_LOOKUP_hash_dir @558 + _X509_LOOKUP_init @559 + _X509_LOOKUP_new @560 + _X509_LOOKUP_shutdown @561 + _X509_NAME_ENTRY_create_by_NID @562 + _X509_NAME_ENTRY_create_by_OBJ @563 + _X509_NAME_ENTRY_dup @564 + _X509_NAME_ENTRY_free @565 + _X509_NAME_ENTRY_get_data @566 + _X509_NAME_ENTRY_get_object @567 + _X509_NAME_ENTRY_new @568 + _X509_NAME_ENTRY_set_data @569 + _X509_NAME_ENTRY_set_object @570 + _X509_NAME_add_entry @571 + _X509_NAME_cmp @572 + _X509_NAME_delete_entry @573 + _X509_NAME_digest @574 + _X509_NAME_dup @575 + _X509_NAME_entry_count @576 + _X509_NAME_free @577 + _X509_NAME_get_entry @578 + _X509_NAME_get_index_by_NID @579 + _X509_NAME_get_index_by_OBJ @580 + _X509_NAME_get_text_by_NID @581 + _X509_NAME_get_text_by_OBJ @582 + _X509_NAME_hash @583 + _X509_NAME_new @584 + _X509_NAME_oneline @585 + _X509_NAME_print @586 + _X509_NAME_set @587 + _X509_OBJECT_free_contents @588 + _X509_OBJECT_retrive_by_subject @589 + _X509_OBJECT_up_ref_count @590 + _X509_PKEY_free @591 + _X509_PKEY_new @592 + _X509_PUBKEY_free @593 + _X509_PUBKEY_get @594 + _X509_PUBKEY_new @595 + _X509_PUBKEY_set @596 + _X509_REQ_INFO_free @597 + _X509_REQ_INFO_new @598 + _X509_REQ_dup @599 + _X509_REQ_free @600 + _X509_REQ_get_pubkey @601 + _X509_REQ_new @602 + _X509_REQ_print @603 + _X509_REQ_set_pubkey @605 + _X509_REQ_set_subject_name @606 + _X509_REQ_set_version @607 + _X509_REQ_sign @608 + _X509_REQ_to_X509 @609 + _X509_REQ_verify @610 + _X509_REVOKED_add_ext @611 + _X509_REVOKED_delete_ext @612 + _X509_REVOKED_free @613 + _X509_REVOKED_get_ext @614 + _X509_REVOKED_get_ext_by_NID @615 + _X509_REVOKED_get_ext_by_OBJ @616 + _X509_REVOKED_get_ext_by_critical @617 + _X509_REVOKED_get_ext_count @618 + _X509_REVOKED_new @619 + _X509_SIG_free @620 + _X509_SIG_new @621 + _X509_STORE_CTX_cleanup @622 + _X509_STORE_CTX_init @623 + _X509_STORE_add_cert @624 + _X509_STORE_add_lookup @625 + _X509_STORE_free @626 + _X509_STORE_get_by_subject @627 + _X509_STORE_load_locations @628 + _X509_STORE_new @629 + _X509_STORE_set_default_paths @630 + _X509_VAL_free @631 + _X509_VAL_new @632 + _X509_add_ext @633 + _X509_asn1_meth @634 + _X509_certificate_type @635 + _X509_check_private_key @636 + _X509_cmp_current_time @637 + _X509_delete_ext @638 + _X509_digest @639 + _X509_dup @640 + _X509_find_by_issuer_and_serial @920 + _X509_find_by_subject @921 + _X509_free @641 + _X509_get_default_cert_area @642 + _X509_get_default_cert_dir @643 + _X509_get_default_cert_dir_env @644 + _X509_get_default_cert_file @645 + _X509_get_default_cert_file_env @646 + _X509_get_default_private_dir @647 + _X509_get_ext @648 + _X509_get_ext_by_NID @649 + _X509_get_ext_by_OBJ @650 + _X509_get_ext_by_critical @651 + _X509_get_ext_count @652 + _X509_get_issuer_name @653 + _X509_get_pubkey @654 + _X509_get_pubkey_parameters @655 + _X509_get_serialNumber @656 + _X509_get_subject_name @657 + _X509_gmtime_adj @658 + _X509_issuer_and_serial_cmp @659 + _X509_issuer_and_serial_hash @660 + _X509_issuer_name_cmp @661 + _X509_issuer_name_hash @662 + _X509_load_cert_file @663 + _X509_new @664 + _X509_print @665 + _X509_set_issuer_name @667 + _X509_set_notAfter @668 + _X509_set_notBefore @669 + _X509_set_pubkey @670 + _X509_set_serialNumber @671 + _X509_set_subject_name @672 + _X509_set_version @673 + _X509_sign @674 + _X509_subject_name_cmp @675 + _X509_subject_name_hash @676 + _X509_to_X509_REQ @677 + _X509_verify @678 + _X509_verify_cert @679 + _X509_verify_cert_error_string @680 + _X509v3_add_ext @681 + _X509v3_add_extension @682 + _X509v3_add_netscape_extensions @683 + _X509v3_add_standard_extensions @684 + _X509v3_cleanup_extensions @685 + _X509v3_data_type_by_NID @686 + _X509v3_data_type_by_OBJ @687 + _X509v3_delete_ext @688 + _X509v3_get_ext @689 + _X509v3_get_ext_by_NID @690 + _X509v3_get_ext_by_OBJ @691 + _X509v3_get_ext_by_critical @692 + _X509v3_get_ext_count @693 + _X509v3_pack_string @694 + _X509v3_pack_type_by_NID @695 + _X509v3_pack_type_by_OBJ @696 + _X509v3_unpack_string @697 + _a2d_ASN1_OBJECT @699 + _a2i_ASN1_INTEGER @700 + _a2i_ASN1_STRING @701 + _asn1_Finish @702 + _asn1_GetSequence @703 + _bn_div64 @704 + _bn_expand2 @705 + _bn_mul_add_word @706 + _bn_mul_word @707 + _bn_qadd @708 + _bn_qsub @709 + _bn_sqr_words @710 + _crypt @711 + _d2i_ASN1_BIT_STRING @712 + _d2i_ASN1_BOOLEAN @713 + _d2i_ASN1_HEADER @714 + _d2i_ASN1_IA5STRING @715 + _d2i_ASN1_INTEGER @716 + _d2i_ASN1_OBJECT @717 + _d2i_ASN1_OCTET_STRING @718 + _d2i_ASN1_PRINTABLE @719 + _d2i_ASN1_PRINTABLESTRING @720 + _d2i_ASN1_SET @721 + _d2i_ASN1_T61STRING @722 + _d2i_ASN1_TYPE @723 + _d2i_ASN1_UTCTIME @724 + _d2i_ASN1_bytes @725 + _d2i_ASN1_type_bytes @726 + _d2i_DHparams @727 + _d2i_DSAPrivateKey @728 + _d2i_DSAPrivateKey_bio @729 + _d2i_DSAPublicKey @731 + _d2i_DSAparams @732 + _d2i_NETSCAPE_SPKAC @733 + _d2i_NETSCAPE_SPKI @734 + _d2i_Netscape_RSA @735 + _d2i_PKCS7 @736 + _d2i_PKCS7_DIGEST @737 + _d2i_PKCS7_ENCRYPT @738 + _d2i_PKCS7_ENC_CONTENT @739 + _d2i_PKCS7_ENVELOPE @740 + _d2i_PKCS7_ISSUER_AND_SERIAL @741 + _d2i_PKCS7_RECIP_INFO @742 + _d2i_PKCS7_SIGNED @743 + _d2i_PKCS7_SIGNER_INFO @744 + _d2i_PKCS7_SIGN_ENVELOPE @745 + _d2i_PKCS7_bio @925 + _d2i_PrivateKey @748 + _d2i_PublicKey @749 + _d2i_RSAPrivateKey @750 + _d2i_RSAPrivateKey_bio @751 + _d2i_RSAPublicKey @753 + _d2i_RSAPublicKey_bio @951 + _d2i_X509 @754 + _d2i_X509_ALGOR @755 + _d2i_X509_ATTRIBUTE @756 + _d2i_X509_CINF @757 + _d2i_X509_CRL @758 + _d2i_X509_CRL_INFO @759 + _d2i_X509_CRL_bio @760 + _d2i_X509_EXTENSION @762 + _d2i_X509_NAME @763 + _d2i_X509_NAME_ENTRY @764 + _d2i_X509_PKEY @765 + _d2i_X509_PUBKEY @766 + _d2i_X509_REQ @767 + _d2i_X509_REQ_INFO @768 + _d2i_X509_REQ_bio @769 + _d2i_X509_REVOKED @771 + _d2i_X509_SIG @772 + _d2i_X509_VAL @773 + _d2i_X509_bio @774 + _des_3cbc_encrypt @776 + _des_cbc_cksum @777 + _des_cbc_encrypt @778 + _des_cblock_print_file @779 + _des_cfb64_encrypt @780 + _des_cfb_encrypt @781 + _des_decrypt3 @782 + _des_ecb3_encrypt @783 + _des_ecb_encrypt @784 + _des_ede3_cbc_encrypt @785 + _des_ede3_cfb64_encrypt @786 + _des_ede3_ofb64_encrypt @787 + _des_enc_read @788 + _des_enc_write @789 + _des_encrypt @790 + _des_encrypt2 @791 + _des_encrypt3 @792 + _des_fcrypt @793 + _des_is_weak_key @794 + _des_key_sched @795 + _des_ncbc_encrypt @796 + _des_ofb64_encrypt @797 + _des_ofb_encrypt @798 + _des_options @799 + _des_pcbc_encrypt @800 + _des_quad_cksum @801 + _des_random_key @802 + _des_random_seed @803 + _des_read_2passwords @804 + _des_read_password @805 + _des_read_pw @806 + _des_read_pw_string @807 + _des_set_key @808 + _des_set_odd_parity @809 + _des_string_to_2keys @810 + _des_string_to_key @811 + _des_xcbc_encrypt @812 + _des_xwhite_in2out @813 + _i2a_ASN1_INTEGER @815 + _i2a_ASN1_OBJECT @816 + _i2a_ASN1_STRING @817 + _i2d_ASN1_BIT_STRING @818 + _i2d_ASN1_BOOLEAN @819 + _i2d_ASN1_HEADER @820 + _i2d_ASN1_IA5STRING @821 + _i2d_ASN1_INTEGER @822 + _i2d_ASN1_OBJECT @823 + _i2d_ASN1_OCTET_STRING @824 + _i2d_ASN1_PRINTABLE @825 + _i2d_ASN1_SET @826 + _i2d_ASN1_TYPE @827 + _i2d_ASN1_UTCTIME @828 + _i2d_ASN1_bytes @829 + _i2d_DHparams @830 + _i2d_DSAPrivateKey @831 + _i2d_DSAPrivateKey_bio @832 + _i2d_DSAPublicKey @834 + _i2d_DSAparams @835 + _i2d_NETSCAPE_SPKAC @836 + _i2d_NETSCAPE_SPKI @837 + _i2d_Netscape_RSA @838 + _i2d_PKCS7 @839 + _i2d_PKCS7_DIGEST @840 + _i2d_PKCS7_ENCRYPT @841 + _i2d_PKCS7_ENC_CONTENT @842 + _i2d_PKCS7_ENVELOPE @843 + _i2d_PKCS7_ISSUER_AND_SERIAL @844 + _i2d_PKCS7_RECIP_INFO @845 + _i2d_PKCS7_SIGNED @846 + _i2d_PKCS7_SIGNER_INFO @847 + _i2d_PKCS7_SIGN_ENVELOPE @848 + _i2d_PKCS7_bio @926 + _i2d_PrivateKey @851 + _i2d_PublicKey @852 + _i2d_RSAPrivateKey @853 + _i2d_RSAPrivateKey_bio @854 + _i2d_RSAPublicKey @856 + _i2d_RSAPublicKey_bio @953 + _i2d_X509 @857 + _i2d_X509_ALGOR @858 + _i2d_X509_ATTRIBUTE @859 + _i2d_X509_CINF @860 + _i2d_X509_CRL @861 + _i2d_X509_CRL_INFO @862 + _i2d_X509_CRL_bio @863 + _i2d_X509_EXTENSION @865 + _i2d_X509_NAME @866 + _i2d_X509_NAME_ENTRY @867 + _i2d_X509_PKEY @868 + _i2d_X509_PUBKEY @869 + _i2d_X509_REQ @870 + _i2d_X509_REQ_INFO @871 + _i2d_X509_REQ_bio @872 + _i2d_X509_REVOKED @874 + _i2d_X509_SIG @875 + _i2d_X509_VAL @876 + _i2d_X509_bio @877 + _idea_cbc_encrypt @879 + _idea_cfb64_encrypt @880 + _idea_ecb_encrypt @881 + _idea_encrypt @882 + _idea_ofb64_encrypt @883 + _idea_options @884 + _idea_set_decrypt_key @885 + _idea_set_encrypt_key @886 + _lh_delete @887 + _lh_doall @888 + _lh_doall_arg @889 + _lh_free @890 + _lh_insert @891 + _lh_new @892 + _lh_node_stats_bio @894 + _lh_node_usage_stats_bio @896 + _lh_retrieve @897 + _lh_stats_bio @899 + _lh_strhash @900 + _sk_delete @901 + _sk_delete_ptr @902 + _sk_dup @903 + _sk_find @904 + _sk_free @905 + _sk_insert @906 + _sk_new @907 + _sk_pop @908 + _sk_pop_free @909 + _sk_push @910 + _sk_set_cmp_func @911 + _sk_shift @912 + _sk_unshift @913 + _sk_zero @914 + diff --git a/ms/libeay32.def b/ms/libeay32.def new file mode 100644 index 0000000000000000000000000000000000000000..26595fcae8a83b34bd206b6c59e4c3ff5a10d24f --- /dev/null +++ b/ms/libeay32.def @@ -0,0 +1,922 @@ +; +; Definition file for the DDL version of the LIBEAY32 library from SSLeay +; + +LIBRARY LIBEAY32 + +DESCRIPTION 'SSLeay LIBEAY32 - eay@cryptsoft.com' + +EXPORTS + SSLeay @1 + SSLeay_add_all_algorithms @508 + SSLeay_add_all_ciphers @509 + SSLeay_add_all_digests @510 + SSLeay_version @2 + ASN1_BIT_STRING_asn1_meth @3 + ASN1_HEADER_free @4 + ASN1_HEADER_new @5 + ASN1_IA5STRING_asn1_meth @6 + ASN1_INTEGER_get @7 + ASN1_INTEGER_set @8 + ASN1_INTEGER_to_BN @9 + ASN1_OBJECT_create @10 + ASN1_OBJECT_free @11 + ASN1_OBJECT_new @12 + ASN1_PRINTABLE_type @13 + ASN1_STRING_cmp @14 + ASN1_STRING_dup @15 + ASN1_STRING_free @16 + ASN1_STRING_new @17 + ASN1_STRING_print @18 + ASN1_STRING_set @19 + ASN1_STRING_type_new @20 + ASN1_TYPE_free @21 + ASN1_TYPE_get @916 + ASN1_TYPE_new @22 + ASN1_TYPE_set @917 + ASN1_UNIVERSALSTRING_to_string @23 + ASN1_UTCTIME_check @24 + ASN1_UTCTIME_print @25 + ASN1_UTCTIME_set @26 + ASN1_check_infinite_end @27 + ASN1_d2i_bio @28 + ASN1_d2i_fp @29 + ASN1_digest @30 + ASN1_dup @31 + ASN1_get_object @32 + ASN1_i2d_bio @33 + ASN1_i2d_fp @34 + ASN1_object_size @35 + ASN1_parse @36 + ASN1_put_object @37 + ASN1_sign @38 + ASN1_verify @39 + BF_cbc_encrypt @40 + BF_cfb64_encrypt @41 + BF_ecb_encrypt @42 + BF_encrypt @43 + BF_ofb64_encrypt @44 + BF_options @45 + BF_set_key @46 + BIO_accept @51 + BIO_copy_next_retry @955 + BIO_ctrl @52 + BIO_ctrl_int @53 + BIO_debug_callback @54 + BIO_dump @55 + BIO_dup_chain @56 + BIO_f_base64 @57 + BIO_f_buffer @58 + BIO_f_cipher @59 + BIO_f_md @60 + BIO_f_nbio_test @915 + BIO_f_null @61 + BIO_fd_non_fatal_error @63 + BIO_fd_should_retry @64 + BIO_find_type @65 + BIO_free @66 + BIO_free_all @67 + BIO_get_accept_socket @69 + BIO_get_host_ip @71 + BIO_get_port @72 + BIO_get_retry_BIO @73 + BIO_get_retry_reason @74 + BIO_gethostbyname @75 + BIO_gets @76 + BIO_new @78 + BIO_new_accept @79 + BIO_new_connect @80 + BIO_new_fd @81 + BIO_new_file @82 + BIO_new_fp @83 + BIO_new_socket @84 + BIO_pop @85 + BIO_printf @86 + BIO_push @87 + BIO_puts @88 + BIO_read @89 + BIO_s_accept @90 + BIO_s_connect @91 + BIO_s_fd @92 + BIO_s_file @93 + BIO_s_mem @95 + BIO_s_null @96 + BIO_s_socket @99 + BIO_set @100 + BIO_set_cipher @101 + BIO_set_tcp_ndelay @102 + BIO_sock_cleanup @103 + BIO_sock_error @104 + BIO_sock_init @105 + BIO_sock_non_fatal_error @106 + BIO_sock_should_retry @107 + BIO_socket_ioctl @108 + BIO_write @109 + BN_CTX_free @110 + BN_CTX_new @111 + BN_MONT_CTX_free @112 + BN_MONT_CTX_new @113 + BN_MONT_CTX_set @114 + BN_add @115 + BN_add_word @116 + BN_ascii2bn @117 + BN_bin2bn @118 + BN_bn2ascii @119 + BN_bn2bin @120 + BN_clear @121 + BN_clear_bit @122 + BN_clear_free @123 + BN_cmp @124 + BN_copy @125 + BN_div @126 + BN_div_word @127 + BN_dup @128 + BN_free @129 + BN_from_montgomery @130 + BN_gcd @131 + BN_generate_prime @132 + BN_get_word @133 + BN_is_bit_set @134 + BN_is_prime @135 + BN_lshift @136 + BN_lshift1 @137 + BN_mask_bits @138 + BN_mod @139 + BN_mod_exp @140 + BN_mod_exp_mont @141 + BN_mod_exp_recp @142 + BN_mod_exp_simple @143 + BN_mod_inverse @144 + BN_mod_mul @145 + BN_mod_mul_montgomery @146 + BN_mod_mul_reciprocal @147 + BN_mod_word @148 + BN_mul @149 + BN_new @150 + BN_num_bits @151 + BN_num_bits_word @152 + BN_options @153 + BN_print @154 + BN_print_fp @155 + BN_rand @156 + BN_reciprocal @157 + BN_rshift @158 + BN_rshift1 @159 + BN_set_bit @160 + BN_set_word @161 + BN_sqr @162 + BN_sub @163 + BN_to_ASN1_INTEGER @164 + BN_ucmp @165 + BN_value_one @166 + BUF_MEM_free @167 + BUF_MEM_grow @168 + BUF_MEM_new @169 + BUF_strdup @170 + CONF_free @171 + CONF_get_number @172 + CONF_get_section @173 + CONF_get_string @174 + CONF_load @175 + CRYPTO_add_lock @176 + CRYPTO_dbg_free @177 + CRYPTO_dbg_malloc @178 + CRYPTO_dbg_realloc @179 + CRYPTO_dbg_remalloc @180 + CRYPTO_free @181 + CRYPTO_get_add_lock_callback @182 + CRYPTO_get_id_callback @183 + CRYPTO_get_lock_name @184 + CRYPTO_get_locking_callback @185 + CRYPTO_get_mem_functions @186 + CRYPTO_lock @187 + CRYPTO_malloc @188 + CRYPTO_mem_ctrl @189 + CRYPTO_mem_leaks @190 + CRYPTO_mem_leaks_cb @191 + CRYPTO_mem_leaks_fp @192 + CRYPTO_realloc @193 + CRYPTO_remalloc @194 + CRYPTO_set_add_lock_callback @195 + CRYPTO_set_id_callback @196 + CRYPTO_set_locking_callback @197 + CRYPTO_set_mem_functions @198 + CRYPTO_thread_id @199 + DH_check @200 + DH_compute_key @201 + DH_free @202 + DH_generate_key @203 + DH_generate_parameters @204 + DH_new @205 + DH_size @206 + DHparams_print @207 + DHparams_print_fp @208 + DSA_free @209 + DSA_generate_key @210 + DSA_generate_parameters @211 + DSA_is_prime @212 + DSA_new @213 + DSA_print @214 + DSA_print_fp @215 + DSA_sign @216 + DSA_sign_setup @217 + DSA_size @218 + DSA_verify @219 + DSAparams_print @220 + DSAparams_print_fp @221 + ERR_clear_error @222 + ERR_error_string @223 + ERR_free_strings @224 + ERR_func_error_string @225 + ERR_get_err_state_table @226 + ERR_get_error @227 + ERR_get_error_line @228 + ERR_get_state @229 + ERR_get_string_table @230 + ERR_lib_error_string @231 + ERR_load_ASN1_strings @232 + ERR_load_BIO_strings @233 + ERR_load_BN_strings @234 + ERR_load_BUF_strings @235 + ERR_load_CONF_strings @236 + ERR_load_DH_strings @237 + ERR_load_DSA_strings @238 + ERR_load_ERR_strings @239 + ERR_load_EVP_strings @240 + ERR_load_OBJ_strings @241 + ERR_load_PEM_strings @242 + ERR_load_PKCS7_strings @919 + ERR_load_RSA_strings @244 + ERR_load_X509_strings @245 + ERR_load_crypto_strings @246 + ERR_load_strings @247 + ERR_peek_error @248 + ERR_peek_error_line @249 + ERR_print_errors @250 + ERR_print_errors_fp @251 + ERR_put_error @252 + ERR_reason_error_string @253 + ERR_remove_state @254 + EVP_BytesToKey @255 + EVP_CIPHER_CTX_cleanup @256 + EVP_CipherFinal @257 + EVP_CipherInit @258 + EVP_CipherUpdate @259 + EVP_DecodeBlock @260 + EVP_DecodeFinal @261 + EVP_DecodeInit @262 + EVP_DecodeUpdate @263 + EVP_DecryptFinal @264 + EVP_DecryptInit @265 + EVP_DecryptUpdate @266 + EVP_DigestFinal @267 + EVP_DigestInit @268 + EVP_DigestUpdate @269 + EVP_EncodeBlock @270 + EVP_EncodeFinal @271 + EVP_EncodeInit @272 + EVP_EncodeUpdate @273 + EVP_EncryptFinal @274 + EVP_EncryptInit @275 + EVP_EncryptUpdate @276 + EVP_OpenFinal @277 + EVP_OpenInit @278 + EVP_PKEY_assign @279 + EVP_PKEY_copy_parameters @280 + EVP_PKEY_free @281 + EVP_PKEY_missing_parameters @282 + EVP_PKEY_new @283 + EVP_PKEY_save_parameters @284 + EVP_PKEY_size @285 + EVP_PKEY_type @286 + EVP_SealFinal @287 + EVP_SealInit @288 + EVP_SignFinal @289 + EVP_VerifyFinal @290 + EVP_add_alias @291 + EVP_add_cipher @292 + EVP_add_digest @293 + EVP_bf_cbc @294 + EVP_bf_cfb @295 + EVP_bf_ecb @296 + EVP_bf_ofb @297 + EVP_cleanup @298 + EVP_delete_alias @941 + EVP_des_cbc @299 + EVP_des_cfb @300 + EVP_des_ecb @301 + EVP_des_ede @302 + EVP_des_ede3 @303 + EVP_des_ede3_cbc @304 + EVP_des_ede3_cfb @305 + EVP_des_ede3_ofb @306 + EVP_des_ede_cbc @307 + EVP_des_ede_cfb @308 + EVP_des_ede_ofb @309 + EVP_des_ofb @310 + EVP_desx_cbc @311 + EVP_dss @312 + EVP_dss1 @313 + EVP_enc_null @314 + EVP_get_cipherbyname @315 + EVP_get_digestbyname @316 + EVP_get_pw_prompt @317 + EVP_idea_cbc @318 + EVP_idea_cfb @319 + EVP_idea_ecb @320 + EVP_idea_ofb @321 + EVP_md2 @322 + EVP_md5 @323 + EVP_md_null @324 + EVP_mdc2 @942 + EVP_rc2_cbc @325 + EVP_rc2_cfb @326 + EVP_rc2_ecb @327 + EVP_rc2_ofb @328 + EVP_rc4 @329 + EVP_read_pw_string @330 + EVP_set_pw_prompt @331 + EVP_sha @332 + EVP_sha1 @333 + MD2 @334 + MD2_Final @335 + MD2_Init @336 + MD2_Update @337 + MD2_options @338 + MD5 @339 + MD5_Final @340 + MD5_Init @341 + MD5_Update @342 + MDC2 @343 + MDC2_Final @344 + MDC2_Init @345 + MDC2_Update @346 + NETSCAPE_SPKAC_free @347 + NETSCAPE_SPKAC_new @348 + NETSCAPE_SPKI_free @349 + NETSCAPE_SPKI_new @350 + NETSCAPE_SPKI_sign @351 + NETSCAPE_SPKI_verify @352 + OBJ_add_object @353 + OBJ_bsearch @354 + OBJ_cleanup @355 + OBJ_cmp @356 + OBJ_create_and_add_object @357 + OBJ_dup @358 + OBJ_ln2nid @359 + OBJ_new_nid @360 + OBJ_nid2ln @361 + OBJ_nid2obj @362 + OBJ_nid2sn @363 + OBJ_obj2nid @364 + OBJ_sn2nid @365 + OBJ_txt2nid @366 + PEM_ASN1_read @367 + PEM_ASN1_read_bio @368 + PEM_ASN1_write @369 + PEM_ASN1_write_bio @370 + PEM_SealFinal @371 + PEM_SealInit @372 + PEM_SealUpdate @373 + PEM_SignFinal @374 + PEM_X509_INFO_read @377 + PEM_X509_INFO_read_bio @378 + PEM_X509_INFO_write_bio @379 + PEM_dek_info @380 + PEM_do_header @381 + PEM_get_EVP_CIPHER_INFO @382 + PEM_proc_type @383 + PEM_read @384 + PEM_read_DHparams @385 + PEM_read_DSAPrivateKey @386 + PEM_read_DSAparams @387 + PEM_read_PKCS7 @388 + PEM_read_PrivateKey @389 + PEM_read_RSAPrivateKey @390 + PEM_read_RSAPublicKey @947 + PEM_read_X509 @391 + PEM_read_X509_CRL @392 + PEM_read_X509_REQ @393 + PEM_read_bio @394 + PEM_read_bio_DHparams @395 + PEM_read_bio_DSAPrivateKey @396 + PEM_read_bio_DSAparams @397 + PEM_read_bio_PKCS7 @398 + PEM_read_bio_PrivateKey @399 + PEM_read_bio_RSAPrivateKey @400 + PEM_read_bio_RSAPublicKey @948 + PEM_read_bio_X509 @401 + PEM_read_bio_X509_CRL @402 + PEM_read_bio_X509_REQ @403 + PEM_write @404 + PEM_write_DHparams @405 + PEM_write_DSAPrivateKey @406 + PEM_write_DSAparams @407 + PEM_write_PKCS7 @408 + PEM_write_PrivateKey @409 + PEM_write_RSAPrivateKey @410 + PEM_write_RSAPublicKey @949 + PEM_write_X509 @411 + PEM_write_X509_CRL @412 + PEM_write_X509_REQ @413 + PEM_write_bio @414 + PEM_write_bio_DHparams @415 + PEM_write_bio_DSAPrivateKey @416 + PEM_write_bio_DSAparams @417 + PEM_write_bio_PKCS7 @418 + PEM_write_bio_PrivateKey @419 + PEM_write_bio_RSAPrivateKey @420 + PEM_write_bio_RSAPublicKey @950 + PEM_write_bio_X509 @421 + PEM_write_bio_X509_CRL @422 + PEM_write_bio_X509_REQ @423 + PKCS7_DIGEST_free @424 + PKCS7_DIGEST_new @425 + PKCS7_ENCRYPT_free @426 + PKCS7_ENCRYPT_new @427 + PKCS7_ENC_CONTENT_free @428 + PKCS7_ENC_CONTENT_new @429 + PKCS7_ENVELOPE_free @430 + PKCS7_ENVELOPE_new @431 + PKCS7_ISSUER_AND_SERIAL_digest @432 + PKCS7_ISSUER_AND_SERIAL_free @433 + PKCS7_ISSUER_AND_SERIAL_new @434 + PKCS7_RECIP_INFO_free @435 + PKCS7_RECIP_INFO_new @436 + PKCS7_SIGNED_free @437 + PKCS7_SIGNED_new @438 + PKCS7_SIGNER_INFO_free @439 + PKCS7_SIGNER_INFO_new @440 + PKCS7_SIGNER_INFO_set @930 + PKCS7_SIGN_ENVELOPE_free @441 + PKCS7_SIGN_ENVELOPE_new @442 + PKCS7_add_certificate @932 + PKCS7_add_crl @933 + PKCS7_add_signature @938 + PKCS7_add_signer @931 + PKCS7_cert_from_signer_info @939 + PKCS7_content_free @918 + PKCS7_content_new @934 + PKCS7_ctrl @927 + PKCS7_dataInit @937 + PKCS7_dataSign @935 + PKCS7_dataVerify @936 + PKCS7_dup @924 + PKCS7_free @444 + PKCS7_get_signer_info @940 + PKCS7_new @445 + PKCS7_set_content @929 + PKCS7_set_type @928 + RAND_bytes @464 + RAND_cleanup @465 + RAND_file_name @466 + RAND_load_file @467 + RAND_screen @468 + RAND_seed @469 + RAND_write_file @470 + RC2_cbc_encrypt @471 + RC2_cfb64_encrypt @472 + RC2_ecb_encrypt @473 + RC2_encrypt @474 + RC2_ofb64_encrypt @475 + RC2_set_key @476 + RC4 @477 + RC4_options @478 + RC4_set_key @479 + RSAPrivateKey_asn1_meth @480 + RSAPrivateKey_dup @481 + RSAPublicKey_dup @482 + RSA_PKCS1_SSLeay @483 + RSA_free @484 + RSA_generate_key @485 + RSA_new @486 + RSA_new_method @487 + RSA_print @488 + RSA_print_fp @489 + RSA_private_decrypt @490 + RSA_private_encrypt @491 + RSA_public_decrypt @492 + RSA_public_encrypt @493 + RSA_set_default_method @494 + RSA_sign @495 + RSA_sign_ASN1_OCTET_STRING @496 + RSA_size @497 + RSA_verify @498 + RSA_verify_ASN1_OCTET_STRING @499 + SHA @500 + SHA1 @501 + SHA1_Final @502 + SHA1_Init @503 + SHA1_Update @504 + SHA_Final @505 + SHA_Init @506 + SHA_Update @507 + TXT_DB_create_index @511 + TXT_DB_free @512 + TXT_DB_get_by_index @513 + TXT_DB_insert @514 + TXT_DB_read @515 + TXT_DB_write @516 + X509_ALGOR_free @517 + X509_ALGOR_new @518 + X509_ATTRIBUTE_free @519 + X509_ATTRIBUTE_new @520 + X509_CINF_free @521 + X509_CINF_new @522 + X509_CRL_INFO_free @523 + X509_CRL_INFO_new @524 + X509_CRL_add_ext @525 + X509_CRL_cmp @526 + X509_CRL_delete_ext @527 + X509_CRL_dup @528 + X509_CRL_free @529 + X509_CRL_get_ext @530 + X509_CRL_get_ext_by_NID @531 + X509_CRL_get_ext_by_OBJ @532 + X509_CRL_get_ext_by_critical @533 + X509_CRL_get_ext_count @534 + X509_CRL_new @535 + X509_CRL_sign @536 + X509_CRL_verify @537 + X509_EXTENSION_create_by_NID @538 + X509_EXTENSION_create_by_OBJ @539 + X509_EXTENSION_dup @540 + X509_EXTENSION_free @541 + X509_EXTENSION_get_critical @542 + X509_EXTENSION_get_data @543 + X509_EXTENSION_get_object @544 + X509_EXTENSION_new @545 + X509_EXTENSION_set_critical @546 + X509_EXTENSION_set_data @547 + X509_EXTENSION_set_object @548 + X509_INFO_free @549 + X509_INFO_new @550 + X509_LOOKUP_by_alias @551 + X509_LOOKUP_by_fingerprint @552 + X509_LOOKUP_by_issuer_serial @553 + X509_LOOKUP_by_subject @554 + X509_LOOKUP_ctrl @555 + X509_LOOKUP_file @556 + X509_LOOKUP_free @557 + X509_LOOKUP_hash_dir @558 + X509_LOOKUP_init @559 + X509_LOOKUP_new @560 + X509_LOOKUP_shutdown @561 + X509_NAME_ENTRY_create_by_NID @562 + X509_NAME_ENTRY_create_by_OBJ @563 + X509_NAME_ENTRY_dup @564 + X509_NAME_ENTRY_free @565 + X509_NAME_ENTRY_get_data @566 + X509_NAME_ENTRY_get_object @567 + X509_NAME_ENTRY_new @568 + X509_NAME_ENTRY_set_data @569 + X509_NAME_ENTRY_set_object @570 + X509_NAME_add_entry @571 + X509_NAME_cmp @572 + X509_NAME_delete_entry @573 + X509_NAME_digest @574 + X509_NAME_dup @575 + X509_NAME_entry_count @576 + X509_NAME_free @577 + X509_NAME_get_entry @578 + X509_NAME_get_index_by_NID @579 + X509_NAME_get_index_by_OBJ @580 + X509_NAME_get_text_by_NID @581 + X509_NAME_get_text_by_OBJ @582 + X509_NAME_hash @583 + X509_NAME_new @584 + X509_NAME_oneline @585 + X509_NAME_print @586 + X509_NAME_set @587 + X509_OBJECT_free_contents @588 + X509_OBJECT_retrive_by_subject @589 + X509_OBJECT_up_ref_count @590 + X509_PKEY_free @591 + X509_PKEY_new @592 + X509_PUBKEY_free @593 + X509_PUBKEY_get @594 + X509_PUBKEY_new @595 + X509_PUBKEY_set @596 + X509_REQ_INFO_free @597 + X509_REQ_INFO_new @598 + X509_REQ_dup @599 + X509_REQ_free @600 + X509_REQ_get_pubkey @601 + X509_REQ_new @602 + X509_REQ_print @603 + X509_REQ_print_fp @604 + X509_REQ_set_pubkey @605 + X509_REQ_set_subject_name @606 + X509_REQ_set_version @607 + X509_REQ_sign @608 + X509_REQ_to_X509 @609 + X509_REQ_verify @610 + X509_REVOKED_add_ext @611 + X509_REVOKED_delete_ext @612 + X509_REVOKED_free @613 + X509_REVOKED_get_ext @614 + X509_REVOKED_get_ext_by_NID @615 + X509_REVOKED_get_ext_by_OBJ @616 + X509_REVOKED_get_ext_by_critical @617 + X509_REVOKED_get_ext_count @618 + X509_REVOKED_new @619 + X509_SIG_free @620 + X509_SIG_new @621 + X509_STORE_CTX_cleanup @622 + X509_STORE_CTX_init @623 + X509_STORE_add_cert @624 + X509_STORE_add_lookup @625 + X509_STORE_free @626 + X509_STORE_get_by_subject @627 + X509_STORE_load_locations @628 + X509_STORE_new @629 + X509_STORE_set_default_paths @630 + X509_VAL_free @631 + X509_VAL_new @632 + X509_add_ext @633 + X509_asn1_meth @634 + X509_certificate_type @635 + X509_check_private_key @636 + X509_cmp_current_time @637 + X509_delete_ext @638 + X509_digest @639 + X509_dup @640 + X509_find_by_issuer_and_serial @920 + X509_find_by_subject @921 + X509_free @641 + X509_get_default_cert_area @642 + X509_get_default_cert_dir @643 + X509_get_default_cert_dir_env @644 + X509_get_default_cert_file @645 + X509_get_default_cert_file_env @646 + X509_get_default_private_dir @647 + X509_get_ext @648 + X509_get_ext_by_NID @649 + X509_get_ext_by_OBJ @650 + X509_get_ext_by_critical @651 + X509_get_ext_count @652 + X509_get_issuer_name @653 + X509_get_pubkey @654 + X509_get_pubkey_parameters @655 + X509_get_serialNumber @656 + X509_get_subject_name @657 + X509_gmtime_adj @658 + X509_issuer_and_serial_cmp @659 + X509_issuer_and_serial_hash @660 + X509_issuer_name_cmp @661 + X509_issuer_name_hash @662 + X509_load_cert_file @663 + X509_new @664 + X509_print @665 + X509_print_fp @666 + X509_set_issuer_name @667 + X509_set_notAfter @668 + X509_set_notBefore @669 + X509_set_pubkey @670 + X509_set_serialNumber @671 + X509_set_subject_name @672 + X509_set_version @673 + X509_sign @674 + X509_subject_name_cmp @675 + X509_subject_name_hash @676 + X509_to_X509_REQ @677 + X509_verify @678 + X509_verify_cert @679 + X509_verify_cert_error_string @680 + X509v3_add_ext @681 + X509v3_add_extension @682 + X509v3_add_netscape_extensions @683 + X509v3_add_standard_extensions @684 + X509v3_cleanup_extensions @685 + X509v3_data_type_by_NID @686 + X509v3_data_type_by_OBJ @687 + X509v3_delete_ext @688 + X509v3_get_ext @689 + X509v3_get_ext_by_NID @690 + X509v3_get_ext_by_OBJ @691 + X509v3_get_ext_by_critical @692 + X509v3_get_ext_count @693 + X509v3_pack_string @694 + X509v3_pack_type_by_NID @695 + X509v3_pack_type_by_OBJ @696 + X509v3_unpack_string @697 + a2d_ASN1_OBJECT @699 + a2i_ASN1_INTEGER @700 + a2i_ASN1_STRING @701 + asn1_Finish @702 + asn1_GetSequence @703 + bn_div64 @704 + bn_expand2 @705 + bn_mul_add_word @706 + bn_mul_word @707 + bn_qadd @708 + bn_qsub @709 + bn_sqr_words @710 + crypt @711 + d2i_ASN1_BIT_STRING @712 + d2i_ASN1_BOOLEAN @713 + d2i_ASN1_HEADER @714 + d2i_ASN1_IA5STRING @715 + d2i_ASN1_INTEGER @716 + d2i_ASN1_OBJECT @717 + d2i_ASN1_OCTET_STRING @718 + d2i_ASN1_PRINTABLE @719 + d2i_ASN1_PRINTABLESTRING @720 + d2i_ASN1_SET @721 + d2i_ASN1_T61STRING @722 + d2i_ASN1_TYPE @723 + d2i_ASN1_UTCTIME @724 + d2i_ASN1_bytes @725 + d2i_ASN1_type_bytes @726 + d2i_DHparams @727 + d2i_DSAPrivateKey @728 + d2i_DSAPrivateKey_bio @729 + d2i_DSAPrivateKey_fp @730 + d2i_DSAPublicKey @731 + d2i_DSAparams @732 + d2i_NETSCAPE_SPKAC @733 + d2i_NETSCAPE_SPKI @734 + d2i_Netscape_RSA @735 + d2i_PKCS7 @736 + d2i_PKCS7_DIGEST @737 + d2i_PKCS7_ENCRYPT @738 + d2i_PKCS7_ENC_CONTENT @739 + d2i_PKCS7_ENVELOPE @740 + d2i_PKCS7_ISSUER_AND_SERIAL @741 + d2i_PKCS7_RECIP_INFO @742 + d2i_PKCS7_SIGNED @743 + d2i_PKCS7_SIGNER_INFO @744 + d2i_PKCS7_SIGN_ENVELOPE @745 + d2i_PKCS7_bio @925 + d2i_PKCS7_fp @922 + d2i_PrivateKey @748 + d2i_PublicKey @749 + d2i_RSAPrivateKey @750 + d2i_RSAPrivateKey_bio @751 + d2i_RSAPrivateKey_fp @752 + d2i_RSAPublicKey @753 + d2i_RSAPublicKey_bio @951 + d2i_RSAPublicKey_fp @952 + d2i_X509 @754 + d2i_X509_ALGOR @755 + d2i_X509_ATTRIBUTE @756 + d2i_X509_CINF @757 + d2i_X509_CRL @758 + d2i_X509_CRL_INFO @759 + d2i_X509_CRL_bio @760 + d2i_X509_CRL_fp @761 + d2i_X509_EXTENSION @762 + d2i_X509_NAME @763 + d2i_X509_NAME_ENTRY @764 + d2i_X509_PKEY @765 + d2i_X509_PUBKEY @766 + d2i_X509_REQ @767 + d2i_X509_REQ_INFO @768 + d2i_X509_REQ_bio @769 + d2i_X509_REQ_fp @770 + d2i_X509_REVOKED @771 + d2i_X509_SIG @772 + d2i_X509_VAL @773 + d2i_X509_bio @774 + d2i_X509_fp @775 + des_3cbc_encrypt @776 + des_cbc_cksum @777 + des_cbc_encrypt @778 + des_cblock_print_file @779 + des_cfb64_encrypt @780 + des_cfb_encrypt @781 + des_decrypt3 @782 + des_ecb3_encrypt @783 + des_ecb_encrypt @784 + des_ede3_cbc_encrypt @785 + des_ede3_cfb64_encrypt @786 + des_ede3_ofb64_encrypt @787 + des_enc_read @788 + des_enc_write @789 + des_encrypt @790 + des_encrypt2 @791 + des_encrypt3 @792 + des_fcrypt @793 + des_is_weak_key @794 + des_key_sched @795 + des_ncbc_encrypt @796 + des_ofb64_encrypt @797 + des_ofb_encrypt @798 + des_options @799 + des_pcbc_encrypt @800 + des_quad_cksum @801 + des_random_key @802 + des_random_seed @803 + des_read_2passwords @804 + des_read_password @805 + des_read_pw @806 + des_read_pw_string @807 + des_set_key @808 + des_set_odd_parity @809 + des_string_to_2keys @810 + des_string_to_key @811 + des_xcbc_encrypt @812 + des_xwhite_in2out @813 + i2a_ASN1_INTEGER @815 + i2a_ASN1_OBJECT @816 + i2a_ASN1_STRING @817 + i2d_ASN1_BIT_STRING @818 + i2d_ASN1_BOOLEAN @819 + i2d_ASN1_HEADER @820 + i2d_ASN1_IA5STRING @821 + i2d_ASN1_INTEGER @822 + i2d_ASN1_OBJECT @823 + i2d_ASN1_OCTET_STRING @824 + i2d_ASN1_PRINTABLE @825 + i2d_ASN1_SET @826 + i2d_ASN1_TYPE @827 + i2d_ASN1_UTCTIME @828 + i2d_ASN1_bytes @829 + i2d_DHparams @830 + i2d_DSAPrivateKey @831 + i2d_DSAPrivateKey_bio @832 + i2d_DSAPrivateKey_fp @833 + i2d_DSAPublicKey @834 + i2d_DSAparams @835 + i2d_NETSCAPE_SPKAC @836 + i2d_NETSCAPE_SPKI @837 + i2d_Netscape_RSA @838 + i2d_PKCS7 @839 + i2d_PKCS7_DIGEST @840 + i2d_PKCS7_ENCRYPT @841 + i2d_PKCS7_ENC_CONTENT @842 + i2d_PKCS7_ENVELOPE @843 + i2d_PKCS7_ISSUER_AND_SERIAL @844 + i2d_PKCS7_RECIP_INFO @845 + i2d_PKCS7_SIGNED @846 + i2d_PKCS7_SIGNER_INFO @847 + i2d_PKCS7_SIGN_ENVELOPE @848 + i2d_PKCS7_bio @926 + i2d_PKCS7_fp @923 + i2d_PrivateKey @851 + i2d_PublicKey @852 + i2d_RSAPrivateKey @853 + i2d_RSAPrivateKey_bio @854 + i2d_RSAPrivateKey_fp @855 + i2d_RSAPublicKey @856 + i2d_RSAPublicKey_bio @953 + i2d_RSAPublicKey_fp @954 + i2d_X509 @857 + i2d_X509_ALGOR @858 + i2d_X509_ATTRIBUTE @859 + i2d_X509_CINF @860 + i2d_X509_CRL @861 + i2d_X509_CRL_INFO @862 + i2d_X509_CRL_bio @863 + i2d_X509_CRL_fp @864 + i2d_X509_EXTENSION @865 + i2d_X509_NAME @866 + i2d_X509_NAME_ENTRY @867 + i2d_X509_PKEY @868 + i2d_X509_PUBKEY @869 + i2d_X509_REQ @870 + i2d_X509_REQ_INFO @871 + i2d_X509_REQ_bio @872 + i2d_X509_REQ_fp @873 + i2d_X509_REVOKED @874 + i2d_X509_SIG @875 + i2d_X509_VAL @876 + i2d_X509_bio @877 + i2d_X509_fp @878 + idea_cbc_encrypt @879 + idea_cfb64_encrypt @880 + idea_ecb_encrypt @881 + idea_encrypt @882 + idea_ofb64_encrypt @883 + idea_options @884 + idea_set_decrypt_key @885 + idea_set_encrypt_key @886 + lh_delete @887 + lh_doall @888 + lh_doall_arg @889 + lh_free @890 + lh_insert @891 + lh_new @892 + lh_node_stats @893 + lh_node_stats_bio @894 + lh_node_usage_stats @895 + lh_node_usage_stats_bio @896 + lh_retrieve @897 + lh_stats @898 + lh_stats_bio @899 + lh_strhash @900 + sk_delete @901 + sk_delete_ptr @902 + sk_dup @903 + sk_find @904 + sk_free @905 + sk_insert @906 + sk_new @907 + sk_pop @908 + sk_pop_free @909 + sk_push @910 + sk_set_cmp_func @911 + sk_shift @912 + sk_unshift @913 + sk_zero @914 + diff --git a/ms/ntdll.mak b/ms/ntdll.mak new file mode 100644 index 0000000000000000000000000000000000000000..f552216ce3b05978faa819fac0bff605d52012b3 --- /dev/null +++ b/ms/ntdll.mak @@ -0,0 +1,1621 @@ +# This makefile has been automatically generated from the SSLeay distribution. +# This single makefile will build the complete SSLeay distribution and +# by default leave the 'intertesting' output files in .\out and the stuff +# that needs deleting in .\tmp. +# The file was generated by running 'make makefile.one', which +# does a 'make files', which writes all the environment variables from all +# the makefiles to the file call MINFO. This file is used by +# util\mk1mf.pl to generate makefile.one. +# The 'makefile per directory' system suites me when developing this +# library and also so I can 'distribute' indervidual library sections. +# The one monster makefile better suits building in non-unix +# environments. + +INSTALLTOP=\usr\local\ssl + +# Set your compiler options +CC=cl +CFLAG=/W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN /MD +APP_CFLAG= +LIB_CFLAG= /GD +APP_EX_OBJ=setargv.obj +SHLIB_EX_OBJ= +# add extra libraries to this define, for solaris -lsocket -lnsl would +# be added +EX_LIBS=wsock32.lib user32.lib gdi32.lib + +# The SSLeay directory +SRC_D=. + +LINK=link +LFLAGS=/nologo /subsystem:console /machine:I386 /opt:ref + +BN_MULW_OBJ=crypto\bn\asm\x86nt32.obj +BN_MULW_SRC=crypto\bn\asm\x86nt32.asm +DES_ENC_OBJ=crypto\des\asm\d-win32.obj crypto\des\asm\c-win32.obj +DES_ENC_SRC=crypto\des\asm\d-win32.asm crypto\des\asm\c-win32.asm +DES_CRYPT_OBJ= +DES_CRYPT_SRC= +BF_ENC_OBJ=crypto\bf\asm\b-win32.obj +BF_ENC_SRC=crypto\bf\asm\b-win32.asm + +# The output directory for everything intersting +OUT_D=out +# The output directory for all the temporary muck +TMP_D=tmp + +CP=copy +RM=del +RANLIB= +MKDIR=mkdir +MKLIB=lib +MLFLAGS= /nologo /subsystem:console /machine:I386 /opt:ref /dll +ASM=ml /Cp /coff /c /Cx + +###################################################### +# You should not need to touch anything below this point +###################################################### + +E_EXE=ssleay +SSL=ssleay32 +CRYPTO=libeay32 +RSAGLUE=RSAglue + +# BIN_D - Binary output directory +# TEST_D - Binary test file output directory +# LIB_D - library output directory +# INC_D - include directory +BIN_D=$(OUT_D) +TEST_D=$(OUT_D) +LIB_D=$(OUT_D) +INC_D=$(OUT_D) + +# INCL_D - local library directory +# OBJ_D - temp object file directory +OBJ_D=$(TMP_D) +INCL_D=$(TMP_D) + +O_SSL= $(LIB_D)\$(SSL).dll +O_CRYPTO= $(LIB_D)\$(CRYPTO).dll +O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib +L_SSL= $(LIB_D)\$(SSL).lib +L_CRYPTO= $(LIB_D)\$(CRYPTO).lib + +L_LIBS= $(L_SSL) $(L_CRYPTO) +#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO) + +###################################################### +# Don't touch anything below this point +###################################################### + +INC=-DFLAT_INC -I$(INC_D) -I$(INCL_D) +APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG) +LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) +LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL) + +############################################# +HEADER=$(INCL_D)\e_os.h \ + $(INCL_D)\cryptlib.h $(INCL_D)\date.h $(INCL_D)\md5_locl.h \ + $(INCL_D)\sha_locl.h $(INCL_D)\des_locl.h $(INCL_D)\rpc_des.h \ + $(INCL_D)\podd.h $(INCL_D)\sk.h $(INCL_D)\spr.h \ + $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h $(INCL_D)\idea_lcl.h \ + $(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\bn_lcl.h \ + $(INCL_D)\bn_prime.h $(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h \ + $(INCL_D)\ssl_locl.h $(INCL_D)\rsaref.h $(INCL_D)\apps.h \ + $(INCL_D)\progs.h $(INCL_D)\s_apps.h $(INCL_D)\testdsa.h \ + $(INCL_D)\testrsa.h + +EXHEADER=$(INC_D)\crypto.h \ + $(INC_D)\cryptall.h $(INC_D)\md2.h $(INC_D)\md5.h \ + $(INC_D)\sha.h $(INC_D)\mdc2.h $(INC_D)\des.h \ + $(INC_D)\rc4.h $(INC_D)\rc2.h $(INC_D)\idea.h \ + $(INC_D)\blowfish.h $(INC_D)\bn.h $(INC_D)\rsa.h \ + $(INC_D)\dsa.h $(INC_D)\dh.h $(INC_D)\buffer.h \ + $(INC_D)\bio.h $(INC_D)\stack.h $(INC_D)\lhash.h \ + $(INC_D)\rand.h $(INC_D)\err.h $(INC_D)\objects.h \ + $(INC_D)\evp.h $(INC_D)\pem.h $(INC_D)\asn1.h \ + $(INC_D)\asn1_mac.h $(INC_D)\x509.h $(INC_D)\x509_vfy.h \ + $(INC_D)\conf.h $(INC_D)\txt_db.h $(INC_D)\pkcs7.h \ + $(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \ + $(INC_D)\ssl23.h + +T_OBJ=$(OBJ_D)\md2test.obj \ + $(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \ + $(OBJ_D)\mdc2test.obj $(OBJ_D)\destest.obj $(OBJ_D)\rc4test.obj \ + $(OBJ_D)\rc2test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \ + $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj $(OBJ_D)\dsatest.obj \ + $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj $(OBJ_D)\ssltest.obj + +E_OBJ=$(OBJ_D)\verify.obj \ + $(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \ + $(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \ + $(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\gendsa.obj \ + $(OBJ_D)\pkcs7.obj $(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj \ + $(OBJ_D)\rsa.obj $(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj \ + $(OBJ_D)\x509.obj $(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj \ + $(OBJ_D)\s_client.obj $(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj \ + $(OBJ_D)\apps.obj $(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj \ + $(OBJ_D)\version.obj $(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj \ + $(OBJ_D)\ssleay.obj + +CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \ + $(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\md2_dgst.obj \ + $(OBJ_D)\md5_dgst.obj $(OBJ_D)\md2_one.obj $(OBJ_D)\md5_one.obj \ + $(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj \ + $(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj \ + $(OBJ_D)\set_key.obj $(OBJ_D)\ecb_enc.obj $(OBJ_D)\ede_enc.obj \ + $(OBJ_D)\cbc_enc.obj $(OBJ_D)\cbc3_enc.obj $(OBJ_D)\ecb3_enc.obj \ + $(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj $(OBJ_D)\cfb_enc.obj \ + $(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj $(OBJ_D)\enc_writ.obj \ + $(OBJ_D)\ncbc_enc.obj $(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj \ + $(OBJ_D)\str2key.obj $(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj \ + $(OBJ_D)\rand_key.obj $(DES_ENC_OBJ) $(OBJ_D)\read2pwd.obj \ + $(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj \ + $(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj \ + $(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc2_ecb.obj $(OBJ_D)\rc2_skey.obj \ + $(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj $(OBJ_D)\rc2ofb64.obj \ + $(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj \ + $(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj \ + $(OBJ_D)\bf_ecb.obj $(BF_ENC_OBJ) $(OBJ_D)\bf_cbc.obj \ + $(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj $(OBJ_D)\bn_add.obj \ + $(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj $(OBJ_D)\bn_lib.obj \ + $(OBJ_D)\bn_mod.obj $(OBJ_D)\bn_mul.obj $(OBJ_D)\bn_print.obj \ + $(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj $(OBJ_D)\bn_sub.obj \ + $(OBJ_D)\bn_word.obj $(OBJ_D)\bn_gcd.obj $(OBJ_D)\bn_prime.obj \ + $(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj $(BN_MULW_OBJ) \ + $(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj $(OBJ_D)\rsa_enc.obj \ + $(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj \ + $(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj $(OBJ_D)\dsa_gen.obj \ + $(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj \ + $(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj \ + $(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj \ + $(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj \ + $(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj \ + $(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj \ + $(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj \ + $(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj \ + $(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj \ + $(OBJ_D)\bf_nbio.obj $(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj \ + $(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj \ + $(OBJ_D)\err.obj $(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj \ + $(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj \ + $(OBJ_D)\encode.obj $(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj \ + $(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj \ + $(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj \ + $(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj \ + $(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj \ + $(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj \ + $(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj \ + $(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj \ + $(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj \ + $(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj $(OBJ_D)\m_md5.obj \ + $(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj $(OBJ_D)\m_dss.obj \ + $(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj $(OBJ_D)\p_open.obj \ + $(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj \ + $(OBJ_D)\p_lib.obj $(OBJ_D)\bio_md.obj $(OBJ_D)\bio_b64.obj \ + $(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj $(OBJ_D)\e_null.obj \ + $(OBJ_D)\c_all.obj $(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj \ + $(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj \ + $(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj \ + $(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj \ + $(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj \ + $(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj \ + $(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj \ + $(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj \ + $(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj \ + $(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj \ + $(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj \ + $(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj \ + $(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj \ + $(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj \ + $(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj \ + $(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj \ + $(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj \ + $(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj \ + $(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj \ + $(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj \ + $(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj \ + $(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj \ + $(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj \ + $(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj \ + $(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj $(OBJ_D)\x509_def.obj \ + $(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj $(OBJ_D)\x509_cmp.obj \ + $(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj $(OBJ_D)\x509_vfy.obj \ + $(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj $(OBJ_D)\x509_err.obj \ + $(OBJ_D)\x509name.obj $(OBJ_D)\x509_v3.obj $(OBJ_D)\x509_ext.obj \ + $(OBJ_D)\x509pack.obj $(OBJ_D)\x509type.obj $(OBJ_D)\x509_lu.obj \ + $(OBJ_D)\x_all.obj $(OBJ_D)\x509_txt.obj $(OBJ_D)\by_file.obj \ + $(OBJ_D)\by_dir.obj $(OBJ_D)\v3_net.obj $(OBJ_D)\v3_x509.obj \ + $(OBJ_D)\conf.obj $(OBJ_D)\conf_err.obj $(OBJ_D)\txt_db.obj \ + $(OBJ_D)\pk7_lib.obj $(OBJ_D)\pkcs7err.obj $(OBJ_D)\pk7_doit.obj + +SSLOBJ=$(OBJ_D)\s2_meth.obj \ + $(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \ + $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s2_enc.obj $(OBJ_D)\s3_meth.obj \ + $(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \ + $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_both.obj \ + $(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \ + $(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\ssl_lib.obj \ + $(OBJ_D)\ssl_err2.obj $(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj \ + $(OBJ_D)\ssl_ciph.obj $(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj \ + $(OBJ_D)\ssl_asn1.obj $(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj \ + $(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj + +RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \ + $(OBJ_D)\rsar_err.obj + +T_EXE=$(TEST_D)\md2test.exe \ + $(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \ + $(TEST_D)\mdc2test.exe $(TEST_D)\destest.exe $(TEST_D)\rc4test.exe \ + $(TEST_D)\rc2test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \ + $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe $(TEST_D)\dsatest.exe \ + $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe $(TEST_D)\ssltest.exe + +################################################################### +all: banner $(OUT_D) $(TMP_D) headers lib exe + +banner: + + +$(OUT_D): + $(MKDIR) $(OUT_D) + +$(TMP_D): + $(MKDIR) $(TMP_D) + +headers: $(HEADER) $(EXHEADER) + +lib: $(LIBS_DEP) + +exe: $(T_EXE) $(BIN_D)\$(E_EXE).exe + +install: + $(MKDIR) $(INSTALLTOP) + $(MKDIR) $(INSTALLTOP)\bin + $(MKDIR) $(INSTALLTOP)\include + $(MKDIR) $(INSTALLTOP)\lib + $(CP) $(INC_D)\*.h $(INSTALLTOP)\include + $(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin + $(CP) $(LIB_D)\$(O_SSL) $(INSTALLTOP)\lib + $(CP) $(LIB_D)\$(O_CRYPTO) $(INSTALLTOP)\lib + +clean: + $(RM) $(TMP_D)\*.* + +vclean: + $(RM) $(TMP_D)\*.* + $(RM) $(OUT_D)\*.* + +$(INCL_D)\e_os.h: $(SRC_D)\.\e_os.h + $(CP) $(SRC_D)\.\e_os.h $(INCL_D)\e_os.h + +$(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h + $(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h + +$(INCL_D)\date.h: $(SRC_D)\crypto\date.h + $(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h + +$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md\md5_locl.h + $(CP) $(SRC_D)\crypto\md\md5_locl.h $(INCL_D)\md5_locl.h + +$(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h + $(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h + +$(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h + $(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h + +$(INCL_D)\rpc_des.h: $(SRC_D)\crypto\des\rpc_des.h + $(CP) $(SRC_D)\crypto\des\rpc_des.h $(INCL_D)\rpc_des.h + +$(INCL_D)\podd.h: $(SRC_D)\crypto\des\podd.h + $(CP) $(SRC_D)\crypto\des\podd.h $(INCL_D)\podd.h + +$(INCL_D)\sk.h: $(SRC_D)\crypto\des\sk.h + $(CP) $(SRC_D)\crypto\des\sk.h $(INCL_D)\sk.h + +$(INCL_D)\spr.h: $(SRC_D)\crypto\des\spr.h + $(CP) $(SRC_D)\crypto\des\spr.h $(INCL_D)\spr.h + +$(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h + $(CP) $(SRC_D)\crypto\des\des_ver.h $(INCL_D)\des_ver.h + +$(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h + $(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h + +$(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h + $(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h + +$(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h + $(CP) $(SRC_D)\crypto\bf\bf_pi.h $(INCL_D)\bf_pi.h + +$(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h + $(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h + +$(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h + $(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h + +$(INCL_D)\bn_prime.h: $(SRC_D)\crypto\bn\bn_prime.h + $(CP) $(SRC_D)\crypto\bn\bn_prime.h $(INCL_D)\bn_prime.h + +$(INCL_D)\obj_dat.h: $(SRC_D)\crypto\objects\obj_dat.h + $(CP) $(SRC_D)\crypto\objects\obj_dat.h $(INCL_D)\obj_dat.h + +$(INCL_D)\conf_lcl.h: $(SRC_D)\crypto\conf\conf_lcl.h + $(CP) $(SRC_D)\crypto\conf\conf_lcl.h $(INCL_D)\conf_lcl.h + +$(INCL_D)\ssl_locl.h: $(SRC_D)\ssl\ssl_locl.h + $(CP) $(SRC_D)\ssl\ssl_locl.h $(INCL_D)\ssl_locl.h + +$(INCL_D)\rsaref.h: $(SRC_D)\rsaref\rsaref.h + $(CP) $(SRC_D)\rsaref\rsaref.h $(INCL_D)\rsaref.h + +$(INCL_D)\apps.h: $(SRC_D)\apps\apps.h + $(CP) $(SRC_D)\apps\apps.h $(INCL_D)\apps.h + +$(INCL_D)\progs.h: $(SRC_D)\apps\progs.h + $(CP) $(SRC_D)\apps\progs.h $(INCL_D)\progs.h + +$(INCL_D)\s_apps.h: $(SRC_D)\apps\s_apps.h + $(CP) $(SRC_D)\apps\s_apps.h $(INCL_D)\s_apps.h + +$(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h + $(CP) $(SRC_D)\apps\testdsa.h $(INCL_D)\testdsa.h + +$(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h + $(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h + +$(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h + $(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h + +$(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h + $(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h + +$(INC_D)\md2.h: $(SRC_D)\crypto\md\md2.h + $(CP) $(SRC_D)\crypto\md\md2.h $(INC_D)\md2.h + +$(INC_D)\md5.h: $(SRC_D)\crypto\md\md5.h + $(CP) $(SRC_D)\crypto\md\md5.h $(INC_D)\md5.h + +$(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h + $(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h + +$(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h + $(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h + +$(INC_D)\des.h: $(SRC_D)\crypto\des\des.h + $(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h + +$(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h + $(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h + +$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h + $(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h + +$(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h + $(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h + +$(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h + $(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h + +$(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h + $(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h + +$(INC_D)\rsa.h: $(SRC_D)\crypto\rsa\rsa.h + $(CP) $(SRC_D)\crypto\rsa\rsa.h $(INC_D)\rsa.h + +$(INC_D)\dsa.h: $(SRC_D)\crypto\dsa\dsa.h + $(CP) $(SRC_D)\crypto\dsa\dsa.h $(INC_D)\dsa.h + +$(INC_D)\dh.h: $(SRC_D)\crypto\dh\dh.h + $(CP) $(SRC_D)\crypto\dh\dh.h $(INC_D)\dh.h + +$(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h + $(CP) $(SRC_D)\crypto\buffer\buffer.h $(INC_D)\buffer.h + +$(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h + $(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h + +$(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h + $(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h + +$(INC_D)\lhash.h: $(SRC_D)\crypto\lhash\lhash.h + $(CP) $(SRC_D)\crypto\lhash\lhash.h $(INC_D)\lhash.h + +$(INC_D)\rand.h: $(SRC_D)\crypto\rand\rand.h + $(CP) $(SRC_D)\crypto\rand\rand.h $(INC_D)\rand.h + +$(INC_D)\err.h: $(SRC_D)\crypto\err\err.h + $(CP) $(SRC_D)\crypto\err\err.h $(INC_D)\err.h + +$(INC_D)\objects.h: $(SRC_D)\crypto\objects\objects.h + $(CP) $(SRC_D)\crypto\objects\objects.h $(INC_D)\objects.h + +$(INC_D)\evp.h: $(SRC_D)\crypto\evp\evp.h + $(CP) $(SRC_D)\crypto\evp\evp.h $(INC_D)\evp.h + +$(INC_D)\pem.h: $(SRC_D)\crypto\pem\pem.h + $(CP) $(SRC_D)\crypto\pem\pem.h $(INC_D)\pem.h + +$(INC_D)\asn1.h: $(SRC_D)\crypto\asn1\asn1.h + $(CP) $(SRC_D)\crypto\asn1\asn1.h $(INC_D)\asn1.h + +$(INC_D)\asn1_mac.h: $(SRC_D)\crypto\asn1\asn1_mac.h + $(CP) $(SRC_D)\crypto\asn1\asn1_mac.h $(INC_D)\asn1_mac.h + +$(INC_D)\x509.h: $(SRC_D)\crypto\x509\x509.h + $(CP) $(SRC_D)\crypto\x509\x509.h $(INC_D)\x509.h + +$(INC_D)\x509_vfy.h: $(SRC_D)\crypto\x509\x509_vfy.h + $(CP) $(SRC_D)\crypto\x509\x509_vfy.h $(INC_D)\x509_vfy.h + +$(INC_D)\conf.h: $(SRC_D)\crypto\conf\conf.h + $(CP) $(SRC_D)\crypto\conf\conf.h $(INC_D)\conf.h + +$(INC_D)\txt_db.h: $(SRC_D)\crypto\txt_db\txt_db.h + $(CP) $(SRC_D)\crypto\txt_db\txt_db.h $(INC_D)\txt_db.h + +$(INC_D)\pkcs7.h: $(SRC_D)\crypto\pkcs7\pkcs7.h + $(CP) $(SRC_D)\crypto\pkcs7\pkcs7.h $(INC_D)\pkcs7.h + +$(INC_D)\ssl.h: $(SRC_D)\ssl\ssl.h + $(CP) $(SRC_D)\ssl\ssl.h $(INC_D)\ssl.h + +$(INC_D)\ssl2.h: $(SRC_D)\ssl\ssl2.h + $(CP) $(SRC_D)\ssl\ssl2.h $(INC_D)\ssl2.h + +$(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h + $(CP) $(SRC_D)\ssl\ssl3.h $(INC_D)\ssl3.h + +$(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h + $(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h + +$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md\md2test.c + $(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md2test.c + +$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md\md5test.c + $(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md5test.c + +$(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c + $(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c + +$(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c + $(CC) /Fo$(OBJ_D)\sha1test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\sha1test.c + +$(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c + $(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c + +$(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c + $(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c + +$(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c + $(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c + +$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c + $(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c + +$(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c + $(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c + +$(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c + $(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c + +$(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c + $(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c + +$(OBJ_D)\exptest.obj: $(SRC_D)\crypto\bn\exptest.c + $(CC) /Fo$(OBJ_D)\exptest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\exptest.c + +$(OBJ_D)\dsatest.obj: $(SRC_D)\crypto\dsa\dsatest.c + $(CC) /Fo$(OBJ_D)\dsatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dsa\dsatest.c + +$(OBJ_D)\dhtest.obj: $(SRC_D)\crypto\dh\dhtest.c + $(CC) /Fo$(OBJ_D)\dhtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dh\dhtest.c + +$(OBJ_D)\randtest.obj: $(SRC_D)\crypto\rand\randtest.c + $(CC) /Fo$(OBJ_D)\randtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rand\randtest.c + +$(OBJ_D)\ssltest.obj: $(SRC_D)\ssl\ssltest.c + $(CC) /Fo$(OBJ_D)\ssltest.obj $(APP_CFLAGS) -c $(SRC_D)\ssl\ssltest.c + +$(OBJ_D)\verify.obj: $(SRC_D)\apps\verify.c + $(CC) /Fo$(OBJ_D)\verify.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\verify.c + +$(OBJ_D)\asn1pars.obj: $(SRC_D)\apps\asn1pars.c + $(CC) /Fo$(OBJ_D)\asn1pars.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\asn1pars.c + +$(OBJ_D)\req.obj: $(SRC_D)\apps\req.c + $(CC) /Fo$(OBJ_D)\req.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\req.c + +$(OBJ_D)\dgst.obj: $(SRC_D)\apps\dgst.c + $(CC) /Fo$(OBJ_D)\dgst.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dgst.c + +$(OBJ_D)\dh.obj: $(SRC_D)\apps\dh.c + $(CC) /Fo$(OBJ_D)\dh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dh.c + +$(OBJ_D)\enc.obj: $(SRC_D)\apps\enc.c + $(CC) /Fo$(OBJ_D)\enc.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\enc.c + +$(OBJ_D)\gendh.obj: $(SRC_D)\apps\gendh.c + $(CC) /Fo$(OBJ_D)\gendh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendh.c + +$(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c + $(CC) /Fo$(OBJ_D)\errstr.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\errstr.c + +$(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c + $(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c + +$(OBJ_D)\gendsa.obj: $(SRC_D)\apps\gendsa.c + $(CC) /Fo$(OBJ_D)\gendsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendsa.c + +$(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c + $(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c + +$(OBJ_D)\crl2p7.obj: $(SRC_D)\apps\crl2p7.c + $(CC) /Fo$(OBJ_D)\crl2p7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl2p7.c + +$(OBJ_D)\crl.obj: $(SRC_D)\apps\crl.c + $(CC) /Fo$(OBJ_D)\crl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl.c + +$(OBJ_D)\rsa.obj: $(SRC_D)\apps\rsa.c + $(CC) /Fo$(OBJ_D)\rsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\rsa.c + +$(OBJ_D)\dsa.obj: $(SRC_D)\apps\dsa.c + $(CC) /Fo$(OBJ_D)\dsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsa.c + +$(OBJ_D)\dsaparam.obj: $(SRC_D)\apps\dsaparam.c + $(CC) /Fo$(OBJ_D)\dsaparam.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsaparam.c + +$(OBJ_D)\x509.obj: $(SRC_D)\apps\x509.c + $(CC) /Fo$(OBJ_D)\x509.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\x509.c + +$(OBJ_D)\genrsa.obj: $(SRC_D)\apps\genrsa.c + $(CC) /Fo$(OBJ_D)\genrsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\genrsa.c + +$(OBJ_D)\s_server.obj: $(SRC_D)\apps\s_server.c + $(CC) /Fo$(OBJ_D)\s_server.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_server.c + +$(OBJ_D)\s_client.obj: $(SRC_D)\apps\s_client.c + $(CC) /Fo$(OBJ_D)\s_client.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_client.c + +$(OBJ_D)\speed.obj: $(SRC_D)\apps\speed.c + $(CC) /Fo$(OBJ_D)\speed.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\speed.c + +$(OBJ_D)\s_time.obj: $(SRC_D)\apps\s_time.c + $(CC) /Fo$(OBJ_D)\s_time.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_time.c + +$(OBJ_D)\apps.obj: $(SRC_D)\apps\apps.c + $(CC) /Fo$(OBJ_D)\apps.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\apps.c + +$(OBJ_D)\s_cb.obj: $(SRC_D)\apps\s_cb.c + $(CC) /Fo$(OBJ_D)\s_cb.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_cb.c + +$(OBJ_D)\s_socket.obj: $(SRC_D)\apps\s_socket.c + $(CC) /Fo$(OBJ_D)\s_socket.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_socket.c + +$(OBJ_D)\version.obj: $(SRC_D)\apps\version.c + $(CC) /Fo$(OBJ_D)\version.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\version.c + +$(OBJ_D)\sess_id.obj: $(SRC_D)\apps\sess_id.c + $(CC) /Fo$(OBJ_D)\sess_id.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\sess_id.c + +$(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c + $(CC) /Fo$(OBJ_D)\ciphers.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ciphers.c + +$(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c + $(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c + +crypto\bn\asm\x86nt32.obj: crypto\bn\asm\x86nt32.asm + $(ASM) /Focrypto\bn\asm\x86nt32.obj $(SRC_D)\crypto\bn\asm\x86nt32.asm + +crypto\des\asm\d-win32.obj: crypto\des\asm\d-win32.asm + $(ASM) /Focrypto\des\asm\d-win32.obj $(SRC_D)\crypto\des\asm\d-win32.asm + +crypto\des\asm\c-win32.obj: crypto\des\asm\c-win32.asm + $(ASM) /Focrypto\des\asm\c-win32.obj $(SRC_D)\crypto\des\asm\c-win32.asm + +crypto\bf\asm\b-win32.obj: crypto\bf\asm\b-win32.asm + $(ASM) /Focrypto\bf\asm\b-win32.obj $(SRC_D)\crypto\bf\asm\b-win32.asm + +$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c + $(CC) /Fo$(OBJ_D)\cryptlib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c + +$(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c + $(CC) /Fo$(OBJ_D)\mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mem.c + +$(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c + $(CC) /Fo$(OBJ_D)\cversion.obj $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c + +$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md\md2_dgst.c + $(CC) /Fo$(OBJ_D)\md2_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_dgst.c + +$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md\md5_dgst.c + $(CC) /Fo$(OBJ_D)\md5_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_dgst.c + +$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md\md2_one.c + $(CC) /Fo$(OBJ_D)\md2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_one.c + +$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md\md5_one.c + $(CC) /Fo$(OBJ_D)\md5_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_one.c + +$(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c + $(CC) /Fo$(OBJ_D)\sha_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c + +$(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c + $(CC) /Fo$(OBJ_D)\sha1dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c + +$(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c + $(CC) /Fo$(OBJ_D)\sha_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c + +$(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c + $(CC) /Fo$(OBJ_D)\sha1_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c + +$(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c + $(CC) /Fo$(OBJ_D)\mdc2dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c + +$(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c + $(CC) /Fo$(OBJ_D)\mdc2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c + +$(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c + $(CC) /Fo$(OBJ_D)\set_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c + +$(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c + $(CC) /Fo$(OBJ_D)\ecb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c + +$(OBJ_D)\ede_enc.obj: $(SRC_D)\crypto\des\ede_enc.c + $(CC) /Fo$(OBJ_D)\ede_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ede_enc.c + +$(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c + $(CC) /Fo$(OBJ_D)\cbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c + +$(OBJ_D)\cbc3_enc.obj: $(SRC_D)\crypto\des\cbc3_enc.c + $(CC) /Fo$(OBJ_D)\cbc3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc3_enc.c + +$(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c + $(CC) /Fo$(OBJ_D)\ecb3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c + +$(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c + $(CC) /Fo$(OBJ_D)\cfb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c + +$(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c + $(CC) /Fo$(OBJ_D)\cfb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c + +$(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c + $(CC) /Fo$(OBJ_D)\cfb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c + +$(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c + $(CC) /Fo$(OBJ_D)\ofb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c + +$(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c + $(CC) /Fo$(OBJ_D)\enc_read.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c + +$(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c + $(CC) /Fo$(OBJ_D)\enc_writ.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c + +$(OBJ_D)\ncbc_enc.obj: $(SRC_D)\crypto\des\ncbc_enc.c + $(CC) /Fo$(OBJ_D)\ncbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ncbc_enc.c + +$(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c + $(CC) /Fo$(OBJ_D)\ofb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c + +$(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c + $(CC) /Fo$(OBJ_D)\ofb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c + +$(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c + $(CC) /Fo$(OBJ_D)\str2key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c + +$(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c + $(CC) /Fo$(OBJ_D)\pcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c + +$(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c + $(CC) /Fo$(OBJ_D)\qud_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c + +$(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c + $(CC) /Fo$(OBJ_D)\rand_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c + +$(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c + $(CC) /Fo$(OBJ_D)\des_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c + +$(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c + $(CC) /Fo$(OBJ_D)\fcrypt_b.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c + +$(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c + $(CC) /Fo$(OBJ_D)\read2pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c + +$(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c + $(CC) /Fo$(OBJ_D)\fcrypt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c + +$(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c + $(CC) /Fo$(OBJ_D)\xcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c + +$(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c + $(CC) /Fo$(OBJ_D)\read_pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c + +$(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c + $(CC) /Fo$(OBJ_D)\rpc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c + +$(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c + $(CC) /Fo$(OBJ_D)\cbc_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c + +$(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c + $(CC) /Fo$(OBJ_D)\supp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c + +$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c + $(CC) /Fo$(OBJ_D)\rc4_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c + +$(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c + $(CC) /Fo$(OBJ_D)\rc2_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c + +$(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c + $(CC) /Fo$(OBJ_D)\rc2_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c + +$(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c + $(CC) /Fo$(OBJ_D)\rc2_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c + +$(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c + $(CC) /Fo$(OBJ_D)\rc2cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c + +$(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c + $(CC) /Fo$(OBJ_D)\rc2ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c + +$(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c + $(CC) /Fo$(OBJ_D)\i_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c + +$(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c + $(CC) /Fo$(OBJ_D)\i_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c + +$(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c + $(CC) /Fo$(OBJ_D)\i_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c + +$(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c + $(CC) /Fo$(OBJ_D)\i_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c + +$(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c + $(CC) /Fo$(OBJ_D)\i_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c + +$(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c + $(CC) /Fo$(OBJ_D)\bf_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c + +$(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c + $(CC) /Fo$(OBJ_D)\bf_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c + +$(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c + $(CC) /Fo$(OBJ_D)\bf_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c + +$(OBJ_D)\bf_cbc.obj: $(SRC_D)\crypto\bf\bf_cbc.c + $(CC) /Fo$(OBJ_D)\bf_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cbc.c + +$(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c + $(CC) /Fo$(OBJ_D)\bf_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c + +$(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c + $(CC) /Fo$(OBJ_D)\bf_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c + +$(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c + $(CC) /Fo$(OBJ_D)\bn_add.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c + +$(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c + $(CC) /Fo$(OBJ_D)\bn_div.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c + +$(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c + $(CC) /Fo$(OBJ_D)\bn_exp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c + +$(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c + $(CC) /Fo$(OBJ_D)\bn_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c + +$(OBJ_D)\bn_mod.obj: $(SRC_D)\crypto\bn\bn_mod.c + $(CC) /Fo$(OBJ_D)\bn_mod.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c + +$(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c + $(CC) /Fo$(OBJ_D)\bn_mul.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c + +$(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c + $(CC) /Fo$(OBJ_D)\bn_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c + +$(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c + $(CC) /Fo$(OBJ_D)\bn_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c + +$(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c + $(CC) /Fo$(OBJ_D)\bn_shift.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c + +$(OBJ_D)\bn_sub.obj: $(SRC_D)\crypto\bn\bn_sub.c + $(CC) /Fo$(OBJ_D)\bn_sub.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c + +$(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c + $(CC) /Fo$(OBJ_D)\bn_word.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c + +$(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c + $(CC) /Fo$(OBJ_D)\bn_gcd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c + +$(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c + $(CC) /Fo$(OBJ_D)\bn_prime.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c + +$(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c + $(CC) /Fo$(OBJ_D)\bn_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c + +$(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c + $(CC) /Fo$(OBJ_D)\bn_sqr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c + +$(OBJ_D)\bn_mulw.obj: $(SRC_D)\crypto\bn\bn_mulw.c + $(CC) /Fo$(OBJ_D)\bn_mulw.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c + +$(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c + $(CC) /Fo$(OBJ_D)\bn_recp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c + +$(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c + $(CC) /Fo$(OBJ_D)\bn_mont.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c + +$(OBJ_D)\rsa_enc.obj: $(SRC_D)\crypto\rsa\rsa_enc.c + $(CC) /Fo$(OBJ_D)\rsa_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_enc.c + +$(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c + $(CC) /Fo$(OBJ_D)\rsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c + +$(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c + $(CC) /Fo$(OBJ_D)\rsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c + +$(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c + $(CC) /Fo$(OBJ_D)\rsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c + +$(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c + $(CC) /Fo$(OBJ_D)\rsa_saos.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c + +$(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c + $(CC) /Fo$(OBJ_D)\rsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c + +$(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c + $(CC) /Fo$(OBJ_D)\dsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c + +$(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c + $(CC) /Fo$(OBJ_D)\dsa_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c + +$(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c + $(CC) /Fo$(OBJ_D)\dsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c + +$(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c + $(CC) /Fo$(OBJ_D)\dsa_vrf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c + +$(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c + $(CC) /Fo$(OBJ_D)\dsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c + +$(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c + $(CC) /Fo$(OBJ_D)\dsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c + +$(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c + $(CC) /Fo$(OBJ_D)\dh_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c + +$(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c + $(CC) /Fo$(OBJ_D)\dh_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c + +$(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c + $(CC) /Fo$(OBJ_D)\dh_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c + +$(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c + $(CC) /Fo$(OBJ_D)\dh_check.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c + +$(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c + $(CC) /Fo$(OBJ_D)\dh_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c + +$(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c + $(CC) /Fo$(OBJ_D)\buffer.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c + +$(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c + $(CC) /Fo$(OBJ_D)\buf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c + +$(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c + $(CC) /Fo$(OBJ_D)\bio_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c + +$(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c + $(CC) /Fo$(OBJ_D)\bio_cb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c + +$(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c + $(CC) /Fo$(OBJ_D)\bio_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c + +$(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c + $(CC) /Fo$(OBJ_D)\bss_mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c + +$(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c + $(CC) /Fo$(OBJ_D)\bss_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c + +$(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c + $(CC) /Fo$(OBJ_D)\bss_fd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c + +$(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c + $(CC) /Fo$(OBJ_D)\bss_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c + +$(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c + $(CC) /Fo$(OBJ_D)\bss_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c + +$(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c + $(CC) /Fo$(OBJ_D)\bss_conn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c + +$(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c + $(CC) /Fo$(OBJ_D)\bf_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c + +$(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c + $(CC) /Fo$(OBJ_D)\bf_buff.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c + +$(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c + $(CC) /Fo$(OBJ_D)\b_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c + +$(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c + $(CC) /Fo$(OBJ_D)\b_dump.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c + +$(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c + $(CC) /Fo$(OBJ_D)\b_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c + +$(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c + $(CC) /Fo$(OBJ_D)\bss_acpt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c + +$(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c + $(CC) /Fo$(OBJ_D)\bf_nbio.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c + +$(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c + $(CC) /Fo$(OBJ_D)\stack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c + +$(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c + $(CC) /Fo$(OBJ_D)\lhash.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c + +$(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c + $(CC) /Fo$(OBJ_D)\lh_stats.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c + +$(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c + $(CC) /Fo$(OBJ_D)\md_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c + +$(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c + $(CC) /Fo$(OBJ_D)\randfile.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c + +$(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c + $(CC) /Fo$(OBJ_D)\err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c + +$(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c + $(CC) /Fo$(OBJ_D)\err_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c + +$(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c + $(CC) /Fo$(OBJ_D)\err_prn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c + +$(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c + $(CC) /Fo$(OBJ_D)\obj_dat.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c + +$(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c + $(CC) /Fo$(OBJ_D)\obj_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c + +$(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c + $(CC) /Fo$(OBJ_D)\obj_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c + +$(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c + $(CC) /Fo$(OBJ_D)\encode.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c + +$(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c + $(CC) /Fo$(OBJ_D)\digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c + +$(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c + $(CC) /Fo$(OBJ_D)\evp_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c + +$(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c + $(CC) /Fo$(OBJ_D)\evp_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c + +$(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c + $(CC) /Fo$(OBJ_D)\e_ecb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c + +$(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c + $(CC) /Fo$(OBJ_D)\e_cbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c + +$(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c + $(CC) /Fo$(OBJ_D)\e_cfb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c + +$(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c + $(CC) /Fo$(OBJ_D)\e_ofb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c + +$(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c + $(CC) /Fo$(OBJ_D)\e_ecb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c + +$(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c + $(CC) /Fo$(OBJ_D)\e_cbc_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c + +$(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c + $(CC) /Fo$(OBJ_D)\e_cfb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c + +$(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c + $(CC) /Fo$(OBJ_D)\e_ofb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c + +$(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c + $(CC) /Fo$(OBJ_D)\e_ecb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c + +$(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c + $(CC) /Fo$(OBJ_D)\e_cbc_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c + +$(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c + $(CC) /Fo$(OBJ_D)\e_rc4.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c + +$(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c + $(CC) /Fo$(OBJ_D)\names.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c + +$(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c + $(CC) /Fo$(OBJ_D)\e_cfb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c + +$(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c + $(CC) /Fo$(OBJ_D)\e_ofb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c + +$(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c + $(CC) /Fo$(OBJ_D)\e_xcbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c + +$(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c + $(CC) /Fo$(OBJ_D)\e_ecb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c + +$(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c + $(CC) /Fo$(OBJ_D)\e_cbc_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c + +$(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c + $(CC) /Fo$(OBJ_D)\e_cfb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c + +$(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c + $(CC) /Fo$(OBJ_D)\e_ofb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c + +$(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c + $(CC) /Fo$(OBJ_D)\e_ecb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c + +$(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c + $(CC) /Fo$(OBJ_D)\e_cbc_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c + +$(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c + $(CC) /Fo$(OBJ_D)\e_cfb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c + +$(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c + $(CC) /Fo$(OBJ_D)\e_ofb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c + +$(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c + $(CC) /Fo$(OBJ_D)\m_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c + +$(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c + $(CC) /Fo$(OBJ_D)\m_md2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c + +$(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c + $(CC) /Fo$(OBJ_D)\m_md5.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c + +$(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c + $(CC) /Fo$(OBJ_D)\m_sha.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c + +$(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c + $(CC) /Fo$(OBJ_D)\m_sha1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c + +$(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c + $(CC) /Fo$(OBJ_D)\m_dss.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c + +$(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c + $(CC) /Fo$(OBJ_D)\m_dss1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c + +$(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c + $(CC) /Fo$(OBJ_D)\m_mdc2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c + +$(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c + $(CC) /Fo$(OBJ_D)\p_open.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c + +$(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c + $(CC) /Fo$(OBJ_D)\p_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c + +$(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c + $(CC) /Fo$(OBJ_D)\p_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c + +$(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c + $(CC) /Fo$(OBJ_D)\p_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c + +$(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c + $(CC) /Fo$(OBJ_D)\p_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c + +$(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c + $(CC) /Fo$(OBJ_D)\bio_md.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c + +$(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c + $(CC) /Fo$(OBJ_D)\bio_b64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c + +$(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c + $(CC) /Fo$(OBJ_D)\bio_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c + +$(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c + $(CC) /Fo$(OBJ_D)\evp_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c + +$(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c + $(CC) /Fo$(OBJ_D)\e_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c + +$(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c + $(CC) /Fo$(OBJ_D)\c_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c + +$(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c + $(CC) /Fo$(OBJ_D)\pem_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c + +$(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c + $(CC) /Fo$(OBJ_D)\pem_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c + +$(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c + $(CC) /Fo$(OBJ_D)\pem_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c + +$(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c + $(CC) /Fo$(OBJ_D)\pem_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c + +$(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c + $(CC) /Fo$(OBJ_D)\pem_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c + +$(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c + $(CC) /Fo$(OBJ_D)\pem_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c + +$(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c + $(CC) /Fo$(OBJ_D)\a_object.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c + +$(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c + $(CC) /Fo$(OBJ_D)\a_bitstr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c + +$(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c + $(CC) /Fo$(OBJ_D)\a_utctm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c + +$(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c + $(CC) /Fo$(OBJ_D)\a_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c + +$(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c + $(CC) /Fo$(OBJ_D)\a_octet.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c + +$(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c + $(CC) /Fo$(OBJ_D)\a_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c + +$(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c + $(CC) /Fo$(OBJ_D)\a_type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c + +$(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c + $(CC) /Fo$(OBJ_D)\a_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c + +$(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c + $(CC) /Fo$(OBJ_D)\a_dup.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c + +$(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c + $(CC) /Fo$(OBJ_D)\a_d2i_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c + +$(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c + $(CC) /Fo$(OBJ_D)\a_i2d_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c + +$(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c + $(CC) /Fo$(OBJ_D)\a_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c + +$(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c + $(CC) /Fo$(OBJ_D)\a_digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c + +$(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c + $(CC) /Fo$(OBJ_D)\a_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c + +$(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c + $(CC) /Fo$(OBJ_D)\x_algor.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c + +$(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c + $(CC) /Fo$(OBJ_D)\x_val.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c + +$(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c + $(CC) /Fo$(OBJ_D)\x_pubkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c + +$(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c + $(CC) /Fo$(OBJ_D)\x_sig.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c + +$(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c + $(CC) /Fo$(OBJ_D)\x_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c + +$(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c + $(CC) /Fo$(OBJ_D)\x_attrib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c + +$(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c + $(CC) /Fo$(OBJ_D)\x_name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c + +$(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c + $(CC) /Fo$(OBJ_D)\x_cinf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c + +$(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c + $(CC) /Fo$(OBJ_D)\x_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c + +$(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c + $(CC) /Fo$(OBJ_D)\x_crl.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c + +$(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c + $(CC) /Fo$(OBJ_D)\x_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c + +$(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c + $(CC) /Fo$(OBJ_D)\x_spki.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c + +$(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c + $(CC) /Fo$(OBJ_D)\d2i_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c + +$(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c + $(CC) /Fo$(OBJ_D)\i2d_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c + +$(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c + $(CC) /Fo$(OBJ_D)\d2i_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c + +$(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c + $(CC) /Fo$(OBJ_D)\i2d_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c + +$(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c + $(CC) /Fo$(OBJ_D)\d2i_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c + +$(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c + $(CC) /Fo$(OBJ_D)\i2d_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c + +$(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c + $(CC) /Fo$(OBJ_D)\d2i_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c + +$(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c + $(CC) /Fo$(OBJ_D)\i2d_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c + +$(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c + $(CC) /Fo$(OBJ_D)\d2i_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c + +$(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c + $(CC) /Fo$(OBJ_D)\d2i_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c + +$(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c + $(CC) /Fo$(OBJ_D)\i2d_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c + +$(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c + $(CC) /Fo$(OBJ_D)\i2d_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c + +$(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c + $(CC) /Fo$(OBJ_D)\t_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c + +$(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c + $(CC) /Fo$(OBJ_D)\t_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c + +$(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c + $(CC) /Fo$(OBJ_D)\t_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c + +$(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c + $(CC) /Fo$(OBJ_D)\p7_i_s.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c + +$(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c + $(CC) /Fo$(OBJ_D)\p7_signi.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c + +$(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c + $(CC) /Fo$(OBJ_D)\p7_signd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c + +$(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c + $(CC) /Fo$(OBJ_D)\p7_recip.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c + +$(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c + $(CC) /Fo$(OBJ_D)\p7_enc_c.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c + +$(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c + $(CC) /Fo$(OBJ_D)\p7_evp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c + +$(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c + $(CC) /Fo$(OBJ_D)\p7_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c + +$(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c + $(CC) /Fo$(OBJ_D)\p7_s_e.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c + +$(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c + $(CC) /Fo$(OBJ_D)\p7_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c + +$(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c + $(CC) /Fo$(OBJ_D)\p7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c + +$(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c + $(CC) /Fo$(OBJ_D)\f_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c + +$(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c + $(CC) /Fo$(OBJ_D)\f_string.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c + +$(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c + $(CC) /Fo$(OBJ_D)\i2d_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c + +$(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c + $(CC) /Fo$(OBJ_D)\i2d_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c + +$(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c + $(CC) /Fo$(OBJ_D)\d2i_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c + +$(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c + $(CC) /Fo$(OBJ_D)\d2i_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c + +$(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c + $(CC) /Fo$(OBJ_D)\n_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c + +$(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c + $(CC) /Fo$(OBJ_D)\a_hdr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c + +$(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c + $(CC) /Fo$(OBJ_D)\x_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c + +$(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c + $(CC) /Fo$(OBJ_D)\a_bool.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c + +$(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c + $(CC) /Fo$(OBJ_D)\x_exten.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c + +$(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c + $(CC) /Fo$(OBJ_D)\asn1_par.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c + +$(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c + $(CC) /Fo$(OBJ_D)\asn1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c + +$(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c + $(CC) /Fo$(OBJ_D)\asn1_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c + +$(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c + $(CC) /Fo$(OBJ_D)\a_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c + +$(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c + $(CC) /Fo$(OBJ_D)\a_bytes.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c + +$(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c + $(CC) /Fo$(OBJ_D)\x509_def.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c + +$(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c + $(CC) /Fo$(OBJ_D)\x509_d2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c + +$(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c + $(CC) /Fo$(OBJ_D)\x509_r2x.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c + +$(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c + $(CC) /Fo$(OBJ_D)\x509_cmp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c + +$(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c + $(CC) /Fo$(OBJ_D)\x509_obj.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c + +$(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c + $(CC) /Fo$(OBJ_D)\x509_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c + +$(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c + $(CC) /Fo$(OBJ_D)\x509_vfy.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c + +$(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c + $(CC) /Fo$(OBJ_D)\x509_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c + +$(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c + $(CC) /Fo$(OBJ_D)\x509rset.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c + +$(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c + $(CC) /Fo$(OBJ_D)\x509_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c + +$(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c + $(CC) /Fo$(OBJ_D)\x509name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c + +$(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c + $(CC) /Fo$(OBJ_D)\x509_v3.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c + +$(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c + $(CC) /Fo$(OBJ_D)\x509_ext.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c + +$(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c + $(CC) /Fo$(OBJ_D)\x509pack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c + +$(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c + $(CC) /Fo$(OBJ_D)\x509type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c + +$(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c + $(CC) /Fo$(OBJ_D)\x509_lu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c + +$(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c + $(CC) /Fo$(OBJ_D)\x_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c + +$(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c + $(CC) /Fo$(OBJ_D)\x509_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c + +$(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c + $(CC) /Fo$(OBJ_D)\by_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c + +$(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c + $(CC) /Fo$(OBJ_D)\by_dir.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c + +$(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c + $(CC) /Fo$(OBJ_D)\v3_net.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c + +$(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c + $(CC) /Fo$(OBJ_D)\v3_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c + +$(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c + $(CC) /Fo$(OBJ_D)\conf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c + +$(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c + $(CC) /Fo$(OBJ_D)\conf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c + +$(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c + $(CC) /Fo$(OBJ_D)\txt_db.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c + +$(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c + $(CC) /Fo$(OBJ_D)\pk7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c + +$(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c + $(CC) /Fo$(OBJ_D)\pkcs7err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c + +$(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c + $(CC) /Fo$(OBJ_D)\pk7_doit.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c + +$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c + $(CC) /Fo$(OBJ_D)\s2_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c + +$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c + $(CC) /Fo$(OBJ_D)\s2_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c + +$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c + $(CC) /Fo$(OBJ_D)\s2_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c + +$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c + $(CC) /Fo$(OBJ_D)\s2_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c + +$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c + $(CC) /Fo$(OBJ_D)\s2_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c + +$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c + $(CC) /Fo$(OBJ_D)\s2_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c + +$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c + $(CC) /Fo$(OBJ_D)\s3_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c + +$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c + $(CC) /Fo$(OBJ_D)\s3_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c + +$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c + $(CC) /Fo$(OBJ_D)\s3_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c + +$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c + $(CC) /Fo$(OBJ_D)\s3_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c + +$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c + $(CC) /Fo$(OBJ_D)\s3_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c + +$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c + $(CC) /Fo$(OBJ_D)\s3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c + +$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c + $(CC) /Fo$(OBJ_D)\s3_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c + +$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c + $(CC) /Fo$(OBJ_D)\s23_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c + +$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c + $(CC) /Fo$(OBJ_D)\s23_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c + +$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c + $(CC) /Fo$(OBJ_D)\s23_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c + +$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c + $(CC) /Fo$(OBJ_D)\s23_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c + +$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c + $(CC) /Fo$(OBJ_D)\s23_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c + +$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c + $(CC) /Fo$(OBJ_D)\ssl_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c + +$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c + $(CC) /Fo$(OBJ_D)\ssl_err2.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c + +$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c + $(CC) /Fo$(OBJ_D)\ssl_cert.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c + +$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c + $(CC) /Fo$(OBJ_D)\ssl_sess.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c + +$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c + $(CC) /Fo$(OBJ_D)\ssl_ciph.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c + +$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c + $(CC) /Fo$(OBJ_D)\ssl_stat.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c + +$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c + $(CC) /Fo$(OBJ_D)\ssl_rsa.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c + +$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c + $(CC) /Fo$(OBJ_D)\ssl_asn1.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c + +$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c + $(CC) /Fo$(OBJ_D)\ssl_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c + +$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c + $(CC) /Fo$(OBJ_D)\ssl_algs.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c + +$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c + $(CC) /Fo$(OBJ_D)\bio_ssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c + +$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c + $(CC) /Fo$(OBJ_D)\ssl_err.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c + +$(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c + $(CC) /Fo$(OBJ_D)\rsaref.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c + +$(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c + $(CC) /Fo$(OBJ_D)\rsar_err.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c + +$(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\md2test.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\md2test.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\md5test.exe: $(OBJ_D)\md5test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\md5test.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\md5test.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\shatest.exe: $(OBJ_D)\shatest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\shatest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\shatest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\sha1test.exe: $(OBJ_D)\sha1test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\sha1test.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\sha1test.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\mdc2test.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\destest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\destest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\rc4test.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\rc2test.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\ideatest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\ideatest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\bftest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\bftest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\bntest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\bntest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\exptest.exe: $(OBJ_D)\exptest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\exptest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\exptest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\dsatest.exe: $(OBJ_D)\dsatest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\dsatest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\dsatest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\dhtest.exe: $(OBJ_D)\dhtest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\dhtest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\dhtest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\randtest.exe: $(OBJ_D)\randtest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\randtest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\randtest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(TEST_D)\ssltest.exe: $(OBJ_D)\ssltest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(TEST_D)\ssltest.exe @<< + $(APP_EX_OBJ) $(OBJ_D)\ssltest.obj $(L_LIBS) $(EX_LIBS) +<< + +$(O_SSL): $(SSLOBJ) + $(LINK) $(MLFLAGS) /out:$(O_SSL) /def:ms/SSLEAY32.def @<< + $(SHLIB_EX_OBJ) $(SSLOBJ) $(L_CRYPTO) wsock32.lib gdi32.lib +<< + +$(O_RSAGLUE): $(RSAGLUEOBJ) + $(MKLIB) /out:$(O_RSAGLUE) @<< + $(RSAGLUEOBJ) +<< + +$(O_CRYPTO): $(CRYPTOOBJ) + $(LINK) $(MLFLAGS) /out:$(O_CRYPTO) /def:ms/LIBEAY32.def @<< + $(SHLIB_EX_OBJ) $(CRYPTOOBJ) wsock32.lib gdi32.lib +<< + +$(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP) + $(LINK) $(LFLAGS) /out:$(BIN_D)\$(E_EXE).exe @<< + $(APP_EX_OBJ) $(E_OBJ) $(L_LIBS) $(EX_LIBS) +<< + diff --git a/ms/req2CA.ss b/ms/req2CA.ss new file mode 100644 index 0000000000000000000000000000000000000000..de8862fe7973fc55615e6f1bd2da621c3211ed88 --- /dev/null +++ b/ms/req2CA.ss @@ -0,0 +1,29 @@ +Certificate Request: + Data: + Version: 0 (0x0) + Subject: C=AU, O=Dodgy Brothers, CN=Dodgy CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:dd:d5:38:92:02:bf:31:59:eb:ed:0d:e9:f8:d9: + 79:cb:54:d1:5c:f9:39:2f:d7:4d:38:9d:01:a0:28: + ca:0b:6c:0b:5d:2c:f0:72:3e:5c:57:1d:97:e5:68: + 88:78:30:c7:d8:3b:7b:01:b0:ef:b4:68:41:2d:53: + a2:ab:42:ee:bb + Exponent: 65537 (0x10001) + Attributes: + a0:00 + Signature Algorithm: md5WithRSAEncryption + 7f:77:9e:b5:10:13:39:99:e5:fd:e1:33:54:05:19:b0:89:b8: + 2b:21:29:ea:f4:fd:ca:da:62:a7:8a:da:4b:33:91:27:9e:3e: + f4:95:46:77:57:8d:dd:fe:83:fe:24:b3:e8:27:65:94:65:d3: + c8:44:84:b0:ea:41:35:bb:e7:87 +-----BEGIN CERTIFICATE REQUEST----- +MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy +czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA3dU4 +kgK/MVnr7Q3p+Nl5y1TRXPk5L9dNOJ0BoCjKC2wLXSzwcj5cVx2X5WiIeDDH2Dt7 +AbDvtGhBLVOiq0LuuwIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQB/d561EBM5meX9 +4TNUBRmwibgrISnq9P3K2mKnitpLM5Ennj70lUZ3V43d/oP+JLPoJ2WUZdPIRISw +6kE1u+eH +-----END CERTIFICATE REQUEST----- diff --git a/ms/reqCA.ss b/ms/reqCA.ss new file mode 100644 index 0000000000000000000000000000000000000000..fa16d45c5df9bc67f2137cf4a68aa13d44a3d47e --- /dev/null +++ b/ms/reqCA.ss @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy +czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA3dU4 +kgK/MVnr7Q3p+Nl5y1TRXPk5L9dNOJ0BoCjKC2wLXSzwcj5cVx2X5WiIeDDH2Dt7 +AbDvtGhBLVOiq0LuuwIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQDBNQXXHTOE59tY +Z6CLBB0MrNHsIypGdGAFXroIXM8AU9Ac3P7XD1ONpqX/Qa0nN033E8bU8xpre3RI +4/9XgBs5 +-----END CERTIFICATE REQUEST----- diff --git a/ms/reqU.ss b/ms/reqU.ss new file mode 100644 index 0000000000000000000000000000000000000000..b63f2e444271d526b669f6fa5530aca3578131bd --- /dev/null +++ b/ms/reqU.ss @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCDCBswIBADBOMQswCQYDVQQGEwJBVTEXMBUGA1UEChMORG9kZ3kgQnJvdGhl +cnMxEjAQBgNVBAMTCUJyb3RoZXIgMTESMBAGA1UEAxMJQnJvdGhlciAyMFwwDQYJ +KoZIhvcNAQEBBQADSwAwSAJBAMXMcxp35YXyIsrf4o3N1r1iimo2Tl58yg5iKPhD +XN0NeqCS5KJtBXbGMlW2LPSxMh4QKbrq6y1B/6HT8noKnAECAwEAAaAAMA0GCSqG +SIb3DQEBAgUAA0EApF6ZEr63DAKDwgrr4oh4fWOls9tf6k0tpQ31LyCpDv/3+08O +l5Ds40cAsSJGuswVBExuvkrDJsxxSE14Z/e1Fg== +-----END CERTIFICATE REQUEST----- diff --git a/ms/speed16.bat b/ms/speed16.bat new file mode 100755 index 0000000000000000000000000000000000000000..7ff08851a24596743cc1530a1642283705d4e9c8 --- /dev/null +++ b/ms/speed16.bat @@ -0,0 +1,38 @@ +set makefile=ms\dos.bat + +perl Configure b +del tmp\*.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay version -v -b -f >speed.1 +out\ssleay speed >speed.1l + +perl Configure bl-4c-2c +del tmp\rc4*.obj tmp\bn*.obj tmp\md2_dgst.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay speed rc4 rsa md2 >speed.2l + +perl Configure bl-4c-ri +del tmp\rc4*.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay speed rc4 >speed.3l + +perl Configure b2-is-ri-dp +perl util\mk1mf.pl VC-MSDOS no-asm >m2 +del tmp\i_*.obj tmp\rc4*.obj tmp\ecb_enc.obj tmp\bn*.obj +nmake -f m2 +nmake -f m2 +nmake -f m2 +out\ssleay speed rsa rc4 idea des >speed.4l + +type speed.1 >speed.log +type speed.1l >>speed.log +perl util\sp-diff.pl speed.1l speed.2l >>speed.log +perl util\sp-diff.pl speed.1l speed.3l >>speed.log +perl util\sp-diff.pl speed.1l speed.4l >>speed.log + diff --git a/ms/speed32.bat b/ms/speed32.bat new file mode 100755 index 0000000000000000000000000000000000000000..95f7ce9505c5e351e1cf091df7a3039fdf55a5f2 --- /dev/null +++ b/ms/speed32.bat @@ -0,0 +1,37 @@ +set makefile=ms\nt.mak + +perl Configure b +del tmp\*.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay version -v -b -f >speed.1 +out\ssleay speed >speed.1l + +perl Configure bl-4c-2c +del tmp\rc4*.obj tmp\bn*.obj tmp\md2_dgst.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay speed rc4 rsa md2 >speed.2l + +perl Configure bl-4c-ri +del tmp\rc4*.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay speed rc4 >speed.3l + +perl Configure b2-is-ri-dp +del tmp\i_*.obj tmp\rc4*.obj tmp\ecb_enc.obj tmp\bn*.obj +nmake -f %makefile% +nmake -f %makefile% +nmake -f %makefile% +out\ssleay speed rsa rc4 idea des >speed.4l + +type speed.1 >speed.log +type speed.1l >>speed.log +perl util\sp-diff.pl speed.1l speed.2l >>speed.log +perl util\sp-diff.pl speed.1l speed.3l >>speed.log +perl util\sp-diff.pl speed.1l speed.4l >>speed.log + diff --git a/ms/ssleay16.def b/ms/ssleay16.def new file mode 100644 index 0000000000000000000000000000000000000000..74409f7ad5d8b9379b9e0d33842e268ea3818dcf --- /dev/null +++ b/ms/ssleay16.def @@ -0,0 +1,139 @@ +; +; Definition file for the DDL version of the SSLEAY16 library from SSLeay +; + +LIBRARY SSLEAY16 + +DESCRIPTION 'SSLeay SSLEAY16 - eay@cryptsoft.com' + +CODE PRELOAD MOVEABLE +DATA PRELOAD MOVEABLE SINGLE + +EXETYPE WINDOWS + +HEAPSIZE 4096 +STACKSIZE 8192 + +EXPORTS + _SSLeay_add_ssl_algorithms @109 + _BIO_f_ssl @121 + _BIO_new_ssl @122 + _BIO_ssl_copy_session_id @124 + _BIO_ssl_shutdown @131 + _ERR_load_SSL_strings @1 + _SSL_CIPHER_description @2 + _SSL_CIPHER_get_bits @128 + _SSL_CIPHER_get_name @130 + _SSL_CIPHER_get_version @129 + _SSL_CTX_add_client_CA @3 + _SSL_CTX_add_session @4 + _SSL_CTX_check_private_key @5 + _SSL_CTX_ctrl @6 + _SSL_CTX_flush_sessions @7 + _SSL_CTX_free @8 + _SSL_CTX_get_client_CA_list @9 + _SSL_CTX_get_verify_callback @10 + _SSL_CTX_get_verify_mode @11 + _SSL_CTX_new @12 + _SSL_CTX_remove_session @13 + _SSL_CTX_set_cert_verify_cb @14 + _SSL_CTX_set_cipher_list @15 + _SSL_CTX_set_client_CA_list @16 + _SSL_CTX_set_default_passwd_cb @17 + _SSL_CTX_set_ssl_version @19 + _SSL_CTX_set_verify @21 + _SSL_CTX_use_PrivateKey @22 + _SSL_CTX_use_PrivateKey_ASN1 @23 + _SSL_CTX_use_PrivateKey_file @24 + _SSL_CTX_use_RSAPrivateKey @25 + _SSL_CTX_use_RSAPrivateKey_ASN1 @26 + _SSL_CTX_use_RSAPrivateKey_file @27 + _SSL_CTX_use_certificate @28 + _SSL_CTX_use_certificate_ASN1 @29 + _SSL_CTX_use_certificate_file @30 + _SSL_SESSION_free @31 + _SSL_SESSION_new @32 + _SSL_SESSION_print @33 + _SSL_accept @35 + _SSL_add_client_CA @36 + _SSL_alert_desc_string @37 + _SSL_alert_desc_string_long @38 + _SSL_alert_type_string @39 + _SSL_alert_type_string_long @40 + _SSL_check_private_key @41 + _SSL_clear @42 + _SSL_connect @43 + _SSL_copy_session_id @44 + _SSL_ctrl @45 + _SSL_do_handshake @125 + _SSL_dup @46 + _SSL_dup_CA_list @47 + _SSL_free @48 + _SSL_get_certificate @49 + _SSL_get_cipher_list @52 + _SSL_get_ciphers @55 + _SSL_get_client_CA_list @56 + _SSL_get_current_cipher @127 + _SSL_get_default_timeout @57 + _SSL_get_error @58 + _SSL_get_fd @59 + _SSL_get_peer_cert_chain @60 + _SSL_get_peer_certificate @61 + _SSL_get_privatekey @126 + _SSL_get_rbio @63 + _SSL_get_read_ahead @64 + _SSL_get_shared_ciphers @65 + _SSL_get_ssl_method @66 + _SSL_get_time @67 + _SSL_get_timeout @68 + _SSL_get_verify_mode @70 + _SSL_get_version @71 + _SSL_get_wbio @72 + _SSL_load_client_CA_file @73 + _SSL_load_error_strings @74 + _SSL_new @75 + _SSL_peek @76 + _SSL_pending @77 + _SSL_read @78 + _SSL_renegotiate @79 + _SSL_rstate_string @80 + _SSL_rstate_string_long @81 + _SSL_set_accept_state @82 + _SSL_set_bio @83 + _SSL_set_cipher_list @84 + _SSL_set_client_CA_list @85 + _SSL_set_connect_state @86 + _SSL_set_fd @87 + _SSL_set_read_ahead @88 + _SSL_set_rfd @89 + _SSL_set_session @90 + _SSL_set_ssl_method @91 + _SSL_set_time @92 + _SSL_set_timeout @93 + _SSL_set_verify @94 + _SSL_set_wfd @95 + _SSL_shutdown @96 + _SSL_state_string @97 + _SSL_state_string_long @98 + _SSL_use_PrivateKey @99 + _SSL_use_PrivateKey_ASN1 @100 + _SSL_use_PrivateKey_file @101 + _SSL_use_RSAPrivateKey @102 + _SSL_use_RSAPrivateKey_ASN1 @103 + _SSL_use_RSAPrivateKey_file @104 + _SSL_use_certificate @105 + _SSL_use_certificate_ASN1 @106 + _SSL_use_certificate_file @107 + _SSL_write @108 + _SSLv23_client_method @110 + _SSLv23_method @111 + _SSLv23_server_method @112 + _SSLv2_client_method @113 + _SSLv2_method @114 + _SSLv2_server_method @115 + _SSLv3_client_method @116 + _SSLv3_method @117 + _SSLv3_server_method @118 + _d2i_SSL_SESSION @119 + _i2d_SSL_SESSION @120 + diff --git a/ms/ssleay32.def b/ms/ssleay32.def new file mode 100644 index 0000000000000000000000000000000000000000..403d4ec5842797d95725386471b94579a1372ad8 --- /dev/null +++ b/ms/ssleay32.def @@ -0,0 +1,132 @@ +; +; Definition file for the DDL version of the SSLEAY32 library from SSLeay +; + +LIBRARY SSLEAY32 + +DESCRIPTION 'SSLeay SSLEAY32 - eay@cryptsoft.com' + +EXPORTS + SSLeay_add_ssl_algorithms @109 + BIO_f_ssl @121 + BIO_new_ssl @122 + BIO_ssl_copy_session_id @124 + BIO_ssl_shutdown @131 + ERR_load_SSL_strings @1 + SSL_CIPHER_description @2 + SSL_CIPHER_get_bits @128 + SSL_CIPHER_get_name @130 + SSL_CIPHER_get_version @129 + SSL_CTX_add_client_CA @3 + SSL_CTX_add_session @4 + SSL_CTX_check_private_key @5 + SSL_CTX_ctrl @6 + SSL_CTX_flush_sessions @7 + SSL_CTX_free @8 + SSL_CTX_get_client_CA_list @9 + SSL_CTX_get_verify_callback @10 + SSL_CTX_get_verify_mode @11 + SSL_CTX_new @12 + SSL_CTX_remove_session @13 + SSL_CTX_set_cert_verify_cb @14 + SSL_CTX_set_cipher_list @15 + SSL_CTX_set_client_CA_list @16 + SSL_CTX_set_default_passwd_cb @17 + SSL_CTX_set_ssl_version @19 + SSL_CTX_set_verify @21 + SSL_CTX_use_PrivateKey @22 + SSL_CTX_use_PrivateKey_ASN1 @23 + SSL_CTX_use_PrivateKey_file @24 + SSL_CTX_use_RSAPrivateKey @25 + SSL_CTX_use_RSAPrivateKey_ASN1 @26 + SSL_CTX_use_RSAPrivateKey_file @27 + SSL_CTX_use_certificate @28 + SSL_CTX_use_certificate_ASN1 @29 + SSL_CTX_use_certificate_file @30 + SSL_SESSION_free @31 + SSL_SESSION_new @32 + SSL_SESSION_print @33 + SSL_SESSION_print_fp @34 + SSL_accept @35 + SSL_add_client_CA @36 + SSL_alert_desc_string @37 + SSL_alert_desc_string_long @38 + SSL_alert_type_string @39 + SSL_alert_type_string_long @40 + SSL_check_private_key @41 + SSL_clear @42 + SSL_connect @43 + SSL_copy_session_id @44 + SSL_ctrl @45 + SSL_do_handshake @125 + SSL_dup @46 + SSL_dup_CA_list @47 + SSL_free @48 + SSL_get_certificate @49 + SSL_get_cipher_list @52 + SSL_get_ciphers @55 + SSL_get_client_CA_list @56 + SSL_get_current_cipher @127 + SSL_get_default_timeout @57 + SSL_get_error @58 + SSL_get_fd @59 + SSL_get_peer_cert_chain @60 + SSL_get_peer_certificate @61 + SSL_get_privatekey @126 + SSL_get_rbio @63 + SSL_get_read_ahead @64 + SSL_get_shared_ciphers @65 + SSL_get_ssl_method @66 + SSL_get_time @67 + SSL_get_timeout @68 + SSL_get_verify_mode @70 + SSL_get_version @71 + SSL_get_wbio @72 + SSL_load_client_CA_file @73 + SSL_load_error_strings @74 + SSL_new @75 + SSL_peek @76 + SSL_pending @77 + SSL_read @78 + SSL_renegotiate @79 + SSL_rstate_string @80 + SSL_rstate_string_long @81 + SSL_set_accept_state @82 + SSL_set_bio @83 + SSL_set_cipher_list @84 + SSL_set_client_CA_list @85 + SSL_set_connect_state @86 + SSL_set_fd @87 + SSL_set_read_ahead @88 + SSL_set_rfd @89 + SSL_set_session @90 + SSL_set_ssl_method @91 + SSL_set_time @92 + SSL_set_timeout @93 + SSL_set_verify @94 + SSL_set_wfd @95 + SSL_shutdown @96 + SSL_state_string @97 + SSL_state_string_long @98 + SSL_use_PrivateKey @99 + SSL_use_PrivateKey_ASN1 @100 + SSL_use_PrivateKey_file @101 + SSL_use_RSAPrivateKey @102 + SSL_use_RSAPrivateKey_ASN1 @103 + SSL_use_RSAPrivateKey_file @104 + SSL_use_certificate @105 + SSL_use_certificate_ASN1 @106 + SSL_use_certificate_file @107 + SSL_write @108 + SSLv23_client_method @110 + SSLv23_method @111 + SSLv23_server_method @112 + SSLv2_client_method @113 + SSLv2_method @114 + SSLv2_server_method @115 + SSLv3_client_method @116 + SSLv3_method @117 + SSLv3_server_method @118 + d2i_SSL_SESSION @119 + i2d_SSL_SESSION @120 + diff --git a/ms/tenc.bat b/ms/tenc.bat new file mode 100755 index 0000000000000000000000000000000000000000..a4fa7f3652c4fa07c9aed936646592a5b1b90a7f --- /dev/null +++ b/ms/tenc.bat @@ -0,0 +1,14 @@ +rem called by testenc + +echo test %1 %2 %3 %4 %5 %6 +%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1% +%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1% +%cmp% %input% %out1% +if errorlevel 1 goto err + +echo test base64 %1 %2 %3 %4 %5 %6 +%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1% +%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1% +%cmp% %input% %out1% + +:err diff --git a/ms/test.bat b/ms/test.bat new file mode 100755 index 0000000000000000000000000000000000000000..e1862c519a71aff95eb8085485d167f2114ac6d1 --- /dev/null +++ b/ms/test.bat @@ -0,0 +1,133 @@ +@echo=off + +set bin=..\out +set test=. + +echo destest +%bin%\destest +if errorlevel 1 goto done + +echo ideatest +%bin%\ideatest +if errorlevel 1 goto done + +echo bftest +%bin%\bftest +if errorlevel 1 goto done + +echo shatest +%bin%\shatest +if errorlevel 1 goto done + +echo sha1test +%bin%\sha1test +if errorlevel 1 goto done + +echo md5test +%bin%\md5test +if errorlevel 1 goto done + +echo md2test +%bin%\md2test +if errorlevel 1 goto done + +echo mdc2test +%bin%\mdc2test +if errorlevel 1 goto done + +echo rc2test +%bin%\rc2test +if errorlevel 1 goto done + +echo rc4test +%bin%\rc4test +if errorlevel 1 goto done + +echo randtest +%bin%\randtest +if errorlevel 1 goto done + +echo dhtest +%bin%\dhtest +if errorlevel 1 goto done + +echo exptest +%bin%\exptest +if errorlevel 1 goto done + +echo dsatest +%bin%\dsatest +if errorlevel 1 goto done + +echo testenc +call %test%\testenc %bin%\ssleay +if errorlevel 1 goto done + +echo testpem +call %test%\testpem %bin%\ssleay +if errorlevel 1 goto done + +echo verify +copy ..\certs\*.pem cert.tmp >nul +%bin%\ssleay verify -CAfile cert.tmp ..\certs\*.pem + +echo testss +call %test%\testss %bin%\ssleay +if errorlevel 1 goto done + +echo test sslv2 +%bin%\ssltest -ssl2 +if errorlevel 1 goto done + +echo test sslv2 with server authentication +%bin%\ssltest -ssl2 -server_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv2 with client authentication +%bin%\ssltest -ssl2 -client_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv2 with beoth client and server authentication +%bin%\ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv3 +%bin%\ssltest -ssl3 +if errorlevel 1 goto done + +echo test sslv3 with server authentication +%bin%\ssltest -ssl3 -server_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv3 with client authentication +%bin%\ssltest -ssl3 -client_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv3 with beoth client and server authentication +%bin%\ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv2/sslv3 +%bin%\ssltest +if errorlevel 1 goto done + +echo test sslv2/sslv3 with server authentication +%bin%\ssltest -server_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv2/sslv3 with client authentication +%bin%\ssltest -client_auth -CAfile cert.tmp +if errorlevel 1 goto done + +echo test sslv2/sslv3 with beoth client and server authentication +%bin%\ssltest -server_auth -client_auth -CAfile cert.tmp +if errorlevel 1 goto done + + +del cert.tmp + +echo passed all tests +goto end +:done +echo problems..... +:end diff --git a/ms/testenc.bat b/ms/testenc.bat new file mode 100755 index 0000000000000000000000000000000000000000..b46af4bd9c683edd13f4f019a5f8ac43e220a0a6 --- /dev/null +++ b/ms/testenc.bat @@ -0,0 +1,91 @@ +echo=off + +set ssleay=%1% +set input=testenc.bat +set tmp1=cipher.out +set out1=clear.out +set cmp=perl cmp.pl + +call tenc.bat enc +if errorlevel 1 goto err + +call tenc.bat rc4 +if errorlevel 1 goto err + +call tenc.bat des-cfb +if errorlevel 1 goto err + +call tenc.bat des-ede-cfb +if errorlevel 1 goto err + +call tenc.bat des-ede3-cfb +if errorlevel 1 goto err + +call tenc.bat des-ofb +if errorlevel 1 goto err + +call tenc.bat des-ede-ofb +if errorlevel 1 goto err + +call tenc.bat des-ede3-ofb +if errorlevel 1 goto err + +call tenc.bat des-ecb +if errorlevel 1 goto err + +call tenc.bat des-ede +if errorlevel 1 goto err + +call tenc.bat des-ede3 +if errorlevel 1 goto err + +call tenc.bat des-cbc +if errorlevel 1 goto err + +call tenc.bat des-ede-cbc +if errorlevel 1 goto err + +call tenc.bat des-ede3-cbc +if errorlevel 1 goto err + +call tenc.bat idea-ecb +if errorlevel 1 goto err + +call tenc.bat idea-cfb +if errorlevel 1 goto err + +call tenc.bat idea-ofb +if errorlevel 1 goto err + +call tenc.bat idea-cbc +if errorlevel 1 goto err + +call tenc.bat rc2-ecb +if errorlevel 1 goto err + +call tenc.bat rc2-cfb +if errorlevel 1 goto err + +call tenc.bat rc2-ofb +if errorlevel 1 goto err + +call tenc.bat rc2-cbc +if errorlevel 1 goto err + +call tenc.bat bf-ecb +if errorlevel 1 goto err + +call tenc.bat bf-cfb +if errorlevel 1 goto err + +call tenc.bat bf-ofb +if errorlevel 1 goto err + +call tenc.bat bf-cbc +if errorlevel 1 goto err + +echo OK +del %out1% +del %tmp1% +:err + diff --git a/ms/testpem.bat b/ms/testpem.bat new file mode 100755 index 0000000000000000000000000000000000000000..e1e1a023609b19c9b8aa69908829e629cd6a1434 --- /dev/null +++ b/ms/testpem.bat @@ -0,0 +1,36 @@ +echo=off +set ssleay=%1% +set tmp1=pem.out +set cmp=perl cmp.pl + +call tpem.bat crl ..\test\testcrl.pem +if errorlevel 1 goto err + +call tpem.bat pkcs7 ..\test\testp7.pem +if errorlevel 1 goto err + +call tpem.bat req ..\test\testreq.pem +if errorlevel 1 goto err + +call tpem.bat req ..\test\testreq2.pem +if errorlevel 1 goto err + +call tpem.bat rsa ..\test\testrsa.pem +if errorlevel 1 goto err + +call tpem.bat x509 ..\test\testx509.pem +if errorlevel 1 goto err + +call tpem.bat x509 ..\test\v3-cert1.pem +if errorlevel 1 goto err + +call tpem.bat x509 ..\test\v3-cert1.pem +if errorlevel 1 goto err + +call tpem.bat sess_id ..\test\testsid.pem +if errorlevel 1 goto err + +echo OK +del %tmp1% +:err + diff --git a/ms/testss.bat b/ms/testss.bat new file mode 100755 index 0000000000000000000000000000000000000000..d9463bf92ba3f0f7f8201ba7a34065c0c2a6f91b --- /dev/null +++ b/ms/testss.bat @@ -0,0 +1,98 @@ +echo=off + +set ssleay=..\out\ssleay +set ssleay=%1 + +set reqcmd=%ssleay% req +set x509cmd=%ssleay% x509 +set verifycmd=%ssleay% verify + +set CAkey=keyCA.ss +set CAcert=certCA.ss +set CAserial=certCA.srl +set CAreq=reqCA.ss +set CAconf=..\test\CAss.cnf +set CAreq2=req2CA.ss + +set Uconf=..\test\Uss.cnf +set Ukey=keyU.ss +set Ureq=reqU.ss +set Ucert=certU.ss + +echo make a certificate request using 'req' +%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new +if errorlevel 1 goto err_req + +echo convert the certificate request into a self signed certificate using 'x509' +%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss +if errorlevel 1 goto err_x509 + +echo -- +echo convert a certificate into a certificate request using 'x509' +%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss +if errorlevel 1 goto err_x509_2 + +%reqcmd% -verify -in %CAreq% -noout +if errorlevel 1 goto err_verify_1 + +%reqcmd% -verify -in %CAreq2% -noout +if errorlevel 1 goto err_verify_2 + +%verifycmd% -CAfile %CAcert% %CAcert% +if errorlevel 1 goto err_verify_3 + +echo -- +echo make another certificate request using 'req' +%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss +if errorlevel 1 goto err_req_gen + +echo -- +echo sign certificate request with the just created CA via 'x509' +%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial% +if errorlevel 1 goto err_x509_sign + +%verifycmd% -CAfile %CAcert% %Ucert% +echo -- +echo Certificate details +%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert% + +echo Everything appeared to work +echo -- +echo The generated CA certificate is %CAcert% +echo The generated CA private key is %CAkey% +echo The current CA signing serial number is in %CAserial% + +echo The generated user certificate is %Ucert% +echo The generated user private key is %Ukey% +echo -- + +del err.ss + +goto end + +:err_req +echo error using 'req' to generate a certificate request +goto end +:err_x509 +echo error using 'x509' to self sign a certificate request +goto end +:err_x509_2 +echo error using 'x509' convert a certificate to a certificate request +goto end +:err_verify_1 +echo first generated request is invalid +goto end +:err_verify_2 +echo second generated request is invalid +goto end +:err_verify_3 +echo first generated cert is invalid +goto end +:err_req_gen +echo error using 'req' to generate a certificate request +goto end +:err_x509_sign +echo error using 'x509' to sign a certificate request +goto end + +:end diff --git a/ms/tpem.bat b/ms/tpem.bat new file mode 100755 index 0000000000000000000000000000000000000000..cd01792e9f0194c582ffd500ac87f9e1a0193edc --- /dev/null +++ b/ms/tpem.bat @@ -0,0 +1,6 @@ +rem called by testpem + +echo test %1 %2 +%ssleay% %1 -in %2 -out %tmp1% +%cmp% %2 %tmp1% + diff --git a/ms/w31dll.mak b/ms/w31dll.mak new file mode 100644 index 0000000000000000000000000000000000000000..a69570a12d8b5fec19691320be71d8ffa9117114 --- /dev/null +++ b/ms/w31dll.mak @@ -0,0 +1,2032 @@ +# This makefile has been automatically generated from the SSLeay distribution. +# This single makefile will build the complete SSLeay distribution and +# by default leave the 'intertesting' output files in .\out and the stuff +# that needs deleting in .\tmp. +# The file was generated by running 'make makefile.one', which +# does a 'make files', which writes all the environment variables from all +# the makefiles to the file call MINFO. This file is used by +# util\mk1mf.pl to generate makefile.one. +# The 'makefile per directory' system suites me when developing this +# library and also so I can 'distribute' indervidual library sections. +# The one monster makefile better suits building in non-unix +# environments. + +INSTALLTOP=\usr\local\ssl + +# Set your compiler options +CC=cl +CFLAG=/ALw /Gx- /Gt256 /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16 +APP_CFLAG=/Gw /FPi87 +LIB_CFLAG=/Gw +APP_EX_OBJ=setargv.obj +SHLIB_EX_OBJ= +# add extra libraries to this define, for solaris -lsocket -lnsl would +# be added +EX_LIBS=oldnames llibcewq libw winsock + +# The SSLeay directory +SRC_D=. + +LINK=link +LFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000 /STACK:20000 /ALIGN:16 + +BN_MULW_OBJ=crypto\bn\asm\x86w32.obj +BN_MULW_SRC=crypto\bn\asm\x86w32.asm +DES_ENC_OBJ= +DES_ENC_SRC= +DES_CRYPT_OBJ= +DES_CRYPT_SRC= +BF_ENC_OBJ= +BF_ENC_SRC= + +# The output directory for everything intersting +OUT_D=out +# The output directory for all the temporary muck +TMP_D=tmp + +CP=copy +RM=del +RANLIB= +MKDIR=mkdir +MKLIB=lib /PAGESIZE:1024 +MLFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000 +ASM=ml /Cp /c /Cx + +###################################################### +# You should not need to touch anything below this point +###################################################### + +E_EXE=ssleay +SSL=ssleay16 +CRYPTO=libeay16 +RSAGLUE=RSAglue + +# BIN_D - Binary output directory +# TEST_D - Binary test file output directory +# LIB_D - library output directory +# INC_D - include directory +BIN_D=$(OUT_D) +TEST_D=$(OUT_D) +LIB_D=$(OUT_D) +INC_D=$(OUT_D) + +# INCL_D - local library directory +# OBJ_D - temp object file directory +OBJ_D=$(TMP_D) +INCL_D=$(TMP_D) + +O_SSL= $(LIB_D)\$(SSL).dll +O_CRYPTO= $(LIB_D)\$(CRYPTO).dll +O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib +L_SSL= $(LIB_D)\$(SSL).lib +L_CRYPTO= $(LIB_D)\$(CRYPTO).lib + +L_LIBS= $(L_SSL) $(L_CRYPTO) +#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO) + +###################################################### +# Don't touch anything below this point +###################################################### + +INC=-DFLAT_INC -I$(INC_D) -I$(INCL_D) +APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG) +LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) +LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL) + +############################################# +HEADER=$(INCL_D)\e_os.h \ + $(INCL_D)\cryptlib.h $(INCL_D)\date.h $(INCL_D)\md5_locl.h \ + $(INCL_D)\sha_locl.h $(INCL_D)\des_locl.h $(INCL_D)\rpc_des.h \ + $(INCL_D)\podd.h $(INCL_D)\sk.h $(INCL_D)\spr.h \ + $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h $(INCL_D)\idea_lcl.h \ + $(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\bn_lcl.h \ + $(INCL_D)\bn_prime.h $(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h \ + $(INCL_D)\ssl_locl.h $(INCL_D)\rsaref.h $(INCL_D)\apps.h \ + $(INCL_D)\progs.h $(INCL_D)\s_apps.h $(INCL_D)\testdsa.h \ + $(INCL_D)\testrsa.h + +EXHEADER=$(INC_D)\crypto.h \ + $(INC_D)\cryptall.h $(INC_D)\md2.h $(INC_D)\md5.h \ + $(INC_D)\sha.h $(INC_D)\mdc2.h $(INC_D)\des.h \ + $(INC_D)\rc4.h $(INC_D)\rc2.h $(INC_D)\idea.h \ + $(INC_D)\blowfish.h $(INC_D)\bn.h $(INC_D)\rsa.h \ + $(INC_D)\dsa.h $(INC_D)\dh.h $(INC_D)\buffer.h \ + $(INC_D)\bio.h $(INC_D)\stack.h $(INC_D)\lhash.h \ + $(INC_D)\rand.h $(INC_D)\err.h $(INC_D)\objects.h \ + $(INC_D)\evp.h $(INC_D)\pem.h $(INC_D)\asn1.h \ + $(INC_D)\asn1_mac.h $(INC_D)\x509.h $(INC_D)\x509_vfy.h \ + $(INC_D)\conf.h $(INC_D)\txt_db.h $(INC_D)\pkcs7.h \ + $(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \ + $(INC_D)\ssl23.h + +T_OBJ=$(OBJ_D)\md2test.obj \ + $(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \ + $(OBJ_D)\mdc2test.obj $(OBJ_D)\destest.obj $(OBJ_D)\rc4test.obj \ + $(OBJ_D)\rc2test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \ + $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj $(OBJ_D)\dsatest.obj \ + $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj $(OBJ_D)\ssltest.obj + +E_OBJ=$(OBJ_D)\verify.obj \ + $(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \ + $(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \ + $(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\gendsa.obj \ + $(OBJ_D)\pkcs7.obj $(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj \ + $(OBJ_D)\rsa.obj $(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj \ + $(OBJ_D)\x509.obj $(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj \ + $(OBJ_D)\s_client.obj $(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj \ + $(OBJ_D)\apps.obj $(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj \ + $(OBJ_D)\version.obj $(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj \ + $(OBJ_D)\ssleay.obj + +CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \ + $(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\md2_dgst.obj \ + $(OBJ_D)\md5_dgst.obj $(OBJ_D)\md2_one.obj $(OBJ_D)\md5_one.obj \ + $(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj \ + $(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj \ + $(OBJ_D)\set_key.obj $(OBJ_D)\ecb_enc.obj $(OBJ_D)\ede_enc.obj \ + $(OBJ_D)\cbc_enc.obj $(OBJ_D)\cbc3_enc.obj $(OBJ_D)\ecb3_enc.obj \ + $(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj $(OBJ_D)\cfb_enc.obj \ + $(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj $(OBJ_D)\enc_writ.obj \ + $(OBJ_D)\ncbc_enc.obj $(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj \ + $(OBJ_D)\str2key.obj $(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj \ + $(OBJ_D)\rand_key.obj $(OBJ_D)\des_enc.obj $(OBJ_D)\fcrypt_b.obj \ + $(OBJ_D)\read2pwd.obj $(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj \ + $(OBJ_D)\read_pwd.obj $(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj \ + $(OBJ_D)\supp.obj $(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc2_ecb.obj \ + $(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj \ + $(OBJ_D)\rc2ofb64.obj $(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj \ + $(OBJ_D)\i_ofb64.obj $(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj \ + $(OBJ_D)\bf_skey.obj $(OBJ_D)\bf_ecb.obj $(OBJ_D)\bf_enc.obj \ + $(OBJ_D)\bf_cbc.obj $(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj \ + $(OBJ_D)\bn_add.obj $(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj \ + $(OBJ_D)\bn_lib.obj $(OBJ_D)\bn_mod.obj $(OBJ_D)\bn_mul.obj \ + $(OBJ_D)\bn_print.obj $(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj \ + $(OBJ_D)\bn_sub.obj $(OBJ_D)\bn_word.obj $(OBJ_D)\bn_gcd.obj \ + $(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj \ + $(BN_MULW_OBJ) $(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj \ + $(OBJ_D)\rsa_enc.obj $(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj \ + $(OBJ_D)\rsa_sign.obj $(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj \ + $(OBJ_D)\dsa_gen.obj $(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj \ + $(OBJ_D)\dsa_vrf.obj $(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj \ + $(OBJ_D)\dh_gen.obj $(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj \ + $(OBJ_D)\dh_check.obj $(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj \ + $(OBJ_D)\buf_err.obj $(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj \ + $(OBJ_D)\bio_err.obj $(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj \ + $(OBJ_D)\bss_fd.obj $(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj \ + $(OBJ_D)\bss_conn.obj $(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj \ + $(OBJ_D)\b_print.obj $(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj \ + $(OBJ_D)\bss_acpt.obj $(OBJ_D)\bf_nbio.obj $(OBJ_D)\stack.obj \ + $(OBJ_D)\lhash.obj $(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj \ + $(OBJ_D)\randfile.obj $(OBJ_D)\err.obj $(OBJ_D)\err_all.obj \ + $(OBJ_D)\err_prn.obj $(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj \ + $(OBJ_D)\obj_err.obj $(OBJ_D)\encode.obj $(OBJ_D)\digest.obj \ + $(OBJ_D)\evp_enc.obj $(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj \ + $(OBJ_D)\e_cbc_d.obj $(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj \ + $(OBJ_D)\e_ecb_i.obj $(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj \ + $(OBJ_D)\e_ofb_i.obj $(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj \ + $(OBJ_D)\e_rc4.obj $(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj \ + $(OBJ_D)\e_ofb_3d.obj $(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj \ + $(OBJ_D)\e_cbc_r2.obj $(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj \ + $(OBJ_D)\e_ecb_bf.obj $(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj \ + $(OBJ_D)\e_ofb_bf.obj $(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj \ + $(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj \ + $(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj \ + $(OBJ_D)\p_open.obj $(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj \ + $(OBJ_D)\p_verify.obj $(OBJ_D)\p_lib.obj $(OBJ_D)\bio_md.obj \ + $(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj \ + $(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj $(OBJ_D)\pem_sign.obj \ + $(OBJ_D)\pem_seal.obj $(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj \ + $(OBJ_D)\pem_all.obj $(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj \ + $(OBJ_D)\a_bitstr.obj $(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj \ + $(OBJ_D)\a_octet.obj $(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj \ + $(OBJ_D)\a_set.obj $(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj \ + $(OBJ_D)\a_i2d_fp.obj $(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj \ + $(OBJ_D)\a_verify.obj $(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj \ + $(OBJ_D)\x_pubkey.obj $(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj \ + $(OBJ_D)\x_attrib.obj $(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj \ + $(OBJ_D)\x_x509.obj $(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj \ + $(OBJ_D)\x_spki.obj $(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj \ + $(OBJ_D)\d2i_r_pu.obj $(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj \ + $(OBJ_D)\i2d_s_pr.obj $(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj \ + $(OBJ_D)\d2i_pu.obj $(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj \ + $(OBJ_D)\i2d_pr.obj $(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj \ + $(OBJ_D)\t_pkey.obj $(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj \ + $(OBJ_D)\p7_signd.obj $(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj \ + $(OBJ_D)\p7_evp.obj $(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj \ + $(OBJ_D)\p7_enc.obj $(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj \ + $(OBJ_D)\f_string.obj $(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj \ + $(OBJ_D)\d2i_dhp.obj $(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj \ + $(OBJ_D)\a_hdr.obj $(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj \ + $(OBJ_D)\x_exten.obj $(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj \ + $(OBJ_D)\asn1_err.obj $(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj \ + $(OBJ_D)\x509_def.obj $(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj \ + $(OBJ_D)\x509_cmp.obj $(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj \ + $(OBJ_D)\x509_vfy.obj $(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj \ + $(OBJ_D)\x509_err.obj $(OBJ_D)\x509name.obj $(OBJ_D)\x509_v3.obj \ + $(OBJ_D)\x509_ext.obj $(OBJ_D)\x509pack.obj $(OBJ_D)\x509type.obj \ + $(OBJ_D)\x509_lu.obj $(OBJ_D)\x_all.obj $(OBJ_D)\x509_txt.obj \ + $(OBJ_D)\by_file.obj $(OBJ_D)\by_dir.obj $(OBJ_D)\v3_net.obj \ + $(OBJ_D)\v3_x509.obj $(OBJ_D)\conf.obj $(OBJ_D)\conf_err.obj \ + $(OBJ_D)\txt_db.obj $(OBJ_D)\pk7_lib.obj $(OBJ_D)\pkcs7err.obj \ + $(OBJ_D)\pk7_doit.obj + +SSLOBJ=$(OBJ_D)\s2_meth.obj \ + $(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \ + $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s2_enc.obj $(OBJ_D)\s3_meth.obj \ + $(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \ + $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_both.obj \ + $(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \ + $(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\ssl_lib.obj \ + $(OBJ_D)\ssl_err2.obj $(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj \ + $(OBJ_D)\ssl_ciph.obj $(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj \ + $(OBJ_D)\ssl_asn1.obj $(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj \ + $(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj + +RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \ + $(OBJ_D)\rsar_err.obj + +T_EXE=$(TEST_D)\md2test.exe \ + $(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \ + $(TEST_D)\mdc2test.exe $(TEST_D)\destest.exe $(TEST_D)\rc4test.exe \ + $(TEST_D)\rc2test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \ + $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe $(TEST_D)\dsatest.exe \ + $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe $(TEST_D)\ssltest.exe + +################################################################### +all: banner $(OUT_D) $(TMP_D) headers lib exe + +banner: + @echo Make sure you have run 'perl Configure VC-W31-32' in the + @echo top level directory, if you don't have perl, you will + @echo need to probably edit crypto/bn/bn.h, check the + @echo documentation for details. + + +$(OUT_D): + $(MKDIR) $(OUT_D) + +$(TMP_D): + $(MKDIR) $(TMP_D) + +headers: $(HEADER) $(EXHEADER) + +lib: $(LIBS_DEP) + +exe: $(T_EXE) $(BIN_D)\$(E_EXE).exe + +install: + $(MKDIR) $(INSTALLTOP) + $(MKDIR) $(INSTALLTOP)\bin + $(MKDIR) $(INSTALLTOP)\include + $(MKDIR) $(INSTALLTOP)\lib + $(CP) $(INC_D)\*.h $(INSTALLTOP)\include + $(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin + $(CP) $(LIB_D)\$(O_SSL) $(INSTALLTOP)\lib + $(CP) $(LIB_D)\$(O_CRYPTO) $(INSTALLTOP)\lib + +clean: + $(RM) $(TMP_D)\*.* + +vclean: + $(RM) $(TMP_D)\*.* + $(RM) $(OUT_D)\*.* + +$(INCL_D)\e_os.h: $(SRC_D)\.\e_os.h + $(CP) $(SRC_D)\.\e_os.h $(INCL_D)\e_os.h + +$(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h + $(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h + +$(INCL_D)\date.h: $(SRC_D)\crypto\date.h + $(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h + +$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md\md5_locl.h + $(CP) $(SRC_D)\crypto\md\md5_locl.h $(INCL_D)\md5_locl.h + +$(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h + $(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h + +$(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h + $(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h + +$(INCL_D)\rpc_des.h: $(SRC_D)\crypto\des\rpc_des.h + $(CP) $(SRC_D)\crypto\des\rpc_des.h $(INCL_D)\rpc_des.h + +$(INCL_D)\podd.h: $(SRC_D)\crypto\des\podd.h + $(CP) $(SRC_D)\crypto\des\podd.h $(INCL_D)\podd.h + +$(INCL_D)\sk.h: $(SRC_D)\crypto\des\sk.h + $(CP) $(SRC_D)\crypto\des\sk.h $(INCL_D)\sk.h + +$(INCL_D)\spr.h: $(SRC_D)\crypto\des\spr.h + $(CP) $(SRC_D)\crypto\des\spr.h $(INCL_D)\spr.h + +$(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h + $(CP) $(SRC_D)\crypto\des\des_ver.h $(INCL_D)\des_ver.h + +$(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h + $(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h + +$(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h + $(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h + +$(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h + $(CP) $(SRC_D)\crypto\bf\bf_pi.h $(INCL_D)\bf_pi.h + +$(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h + $(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h + +$(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h + $(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h + +$(INCL_D)\bn_prime.h: $(SRC_D)\crypto\bn\bn_prime.h + $(CP) $(SRC_D)\crypto\bn\bn_prime.h $(INCL_D)\bn_prime.h + +$(INCL_D)\obj_dat.h: $(SRC_D)\crypto\objects\obj_dat.h + $(CP) $(SRC_D)\crypto\objects\obj_dat.h $(INCL_D)\obj_dat.h + +$(INCL_D)\conf_lcl.h: $(SRC_D)\crypto\conf\conf_lcl.h + $(CP) $(SRC_D)\crypto\conf\conf_lcl.h $(INCL_D)\conf_lcl.h + +$(INCL_D)\ssl_locl.h: $(SRC_D)\ssl\ssl_locl.h + $(CP) $(SRC_D)\ssl\ssl_locl.h $(INCL_D)\ssl_locl.h + +$(INCL_D)\rsaref.h: $(SRC_D)\rsaref\rsaref.h + $(CP) $(SRC_D)\rsaref\rsaref.h $(INCL_D)\rsaref.h + +$(INCL_D)\apps.h: $(SRC_D)\apps\apps.h + $(CP) $(SRC_D)\apps\apps.h $(INCL_D)\apps.h + +$(INCL_D)\progs.h: $(SRC_D)\apps\progs.h + $(CP) $(SRC_D)\apps\progs.h $(INCL_D)\progs.h + +$(INCL_D)\s_apps.h: $(SRC_D)\apps\s_apps.h + $(CP) $(SRC_D)\apps\s_apps.h $(INCL_D)\s_apps.h + +$(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h + $(CP) $(SRC_D)\apps\testdsa.h $(INCL_D)\testdsa.h + +$(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h + $(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h + +$(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h + $(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h + +$(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h + $(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h + +$(INC_D)\md2.h: $(SRC_D)\crypto\md\md2.h + $(CP) $(SRC_D)\crypto\md\md2.h $(INC_D)\md2.h + +$(INC_D)\md5.h: $(SRC_D)\crypto\md\md5.h + $(CP) $(SRC_D)\crypto\md\md5.h $(INC_D)\md5.h + +$(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h + $(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h + +$(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h + $(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h + +$(INC_D)\des.h: $(SRC_D)\crypto\des\des.h + $(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h + +$(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h + $(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h + +$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h + $(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h + +$(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h + $(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h + +$(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h + $(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h + +$(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h + $(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h + +$(INC_D)\rsa.h: $(SRC_D)\crypto\rsa\rsa.h + $(CP) $(SRC_D)\crypto\rsa\rsa.h $(INC_D)\rsa.h + +$(INC_D)\dsa.h: $(SRC_D)\crypto\dsa\dsa.h + $(CP) $(SRC_D)\crypto\dsa\dsa.h $(INC_D)\dsa.h + +$(INC_D)\dh.h: $(SRC_D)\crypto\dh\dh.h + $(CP) $(SRC_D)\crypto\dh\dh.h $(INC_D)\dh.h + +$(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h + $(CP) $(SRC_D)\crypto\buffer\buffer.h $(INC_D)\buffer.h + +$(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h + $(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h + +$(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h + $(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h + +$(INC_D)\lhash.h: $(SRC_D)\crypto\lhash\lhash.h + $(CP) $(SRC_D)\crypto\lhash\lhash.h $(INC_D)\lhash.h + +$(INC_D)\rand.h: $(SRC_D)\crypto\rand\rand.h + $(CP) $(SRC_D)\crypto\rand\rand.h $(INC_D)\rand.h + +$(INC_D)\err.h: $(SRC_D)\crypto\err\err.h + $(CP) $(SRC_D)\crypto\err\err.h $(INC_D)\err.h + +$(INC_D)\objects.h: $(SRC_D)\crypto\objects\objects.h + $(CP) $(SRC_D)\crypto\objects\objects.h $(INC_D)\objects.h + +$(INC_D)\evp.h: $(SRC_D)\crypto\evp\evp.h + $(CP) $(SRC_D)\crypto\evp\evp.h $(INC_D)\evp.h + +$(INC_D)\pem.h: $(SRC_D)\crypto\pem\pem.h + $(CP) $(SRC_D)\crypto\pem\pem.h $(INC_D)\pem.h + +$(INC_D)\asn1.h: $(SRC_D)\crypto\asn1\asn1.h + $(CP) $(SRC_D)\crypto\asn1\asn1.h $(INC_D)\asn1.h + +$(INC_D)\asn1_mac.h: $(SRC_D)\crypto\asn1\asn1_mac.h + $(CP) $(SRC_D)\crypto\asn1\asn1_mac.h $(INC_D)\asn1_mac.h + +$(INC_D)\x509.h: $(SRC_D)\crypto\x509\x509.h + $(CP) $(SRC_D)\crypto\x509\x509.h $(INC_D)\x509.h + +$(INC_D)\x509_vfy.h: $(SRC_D)\crypto\x509\x509_vfy.h + $(CP) $(SRC_D)\crypto\x509\x509_vfy.h $(INC_D)\x509_vfy.h + +$(INC_D)\conf.h: $(SRC_D)\crypto\conf\conf.h + $(CP) $(SRC_D)\crypto\conf\conf.h $(INC_D)\conf.h + +$(INC_D)\txt_db.h: $(SRC_D)\crypto\txt_db\txt_db.h + $(CP) $(SRC_D)\crypto\txt_db\txt_db.h $(INC_D)\txt_db.h + +$(INC_D)\pkcs7.h: $(SRC_D)\crypto\pkcs7\pkcs7.h + $(CP) $(SRC_D)\crypto\pkcs7\pkcs7.h $(INC_D)\pkcs7.h + +$(INC_D)\ssl.h: $(SRC_D)\ssl\ssl.h + $(CP) $(SRC_D)\ssl\ssl.h $(INC_D)\ssl.h + +$(INC_D)\ssl2.h: $(SRC_D)\ssl\ssl2.h + $(CP) $(SRC_D)\ssl\ssl2.h $(INC_D)\ssl2.h + +$(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h + $(CP) $(SRC_D)\ssl\ssl3.h $(INC_D)\ssl3.h + +$(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h + $(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h + +$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md\md2test.c + $(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md2test.c + +$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md\md5test.c + $(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md\md5test.c + +$(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c + $(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c + +$(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c + $(CC) /Fo$(OBJ_D)\sha1test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\sha1test.c + +$(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c + $(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c + +$(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c + $(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c + +$(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c + $(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c + +$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c + $(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c + +$(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c + $(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c + +$(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c + $(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c + +$(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c + $(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c + +$(OBJ_D)\exptest.obj: $(SRC_D)\crypto\bn\exptest.c + $(CC) /Fo$(OBJ_D)\exptest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\exptest.c + +$(OBJ_D)\dsatest.obj: $(SRC_D)\crypto\dsa\dsatest.c + $(CC) /Fo$(OBJ_D)\dsatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dsa\dsatest.c + +$(OBJ_D)\dhtest.obj: $(SRC_D)\crypto\dh\dhtest.c + $(CC) /Fo$(OBJ_D)\dhtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dh\dhtest.c + +$(OBJ_D)\randtest.obj: $(SRC_D)\crypto\rand\randtest.c + $(CC) /Fo$(OBJ_D)\randtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rand\randtest.c + +$(OBJ_D)\ssltest.obj: $(SRC_D)\ssl\ssltest.c + $(CC) /Fo$(OBJ_D)\ssltest.obj $(APP_CFLAGS) -c $(SRC_D)\ssl\ssltest.c + +$(OBJ_D)\verify.obj: $(SRC_D)\apps\verify.c + $(CC) /Fo$(OBJ_D)\verify.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\verify.c + +$(OBJ_D)\asn1pars.obj: $(SRC_D)\apps\asn1pars.c + $(CC) /Fo$(OBJ_D)\asn1pars.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\asn1pars.c + +$(OBJ_D)\req.obj: $(SRC_D)\apps\req.c + $(CC) /Fo$(OBJ_D)\req.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\req.c + +$(OBJ_D)\dgst.obj: $(SRC_D)\apps\dgst.c + $(CC) /Fo$(OBJ_D)\dgst.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dgst.c + +$(OBJ_D)\dh.obj: $(SRC_D)\apps\dh.c + $(CC) /Fo$(OBJ_D)\dh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dh.c + +$(OBJ_D)\enc.obj: $(SRC_D)\apps\enc.c + $(CC) /Fo$(OBJ_D)\enc.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\enc.c + +$(OBJ_D)\gendh.obj: $(SRC_D)\apps\gendh.c + $(CC) /Fo$(OBJ_D)\gendh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendh.c + +$(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c + $(CC) /Fo$(OBJ_D)\errstr.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\errstr.c + +$(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c + $(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c + +$(OBJ_D)\gendsa.obj: $(SRC_D)\apps\gendsa.c + $(CC) /Fo$(OBJ_D)\gendsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendsa.c + +$(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c + $(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c + +$(OBJ_D)\crl2p7.obj: $(SRC_D)\apps\crl2p7.c + $(CC) /Fo$(OBJ_D)\crl2p7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl2p7.c + +$(OBJ_D)\crl.obj: $(SRC_D)\apps\crl.c + $(CC) /Fo$(OBJ_D)\crl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl.c + +$(OBJ_D)\rsa.obj: $(SRC_D)\apps\rsa.c + $(CC) /Fo$(OBJ_D)\rsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\rsa.c + +$(OBJ_D)\dsa.obj: $(SRC_D)\apps\dsa.c + $(CC) /Fo$(OBJ_D)\dsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsa.c + +$(OBJ_D)\dsaparam.obj: $(SRC_D)\apps\dsaparam.c + $(CC) /Fo$(OBJ_D)\dsaparam.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsaparam.c + +$(OBJ_D)\x509.obj: $(SRC_D)\apps\x509.c + $(CC) /Fo$(OBJ_D)\x509.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\x509.c + +$(OBJ_D)\genrsa.obj: $(SRC_D)\apps\genrsa.c + $(CC) /Fo$(OBJ_D)\genrsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\genrsa.c + +$(OBJ_D)\s_server.obj: $(SRC_D)\apps\s_server.c + $(CC) /Fo$(OBJ_D)\s_server.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_server.c + +$(OBJ_D)\s_client.obj: $(SRC_D)\apps\s_client.c + $(CC) /Fo$(OBJ_D)\s_client.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_client.c + +$(OBJ_D)\speed.obj: $(SRC_D)\apps\speed.c + $(CC) /Fo$(OBJ_D)\speed.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\speed.c + +$(OBJ_D)\s_time.obj: $(SRC_D)\apps\s_time.c + $(CC) /Fo$(OBJ_D)\s_time.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_time.c + +$(OBJ_D)\apps.obj: $(SRC_D)\apps\apps.c + $(CC) /Fo$(OBJ_D)\apps.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\apps.c + +$(OBJ_D)\s_cb.obj: $(SRC_D)\apps\s_cb.c + $(CC) /Fo$(OBJ_D)\s_cb.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_cb.c + +$(OBJ_D)\s_socket.obj: $(SRC_D)\apps\s_socket.c + $(CC) /Fo$(OBJ_D)\s_socket.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_socket.c + +$(OBJ_D)\version.obj: $(SRC_D)\apps\version.c + $(CC) /Fo$(OBJ_D)\version.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\version.c + +$(OBJ_D)\sess_id.obj: $(SRC_D)\apps\sess_id.c + $(CC) /Fo$(OBJ_D)\sess_id.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\sess_id.c + +$(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c + $(CC) /Fo$(OBJ_D)\ciphers.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ciphers.c + +$(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c + $(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c + +crypto\bn\asm\x86w32.obj: crypto\bn\asm\x86w32.asm + $(ASM) /Focrypto\bn\asm\x86w32.obj $(SRC_D)\crypto\bn\asm\x86w32.asm + +$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c + $(CC) /Fo$(OBJ_D)\cryptlib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c + +$(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c + $(CC) /Fo$(OBJ_D)\mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mem.c + +$(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c + $(CC) /Fo$(OBJ_D)\cversion.obj $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c + +$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md\md2_dgst.c + $(CC) /Fo$(OBJ_D)\md2_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_dgst.c + +$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md\md5_dgst.c + $(CC) /Fo$(OBJ_D)\md5_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_dgst.c + +$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md\md2_one.c + $(CC) /Fo$(OBJ_D)\md2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md2_one.c + +$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md\md5_one.c + $(CC) /Fo$(OBJ_D)\md5_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\md\md5_one.c + +$(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c + $(CC) /Fo$(OBJ_D)\sha_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c + +$(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c + $(CC) /Fo$(OBJ_D)\sha1dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c + +$(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c + $(CC) /Fo$(OBJ_D)\sha_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c + +$(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c + $(CC) /Fo$(OBJ_D)\sha1_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c + +$(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c + $(CC) /Fo$(OBJ_D)\mdc2dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c + +$(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c + $(CC) /Fo$(OBJ_D)\mdc2_one.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c + +$(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c + $(CC) /Fo$(OBJ_D)\set_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c + +$(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c + $(CC) /Fo$(OBJ_D)\ecb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c + +$(OBJ_D)\ede_enc.obj: $(SRC_D)\crypto\des\ede_enc.c + $(CC) /Fo$(OBJ_D)\ede_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ede_enc.c + +$(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c + $(CC) /Fo$(OBJ_D)\cbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c + +$(OBJ_D)\cbc3_enc.obj: $(SRC_D)\crypto\des\cbc3_enc.c + $(CC) /Fo$(OBJ_D)\cbc3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc3_enc.c + +$(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c + $(CC) /Fo$(OBJ_D)\ecb3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c + +$(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c + $(CC) /Fo$(OBJ_D)\cfb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c + +$(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c + $(CC) /Fo$(OBJ_D)\cfb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c + +$(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c + $(CC) /Fo$(OBJ_D)\cfb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c + +$(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c + $(CC) /Fo$(OBJ_D)\ofb64ede.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c + +$(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c + $(CC) /Fo$(OBJ_D)\enc_read.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c + +$(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c + $(CC) /Fo$(OBJ_D)\enc_writ.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c + +$(OBJ_D)\ncbc_enc.obj: $(SRC_D)\crypto\des\ncbc_enc.c + $(CC) /Fo$(OBJ_D)\ncbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ncbc_enc.c + +$(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c + $(CC) /Fo$(OBJ_D)\ofb64enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c + +$(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c + $(CC) /Fo$(OBJ_D)\ofb_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c + +$(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c + $(CC) /Fo$(OBJ_D)\str2key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c + +$(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c + $(CC) /Fo$(OBJ_D)\pcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c + +$(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c + $(CC) /Fo$(OBJ_D)\qud_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c + +$(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c + $(CC) /Fo$(OBJ_D)\rand_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c + +$(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c + $(CC) /Fo$(OBJ_D)\des_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c + +$(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c + $(CC) /Fo$(OBJ_D)\fcrypt_b.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c + +$(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c + $(CC) /Fo$(OBJ_D)\read2pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c + +$(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c + $(CC) /Fo$(OBJ_D)\fcrypt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c + +$(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c + $(CC) /Fo$(OBJ_D)\xcbc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c + +$(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c + $(CC) /Fo$(OBJ_D)\read_pwd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c + +$(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c + $(CC) /Fo$(OBJ_D)\rpc_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c + +$(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c + $(CC) /Fo$(OBJ_D)\cbc_cksm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c + +$(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c + $(CC) /Fo$(OBJ_D)\supp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c + +$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c + $(CC) /Fo$(OBJ_D)\rc4_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c + +$(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c + $(CC) /Fo$(OBJ_D)\rc2_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c + +$(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c + $(CC) /Fo$(OBJ_D)\rc2_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c + +$(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c + $(CC) /Fo$(OBJ_D)\rc2_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c + +$(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c + $(CC) /Fo$(OBJ_D)\rc2cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c + +$(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c + $(CC) /Fo$(OBJ_D)\rc2ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c + +$(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c + $(CC) /Fo$(OBJ_D)\i_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c + +$(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c + $(CC) /Fo$(OBJ_D)\i_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c + +$(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c + $(CC) /Fo$(OBJ_D)\i_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c + +$(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c + $(CC) /Fo$(OBJ_D)\i_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c + +$(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c + $(CC) /Fo$(OBJ_D)\i_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c + +$(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c + $(CC) /Fo$(OBJ_D)\bf_skey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c + +$(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c + $(CC) /Fo$(OBJ_D)\bf_ecb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c + +$(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c + $(CC) /Fo$(OBJ_D)\bf_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c + +$(OBJ_D)\bf_cbc.obj: $(SRC_D)\crypto\bf\bf_cbc.c + $(CC) /Fo$(OBJ_D)\bf_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cbc.c + +$(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c + $(CC) /Fo$(OBJ_D)\bf_cfb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c + +$(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c + $(CC) /Fo$(OBJ_D)\bf_ofb64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c + +$(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c + $(CC) /Fo$(OBJ_D)\bn_add.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c + +$(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c + $(CC) /Fo$(OBJ_D)\bn_div.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c + +$(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c + $(CC) /Fo$(OBJ_D)\bn_exp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c + +$(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c + $(CC) /Fo$(OBJ_D)\bn_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c + +$(OBJ_D)\bn_mod.obj: $(SRC_D)\crypto\bn\bn_mod.c + $(CC) /Fo$(OBJ_D)\bn_mod.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c + +$(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c + $(CC) /Fo$(OBJ_D)\bn_mul.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c + +$(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c + $(CC) /Fo$(OBJ_D)\bn_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c + +$(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c + $(CC) /Fo$(OBJ_D)\bn_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c + +$(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c + $(CC) /Fo$(OBJ_D)\bn_shift.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c + +$(OBJ_D)\bn_sub.obj: $(SRC_D)\crypto\bn\bn_sub.c + $(CC) /Fo$(OBJ_D)\bn_sub.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c + +$(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c + $(CC) /Fo$(OBJ_D)\bn_word.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c + +$(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c + $(CC) /Fo$(OBJ_D)\bn_gcd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c + +$(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c + $(CC) /Fo$(OBJ_D)\bn_prime.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c + +$(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c + $(CC) /Fo$(OBJ_D)\bn_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c + +$(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c + $(CC) /Fo$(OBJ_D)\bn_sqr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c + +$(OBJ_D)\bn_mulw.obj: $(SRC_D)\crypto\bn\bn_mulw.c + $(CC) /Fo$(OBJ_D)\bn_mulw.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c + +$(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c + $(CC) /Fo$(OBJ_D)\bn_recp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c + +$(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c + $(CC) /Fo$(OBJ_D)\bn_mont.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c + +$(OBJ_D)\rsa_enc.obj: $(SRC_D)\crypto\rsa\rsa_enc.c + $(CC) /Fo$(OBJ_D)\rsa_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_enc.c + +$(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c + $(CC) /Fo$(OBJ_D)\rsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c + +$(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c + $(CC) /Fo$(OBJ_D)\rsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c + +$(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c + $(CC) /Fo$(OBJ_D)\rsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c + +$(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c + $(CC) /Fo$(OBJ_D)\rsa_saos.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c + +$(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c + $(CC) /Fo$(OBJ_D)\rsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c + +$(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c + $(CC) /Fo$(OBJ_D)\dsa_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c + +$(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c + $(CC) /Fo$(OBJ_D)\dsa_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c + +$(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c + $(CC) /Fo$(OBJ_D)\dsa_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c + +$(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c + $(CC) /Fo$(OBJ_D)\dsa_vrf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c + +$(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c + $(CC) /Fo$(OBJ_D)\dsa_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c + +$(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c + $(CC) /Fo$(OBJ_D)\dsa_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c + +$(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c + $(CC) /Fo$(OBJ_D)\dh_gen.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c + +$(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c + $(CC) /Fo$(OBJ_D)\dh_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c + +$(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c + $(CC) /Fo$(OBJ_D)\dh_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c + +$(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c + $(CC) /Fo$(OBJ_D)\dh_check.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c + +$(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c + $(CC) /Fo$(OBJ_D)\dh_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c + +$(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c + $(CC) /Fo$(OBJ_D)\buffer.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c + +$(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c + $(CC) /Fo$(OBJ_D)\buf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c + +$(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c + $(CC) /Fo$(OBJ_D)\bio_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c + +$(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c + $(CC) /Fo$(OBJ_D)\bio_cb.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c + +$(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c + $(CC) /Fo$(OBJ_D)\bio_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c + +$(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c + $(CC) /Fo$(OBJ_D)\bss_mem.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c + +$(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c + $(CC) /Fo$(OBJ_D)\bss_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c + +$(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c + $(CC) /Fo$(OBJ_D)\bss_fd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c + +$(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c + $(CC) /Fo$(OBJ_D)\bss_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c + +$(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c + $(CC) /Fo$(OBJ_D)\bss_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c + +$(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c + $(CC) /Fo$(OBJ_D)\bss_conn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c + +$(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c + $(CC) /Fo$(OBJ_D)\bf_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c + +$(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c + $(CC) /Fo$(OBJ_D)\bf_buff.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c + +$(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c + $(CC) /Fo$(OBJ_D)\b_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c + +$(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c + $(CC) /Fo$(OBJ_D)\b_dump.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c + +$(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c + $(CC) /Fo$(OBJ_D)\b_sock.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c + +$(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c + $(CC) /Fo$(OBJ_D)\bss_acpt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c + +$(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c + $(CC) /Fo$(OBJ_D)\bf_nbio.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c + +$(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c + $(CC) /Fo$(OBJ_D)\stack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c + +$(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c + $(CC) /Fo$(OBJ_D)\lhash.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c + +$(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c + $(CC) /Fo$(OBJ_D)\lh_stats.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c + +$(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c + $(CC) /Fo$(OBJ_D)\md_rand.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c + +$(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c + $(CC) /Fo$(OBJ_D)\randfile.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c + +$(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c + $(CC) /Fo$(OBJ_D)\err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c + +$(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c + $(CC) /Fo$(OBJ_D)\err_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c + +$(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c + $(CC) /Fo$(OBJ_D)\err_prn.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c + +$(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c + $(CC) /Fo$(OBJ_D)\obj_dat.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c + +$(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c + $(CC) /Fo$(OBJ_D)\obj_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c + +$(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c + $(CC) /Fo$(OBJ_D)\obj_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c + +$(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c + $(CC) /Fo$(OBJ_D)\encode.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c + +$(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c + $(CC) /Fo$(OBJ_D)\digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c + +$(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c + $(CC) /Fo$(OBJ_D)\evp_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c + +$(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c + $(CC) /Fo$(OBJ_D)\evp_key.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c + +$(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c + $(CC) /Fo$(OBJ_D)\e_ecb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c + +$(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c + $(CC) /Fo$(OBJ_D)\e_cbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c + +$(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c + $(CC) /Fo$(OBJ_D)\e_cfb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c + +$(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c + $(CC) /Fo$(OBJ_D)\e_ofb_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c + +$(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c + $(CC) /Fo$(OBJ_D)\e_ecb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c + +$(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c + $(CC) /Fo$(OBJ_D)\e_cbc_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c + +$(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c + $(CC) /Fo$(OBJ_D)\e_cfb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c + +$(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c + $(CC) /Fo$(OBJ_D)\e_ofb_i.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c + +$(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c + $(CC) /Fo$(OBJ_D)\e_ecb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c + +$(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c + $(CC) /Fo$(OBJ_D)\e_cbc_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c + +$(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c + $(CC) /Fo$(OBJ_D)\e_rc4.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c + +$(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c + $(CC) /Fo$(OBJ_D)\names.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c + +$(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c + $(CC) /Fo$(OBJ_D)\e_cfb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c + +$(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c + $(CC) /Fo$(OBJ_D)\e_ofb_3d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c + +$(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c + $(CC) /Fo$(OBJ_D)\e_xcbc_d.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c + +$(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c + $(CC) /Fo$(OBJ_D)\e_ecb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c + +$(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c + $(CC) /Fo$(OBJ_D)\e_cbc_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c + +$(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c + $(CC) /Fo$(OBJ_D)\e_cfb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c + +$(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c + $(CC) /Fo$(OBJ_D)\e_ofb_r2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c + +$(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c + $(CC) /Fo$(OBJ_D)\e_ecb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c + +$(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c + $(CC) /Fo$(OBJ_D)\e_cbc_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c + +$(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c + $(CC) /Fo$(OBJ_D)\e_cfb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c + +$(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c + $(CC) /Fo$(OBJ_D)\e_ofb_bf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c + +$(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c + $(CC) /Fo$(OBJ_D)\m_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c + +$(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c + $(CC) /Fo$(OBJ_D)\m_md2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c + +$(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c + $(CC) /Fo$(OBJ_D)\m_md5.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c + +$(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c + $(CC) /Fo$(OBJ_D)\m_sha.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c + +$(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c + $(CC) /Fo$(OBJ_D)\m_sha1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c + +$(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c + $(CC) /Fo$(OBJ_D)\m_dss.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c + +$(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c + $(CC) /Fo$(OBJ_D)\m_dss1.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c + +$(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c + $(CC) /Fo$(OBJ_D)\m_mdc2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c + +$(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c + $(CC) /Fo$(OBJ_D)\p_open.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c + +$(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c + $(CC) /Fo$(OBJ_D)\p_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c + +$(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c + $(CC) /Fo$(OBJ_D)\p_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c + +$(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c + $(CC) /Fo$(OBJ_D)\p_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c + +$(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c + $(CC) /Fo$(OBJ_D)\p_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c + +$(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c + $(CC) /Fo$(OBJ_D)\bio_md.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c + +$(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c + $(CC) /Fo$(OBJ_D)\bio_b64.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c + +$(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c + $(CC) /Fo$(OBJ_D)\bio_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c + +$(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c + $(CC) /Fo$(OBJ_D)\evp_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c + +$(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c + $(CC) /Fo$(OBJ_D)\e_null.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c + +$(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c + $(CC) /Fo$(OBJ_D)\c_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c + +$(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c + $(CC) /Fo$(OBJ_D)\pem_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c + +$(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c + $(CC) /Fo$(OBJ_D)\pem_seal.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c + +$(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c + $(CC) /Fo$(OBJ_D)\pem_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c + +$(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c + $(CC) /Fo$(OBJ_D)\pem_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c + +$(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c + $(CC) /Fo$(OBJ_D)\pem_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c + +$(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c + $(CC) /Fo$(OBJ_D)\pem_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c + +$(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c + $(CC) /Fo$(OBJ_D)\a_object.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c + +$(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c + $(CC) /Fo$(OBJ_D)\a_bitstr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c + +$(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c + $(CC) /Fo$(OBJ_D)\a_utctm.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c + +$(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c + $(CC) /Fo$(OBJ_D)\a_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c + +$(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c + $(CC) /Fo$(OBJ_D)\a_octet.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c + +$(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c + $(CC) /Fo$(OBJ_D)\a_print.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c + +$(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c + $(CC) /Fo$(OBJ_D)\a_type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c + +$(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c + $(CC) /Fo$(OBJ_D)\a_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c + +$(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c + $(CC) /Fo$(OBJ_D)\a_dup.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c + +$(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c + $(CC) /Fo$(OBJ_D)\a_d2i_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c + +$(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c + $(CC) /Fo$(OBJ_D)\a_i2d_fp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c + +$(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c + $(CC) /Fo$(OBJ_D)\a_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c + +$(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c + $(CC) /Fo$(OBJ_D)\a_digest.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c + +$(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c + $(CC) /Fo$(OBJ_D)\a_verify.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c + +$(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c + $(CC) /Fo$(OBJ_D)\x_algor.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c + +$(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c + $(CC) /Fo$(OBJ_D)\x_val.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c + +$(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c + $(CC) /Fo$(OBJ_D)\x_pubkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c + +$(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c + $(CC) /Fo$(OBJ_D)\x_sig.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c + +$(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c + $(CC) /Fo$(OBJ_D)\x_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c + +$(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c + $(CC) /Fo$(OBJ_D)\x_attrib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c + +$(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c + $(CC) /Fo$(OBJ_D)\x_name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c + +$(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c + $(CC) /Fo$(OBJ_D)\x_cinf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c + +$(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c + $(CC) /Fo$(OBJ_D)\x_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c + +$(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c + $(CC) /Fo$(OBJ_D)\x_crl.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c + +$(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c + $(CC) /Fo$(OBJ_D)\x_info.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c + +$(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c + $(CC) /Fo$(OBJ_D)\x_spki.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c + +$(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c + $(CC) /Fo$(OBJ_D)\d2i_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c + +$(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c + $(CC) /Fo$(OBJ_D)\i2d_r_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c + +$(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c + $(CC) /Fo$(OBJ_D)\d2i_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c + +$(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c + $(CC) /Fo$(OBJ_D)\i2d_r_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c + +$(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c + $(CC) /Fo$(OBJ_D)\d2i_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c + +$(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c + $(CC) /Fo$(OBJ_D)\i2d_s_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c + +$(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c + $(CC) /Fo$(OBJ_D)\d2i_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c + +$(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c + $(CC) /Fo$(OBJ_D)\i2d_s_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c + +$(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c + $(CC) /Fo$(OBJ_D)\d2i_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c + +$(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c + $(CC) /Fo$(OBJ_D)\d2i_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c + +$(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c + $(CC) /Fo$(OBJ_D)\i2d_pu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c + +$(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c + $(CC) /Fo$(OBJ_D)\i2d_pr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c + +$(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c + $(CC) /Fo$(OBJ_D)\t_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c + +$(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c + $(CC) /Fo$(OBJ_D)\t_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c + +$(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c + $(CC) /Fo$(OBJ_D)\t_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c + +$(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c + $(CC) /Fo$(OBJ_D)\p7_i_s.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c + +$(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c + $(CC) /Fo$(OBJ_D)\p7_signi.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c + +$(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c + $(CC) /Fo$(OBJ_D)\p7_signd.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c + +$(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c + $(CC) /Fo$(OBJ_D)\p7_recip.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c + +$(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c + $(CC) /Fo$(OBJ_D)\p7_enc_c.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c + +$(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c + $(CC) /Fo$(OBJ_D)\p7_evp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c + +$(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c + $(CC) /Fo$(OBJ_D)\p7_dgst.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c + +$(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c + $(CC) /Fo$(OBJ_D)\p7_s_e.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c + +$(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c + $(CC) /Fo$(OBJ_D)\p7_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c + +$(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c + $(CC) /Fo$(OBJ_D)\p7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c + +$(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c + $(CC) /Fo$(OBJ_D)\f_int.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c + +$(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c + $(CC) /Fo$(OBJ_D)\f_string.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c + +$(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c + $(CC) /Fo$(OBJ_D)\i2d_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c + +$(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c + $(CC) /Fo$(OBJ_D)\i2d_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c + +$(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c + $(CC) /Fo$(OBJ_D)\d2i_dhp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c + +$(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c + $(CC) /Fo$(OBJ_D)\d2i_dsap.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c + +$(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c + $(CC) /Fo$(OBJ_D)\n_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c + +$(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c + $(CC) /Fo$(OBJ_D)\a_hdr.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c + +$(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c + $(CC) /Fo$(OBJ_D)\x_pkey.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c + +$(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c + $(CC) /Fo$(OBJ_D)\a_bool.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c + +$(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c + $(CC) /Fo$(OBJ_D)\x_exten.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c + +$(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c + $(CC) /Fo$(OBJ_D)\asn1_par.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c + +$(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c + $(CC) /Fo$(OBJ_D)\asn1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c + +$(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c + $(CC) /Fo$(OBJ_D)\asn1_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c + +$(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c + $(CC) /Fo$(OBJ_D)\a_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c + +$(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c + $(CC) /Fo$(OBJ_D)\a_bytes.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c + +$(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c + $(CC) /Fo$(OBJ_D)\x509_def.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c + +$(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c + $(CC) /Fo$(OBJ_D)\x509_d2.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c + +$(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c + $(CC) /Fo$(OBJ_D)\x509_r2x.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c + +$(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c + $(CC) /Fo$(OBJ_D)\x509_cmp.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c + +$(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c + $(CC) /Fo$(OBJ_D)\x509_obj.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c + +$(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c + $(CC) /Fo$(OBJ_D)\x509_req.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c + +$(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c + $(CC) /Fo$(OBJ_D)\x509_vfy.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c + +$(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c + $(CC) /Fo$(OBJ_D)\x509_set.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c + +$(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c + $(CC) /Fo$(OBJ_D)\x509rset.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c + +$(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c + $(CC) /Fo$(OBJ_D)\x509_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c + +$(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c + $(CC) /Fo$(OBJ_D)\x509name.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c + +$(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c + $(CC) /Fo$(OBJ_D)\x509_v3.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c + +$(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c + $(CC) /Fo$(OBJ_D)\x509_ext.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c + +$(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c + $(CC) /Fo$(OBJ_D)\x509pack.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c + +$(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c + $(CC) /Fo$(OBJ_D)\x509type.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c + +$(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c + $(CC) /Fo$(OBJ_D)\x509_lu.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c + +$(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c + $(CC) /Fo$(OBJ_D)\x_all.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c + +$(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c + $(CC) /Fo$(OBJ_D)\x509_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c + +$(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c + $(CC) /Fo$(OBJ_D)\by_file.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c + +$(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c + $(CC) /Fo$(OBJ_D)\by_dir.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c + +$(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c + $(CC) /Fo$(OBJ_D)\v3_net.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c + +$(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c + $(CC) /Fo$(OBJ_D)\v3_x509.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c + +$(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c + $(CC) /Fo$(OBJ_D)\conf.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c + +$(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c + $(CC) /Fo$(OBJ_D)\conf_err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c + +$(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c + $(CC) /Fo$(OBJ_D)\txt_db.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c + +$(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c + $(CC) /Fo$(OBJ_D)\pk7_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c + +$(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c + $(CC) /Fo$(OBJ_D)\pkcs7err.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c + +$(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c + $(CC) /Fo$(OBJ_D)\pk7_doit.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c + +$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c + $(CC) /Fo$(OBJ_D)\s2_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c + +$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c + $(CC) /Fo$(OBJ_D)\s2_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c + +$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c + $(CC) /Fo$(OBJ_D)\s2_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c + +$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c + $(CC) /Fo$(OBJ_D)\s2_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c + +$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c + $(CC) /Fo$(OBJ_D)\s2_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c + +$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c + $(CC) /Fo$(OBJ_D)\s2_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c + +$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c + $(CC) /Fo$(OBJ_D)\s3_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c + +$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c + $(CC) /Fo$(OBJ_D)\s3_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c + +$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c + $(CC) /Fo$(OBJ_D)\s3_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c + +$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c + $(CC) /Fo$(OBJ_D)\s3_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c + +$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c + $(CC) /Fo$(OBJ_D)\s3_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c + +$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c + $(CC) /Fo$(OBJ_D)\s3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c + +$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c + $(CC) /Fo$(OBJ_D)\s3_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c + +$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c + $(CC) /Fo$(OBJ_D)\s23_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c + +$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c + $(CC) /Fo$(OBJ_D)\s23_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c + +$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c + $(CC) /Fo$(OBJ_D)\s23_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c + +$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c + $(CC) /Fo$(OBJ_D)\s23_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c + +$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c + $(CC) /Fo$(OBJ_D)\s23_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c + +$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c + $(CC) /Fo$(OBJ_D)\ssl_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c + +$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c + $(CC) /Fo$(OBJ_D)\ssl_err2.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c + +$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c + $(CC) /Fo$(OBJ_D)\ssl_cert.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c + +$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c + $(CC) /Fo$(OBJ_D)\ssl_sess.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c + +$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c + $(CC) /Fo$(OBJ_D)\ssl_ciph.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c + +$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c + $(CC) /Fo$(OBJ_D)\ssl_stat.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c + +$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c + $(CC) /Fo$(OBJ_D)\ssl_rsa.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c + +$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c + $(CC) /Fo$(OBJ_D)\ssl_asn1.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c + +$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c + $(CC) /Fo$(OBJ_D)\ssl_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c + +$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c + $(CC) /Fo$(OBJ_D)\ssl_algs.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c + +$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c + $(CC) /Fo$(OBJ_D)\bio_ssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c + +$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c + $(CC) /Fo$(OBJ_D)\ssl_err.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c + +$(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c + $(CC) /Fo$(OBJ_D)\rsaref.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c + +$(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c + $(CC) /Fo$(OBJ_D)\rsar_err.obj $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c + +$(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\md2test.obj + $(TEST_D)\md2test.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\md5test.exe: $(OBJ_D)\md5test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\md5test.obj + $(TEST_D)\md5test.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\shatest.exe: $(OBJ_D)\shatest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\shatest.obj + $(TEST_D)\shatest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\sha1test.exe: $(OBJ_D)\sha1test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\sha1test.obj + $(TEST_D)\sha1test.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj + $(TEST_D)\mdc2test.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\destest.obj + $(TEST_D)\destest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj + $(TEST_D)\rc4test.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj + $(TEST_D)\rc2test.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\ideatest.obj + $(TEST_D)\ideatest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\bftest.obj + $(TEST_D)\bftest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\bntest.obj + $(TEST_D)\bntest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\exptest.exe: $(OBJ_D)\exptest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\exptest.obj + $(TEST_D)\exptest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\dsatest.exe: $(OBJ_D)\dsatest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\dsatest.obj + $(TEST_D)\dsatest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\dhtest.exe: $(OBJ_D)\dhtest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\dhtest.obj + $(TEST_D)\dhtest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\randtest.exe: $(OBJ_D)\randtest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\randtest.obj + $(TEST_D)\randtest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(TEST_D)\ssltest.exe: $(OBJ_D)\ssltest.obj $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) $(OBJ_D)\ssltest.obj + $(TEST_D)\ssltest.exe + + $(L_LIBS) $(EX_LIBS) + +<< + +$(O_SSL): $(SSLOBJ) + $(LINK) $(MLFLAGS) @<< + $(SHLIB_EX_OBJ) + + $(OBJ_D)\bio_ssl.obj + + $(OBJ_D)\s23_clnt.obj + + $(OBJ_D)\s23_lib.obj + + $(OBJ_D)\s23_meth.obj + + $(OBJ_D)\s23_pkt.obj + + $(OBJ_D)\s23_srvr.obj + + $(OBJ_D)\s2_clnt.obj + + $(OBJ_D)\s2_enc.obj + + $(OBJ_D)\s2_lib.obj + + $(OBJ_D)\s2_meth.obj + + $(OBJ_D)\s2_pkt.obj + + $(OBJ_D)\s2_srvr.obj + + $(OBJ_D)\s3_both.obj + + $(OBJ_D)\s3_clnt.obj + + $(OBJ_D)\s3_enc.obj + + $(OBJ_D)\s3_lib.obj + + $(OBJ_D)\s3_meth.obj + + $(OBJ_D)\s3_pkt.obj + + $(OBJ_D)\s3_srvr.obj + + $(OBJ_D)\ssl_algs.obj + + $(OBJ_D)\ssl_asn1.obj + + $(OBJ_D)\ssl_cert.obj + + $(OBJ_D)\ssl_ciph.obj + + $(OBJ_D)\ssl_err.obj + + $(OBJ_D)\ssl_err2.obj + + $(OBJ_D)\ssl_lib.obj + + $(OBJ_D)\ssl_rsa.obj + + $(OBJ_D)\ssl_sess.obj + + $(OBJ_D)\ssl_stat.obj + + $(OBJ_D)\ssl_txt.obj + + + $(O_SSL) + + $(L_CRYPTO) winsock oldnames ldllcew libw +ms\ssleay16.def; +<< + implib /noignorecase /nowep $(L_SSL) $(O_SSL) + +$(O_RSAGLUE): $(RSAGLUEOBJ) + del $(O_RSAGLUE) + $(MKLIB) @<< +$(O_RSAGLUE) +y ++$(OBJ_D)\rsar_err.obj & ++$(OBJ_D)\rsaref.obj & + + +<< + +$(O_CRYPTO): $(CRYPTOOBJ) + $(LINK) $(MLFLAGS) @<< + $(SHLIB_EX_OBJ) + + $(BN_MULW_OBJ) + + $(OBJ_D)\a_bitstr.obj + + $(OBJ_D)\a_bool.obj + + $(OBJ_D)\a_bytes.obj + + $(OBJ_D)\a_d2i_fp.obj + + $(OBJ_D)\a_digest.obj + + $(OBJ_D)\a_dup.obj + + $(OBJ_D)\a_hdr.obj + + $(OBJ_D)\a_i2d_fp.obj + + $(OBJ_D)\a_int.obj + + $(OBJ_D)\a_meth.obj + + $(OBJ_D)\a_object.obj + + $(OBJ_D)\a_octet.obj + + $(OBJ_D)\a_print.obj + + $(OBJ_D)\a_set.obj + + $(OBJ_D)\a_sign.obj + + $(OBJ_D)\a_type.obj + + $(OBJ_D)\a_utctm.obj + + $(OBJ_D)\a_verify.obj + + $(OBJ_D)\asn1_err.obj + + $(OBJ_D)\asn1_lib.obj + + $(OBJ_D)\asn1_par.obj + + $(OBJ_D)\b_dump.obj + + $(OBJ_D)\b_print.obj + + $(OBJ_D)\b_sock.obj + + $(OBJ_D)\bf_buff.obj + + $(OBJ_D)\bf_cbc.obj + + $(OBJ_D)\bf_cfb64.obj + + $(OBJ_D)\bf_ecb.obj + + $(OBJ_D)\bf_enc.obj + + $(OBJ_D)\bf_nbio.obj + + $(OBJ_D)\bf_null.obj + + $(OBJ_D)\bf_ofb64.obj + + $(OBJ_D)\bf_skey.obj + + $(OBJ_D)\bio_b64.obj + + $(OBJ_D)\bio_cb.obj + + $(OBJ_D)\bio_enc.obj + + $(OBJ_D)\bio_err.obj + + $(OBJ_D)\bio_lib.obj + + $(OBJ_D)\bio_md.obj + + $(OBJ_D)\bn_add.obj + + $(OBJ_D)\bn_div.obj + + $(OBJ_D)\bn_err.obj + + $(OBJ_D)\bn_exp.obj + + $(OBJ_D)\bn_gcd.obj + + $(OBJ_D)\bn_lib.obj + + $(OBJ_D)\bn_mod.obj + + $(OBJ_D)\bn_mont.obj + + $(OBJ_D)\bn_mul.obj + + $(OBJ_D)\bn_prime.obj + + $(OBJ_D)\bn_print.obj + + $(OBJ_D)\bn_rand.obj + + $(OBJ_D)\bn_recp.obj + + $(OBJ_D)\bn_shift.obj + + $(OBJ_D)\bn_sqr.obj + + $(OBJ_D)\bn_sub.obj + + $(OBJ_D)\bn_word.obj + + $(OBJ_D)\bss_acpt.obj + + $(OBJ_D)\bss_conn.obj + + $(OBJ_D)\bss_fd.obj + + $(OBJ_D)\bss_file.obj + + $(OBJ_D)\bss_mem.obj + + $(OBJ_D)\bss_null.obj + + $(OBJ_D)\bss_sock.obj + + $(OBJ_D)\buf_err.obj + + $(OBJ_D)\buffer.obj + + $(OBJ_D)\by_dir.obj + + $(OBJ_D)\by_file.obj + + $(OBJ_D)\c_all.obj + + $(OBJ_D)\cbc3_enc.obj + + $(OBJ_D)\cbc_cksm.obj + + $(OBJ_D)\cbc_enc.obj + + $(OBJ_D)\cfb64ede.obj + + $(OBJ_D)\cfb64enc.obj + + $(OBJ_D)\cfb_enc.obj + + $(OBJ_D)\conf.obj + + $(OBJ_D)\conf_err.obj + + $(OBJ_D)\cryptlib.obj + + $(OBJ_D)\cversion.obj + + $(OBJ_D)\d2i_dhp.obj + + $(OBJ_D)\d2i_dsap.obj + + $(OBJ_D)\d2i_pr.obj + + $(OBJ_D)\d2i_pu.obj + + $(OBJ_D)\d2i_r_pr.obj + + $(OBJ_D)\d2i_r_pu.obj + + $(OBJ_D)\d2i_s_pr.obj + + $(OBJ_D)\d2i_s_pu.obj + + $(OBJ_D)\des_enc.obj + + $(OBJ_D)\dh_check.obj + + $(OBJ_D)\dh_err.obj + + $(OBJ_D)\dh_gen.obj + + $(OBJ_D)\dh_key.obj + + $(OBJ_D)\dh_lib.obj + + $(OBJ_D)\digest.obj + + $(OBJ_D)\dsa_err.obj + + $(OBJ_D)\dsa_gen.obj + + $(OBJ_D)\dsa_key.obj + + $(OBJ_D)\dsa_lib.obj + + $(OBJ_D)\dsa_sign.obj + + $(OBJ_D)\dsa_vrf.obj + + $(OBJ_D)\e_cbc_3d.obj + + $(OBJ_D)\e_cbc_bf.obj + + $(OBJ_D)\e_cbc_d.obj + + $(OBJ_D)\e_cbc_i.obj + + $(OBJ_D)\e_cbc_r2.obj + + $(OBJ_D)\e_cfb_3d.obj + + $(OBJ_D)\e_cfb_bf.obj + + $(OBJ_D)\e_cfb_d.obj + + $(OBJ_D)\e_cfb_i.obj + + $(OBJ_D)\e_cfb_r2.obj + + $(OBJ_D)\e_ecb_3d.obj + + $(OBJ_D)\e_ecb_bf.obj + + $(OBJ_D)\e_ecb_d.obj + + $(OBJ_D)\e_ecb_i.obj + + $(OBJ_D)\e_ecb_r2.obj + + $(OBJ_D)\e_null.obj + + $(OBJ_D)\e_ofb_3d.obj + + $(OBJ_D)\e_ofb_bf.obj + + $(OBJ_D)\e_ofb_d.obj + + $(OBJ_D)\e_ofb_i.obj + + $(OBJ_D)\e_ofb_r2.obj + + $(OBJ_D)\e_rc4.obj + + $(OBJ_D)\e_xcbc_d.obj + + $(OBJ_D)\ecb3_enc.obj + + $(OBJ_D)\ecb_enc.obj + + $(OBJ_D)\ede_enc.obj + + $(OBJ_D)\enc_read.obj + + $(OBJ_D)\enc_writ.obj + + $(OBJ_D)\encode.obj + + $(OBJ_D)\err.obj + + $(OBJ_D)\err_all.obj + + $(OBJ_D)\err_prn.obj + + $(OBJ_D)\evp_enc.obj + + $(OBJ_D)\evp_err.obj + + $(OBJ_D)\evp_key.obj + + $(OBJ_D)\f_int.obj + + $(OBJ_D)\f_string.obj + + $(OBJ_D)\fcrypt.obj + + $(OBJ_D)\fcrypt_b.obj + + $(OBJ_D)\i2d_dhp.obj + + $(OBJ_D)\i2d_dsap.obj + + $(OBJ_D)\i2d_pr.obj + + $(OBJ_D)\i2d_pu.obj + + $(OBJ_D)\i2d_r_pr.obj + + $(OBJ_D)\i2d_r_pu.obj + + $(OBJ_D)\i2d_s_pr.obj + + $(OBJ_D)\i2d_s_pu.obj + + $(OBJ_D)\i_cbc.obj + + $(OBJ_D)\i_cfb64.obj + + $(OBJ_D)\i_ecb.obj + + $(OBJ_D)\i_ofb64.obj + + $(OBJ_D)\i_skey.obj + + $(OBJ_D)\lh_stats.obj + + $(OBJ_D)\lhash.obj + + $(OBJ_D)\m_dss.obj + + $(OBJ_D)\m_dss1.obj + + $(OBJ_D)\m_md2.obj + + $(OBJ_D)\m_md5.obj + + $(OBJ_D)\m_mdc2.obj + + $(OBJ_D)\m_null.obj + + $(OBJ_D)\m_sha.obj + + $(OBJ_D)\m_sha1.obj + + $(OBJ_D)\md2_dgst.obj + + $(OBJ_D)\md2_one.obj + + $(OBJ_D)\md5_dgst.obj + + $(OBJ_D)\md5_one.obj + + $(OBJ_D)\md_rand.obj + + $(OBJ_D)\mdc2_one.obj + + $(OBJ_D)\mdc2dgst.obj + + $(OBJ_D)\mem.obj + + $(OBJ_D)\n_pkey.obj + + $(OBJ_D)\names.obj + + $(OBJ_D)\ncbc_enc.obj + + $(OBJ_D)\obj_dat.obj + + $(OBJ_D)\obj_err.obj + + $(OBJ_D)\obj_lib.obj + + $(OBJ_D)\ofb64ede.obj + + $(OBJ_D)\ofb64enc.obj + + $(OBJ_D)\ofb_enc.obj + + $(OBJ_D)\p7_dgst.obj + + $(OBJ_D)\p7_enc.obj + + $(OBJ_D)\p7_enc_c.obj + + $(OBJ_D)\p7_evp.obj + + $(OBJ_D)\p7_i_s.obj + + $(OBJ_D)\p7_lib.obj + + $(OBJ_D)\p7_recip.obj + + $(OBJ_D)\p7_s_e.obj + + $(OBJ_D)\p7_signd.obj + + $(OBJ_D)\p7_signi.obj + + $(OBJ_D)\p_lib.obj + + $(OBJ_D)\p_open.obj + + $(OBJ_D)\p_seal.obj + + $(OBJ_D)\p_sign.obj + + $(OBJ_D)\p_verify.obj + + $(OBJ_D)\pcbc_enc.obj + + $(OBJ_D)\pem_all.obj + + $(OBJ_D)\pem_err.obj + + $(OBJ_D)\pem_info.obj + + $(OBJ_D)\pem_lib.obj + + $(OBJ_D)\pem_seal.obj + + $(OBJ_D)\pem_sign.obj + + $(OBJ_D)\pk7_doit.obj + + $(OBJ_D)\pk7_lib.obj + + $(OBJ_D)\pkcs7err.obj + + $(OBJ_D)\qud_cksm.obj + + $(OBJ_D)\rand_key.obj + + $(OBJ_D)\randfile.obj + + $(OBJ_D)\rc2_cbc.obj + + $(OBJ_D)\rc2_ecb.obj + + $(OBJ_D)\rc2_skey.obj + + $(OBJ_D)\rc2cfb64.obj + + $(OBJ_D)\rc2ofb64.obj + + $(OBJ_D)\rc4_enc.obj + + $(OBJ_D)\read2pwd.obj + + $(OBJ_D)\read_pwd.obj + + $(OBJ_D)\rpc_enc.obj + + $(OBJ_D)\rsa_enc.obj + + $(OBJ_D)\rsa_err.obj + + $(OBJ_D)\rsa_gen.obj + + $(OBJ_D)\rsa_lib.obj + + $(OBJ_D)\rsa_saos.obj + + $(OBJ_D)\rsa_sign.obj + + $(OBJ_D)\set_key.obj + + $(OBJ_D)\sha1_one.obj + + $(OBJ_D)\sha1dgst.obj + + $(OBJ_D)\sha_dgst.obj + + $(OBJ_D)\sha_one.obj + + $(OBJ_D)\stack.obj + + $(OBJ_D)\str2key.obj + + $(OBJ_D)\supp.obj + + $(OBJ_D)\t_pkey.obj + + $(OBJ_D)\t_req.obj + + $(OBJ_D)\t_x509.obj + + $(OBJ_D)\txt_db.obj + + $(OBJ_D)\v3_net.obj + + $(OBJ_D)\v3_x509.obj + + $(OBJ_D)\x509_cmp.obj + + $(OBJ_D)\x509_d2.obj + + $(OBJ_D)\x509_def.obj + + $(OBJ_D)\x509_err.obj + + $(OBJ_D)\x509_ext.obj + + $(OBJ_D)\x509_lu.obj + + $(OBJ_D)\x509_obj.obj + + $(OBJ_D)\x509_r2x.obj + + $(OBJ_D)\x509_req.obj + + $(OBJ_D)\x509_set.obj + + $(OBJ_D)\x509_txt.obj + + $(OBJ_D)\x509_v3.obj + + $(OBJ_D)\x509_vfy.obj + + $(OBJ_D)\x509name.obj + + $(OBJ_D)\x509pack.obj + + $(OBJ_D)\x509rset.obj + + $(OBJ_D)\x509type.obj + + $(OBJ_D)\x_algor.obj + + $(OBJ_D)\x_all.obj + + $(OBJ_D)\x_attrib.obj + + $(OBJ_D)\x_cinf.obj + + $(OBJ_D)\x_crl.obj + + $(OBJ_D)\x_exten.obj + + $(OBJ_D)\x_info.obj + + $(OBJ_D)\x_name.obj + + $(OBJ_D)\x_pkey.obj + + $(OBJ_D)\x_pubkey.obj + + $(OBJ_D)\x_req.obj + + $(OBJ_D)\x_sig.obj + + $(OBJ_D)\x_spki.obj + + $(OBJ_D)\x_val.obj + + $(OBJ_D)\x_x509.obj + + $(OBJ_D)\xcbc_enc.obj + + + $(O_CRYPTO) + + winsock oldnames ldllcew libw +ms\libeay16.def; +<< + implib /noignorecase /nowep $(L_CRYPTO) $(O_CRYPTO) + +$(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP) + $(LINK) $(LFLAGS) @<< + $(APP_EX_OBJ) + + $(OBJ_D)\apps.obj + + $(OBJ_D)\asn1pars.obj + + $(OBJ_D)\ca.obj + + $(OBJ_D)\ciphers.obj + + $(OBJ_D)\crl.obj + + $(OBJ_D)\crl2p7.obj + + $(OBJ_D)\dgst.obj + + $(OBJ_D)\dh.obj + + $(OBJ_D)\dsa.obj + + $(OBJ_D)\dsaparam.obj + + $(OBJ_D)\enc.obj + + $(OBJ_D)\errstr.obj + + $(OBJ_D)\gendh.obj + + $(OBJ_D)\gendsa.obj + + $(OBJ_D)\genrsa.obj + + $(OBJ_D)\pkcs7.obj + + $(OBJ_D)\req.obj + + $(OBJ_D)\rsa.obj + + $(OBJ_D)\s_cb.obj + + $(OBJ_D)\s_client.obj + + $(OBJ_D)\s_server.obj + + $(OBJ_D)\s_socket.obj + + $(OBJ_D)\s_time.obj + + $(OBJ_D)\sess_id.obj + + $(OBJ_D)\speed.obj + + $(OBJ_D)\ssleay.obj + + $(OBJ_D)\verify.obj + + $(OBJ_D)\version.obj + + $(OBJ_D)\x509.obj + + + $(BIN_D)\$(E_EXE).exe + + $(L_LIBS) $(EX_LIBS) + +<< + diff --git a/mt/README b/mt/README new file mode 100644 index 0000000000000000000000000000000000000000..fc933c31c1fe515ee8f0fb78fc8aa6f826cd3364 --- /dev/null +++ b/mt/README @@ -0,0 +1,10 @@ +Mutithreading testing area. + +Since this stuff is very very platorm specific, this is not part of the +normal build. Have a read of doc/threads.doc. + +mttest will do some testing and will currently build under Windows NT/95 +and solaris. The IRIX stuff is not finished. + +I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1) +and things seem to work ok. diff --git a/mt/mttest.c b/mt/mttest.c new file mode 100644 index 0000000000000000000000000000000000000000..3a927a293754129acd4706fd0227684eec8855c6 --- /dev/null +++ b/mt/mttest.c @@ -0,0 +1,1005 @@ +/* mt/mttest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#ifdef LINUX +#include +#endif +#ifdef WIN32 +#include +#endif +#ifdef SOLARIS +#include +#include +#endif +#ifdef IRIX +#include +#include +#endif +#include "lhash.h" +#include "crypto.h" +#include "buffer.h" +#include "../e_os.h" +#include "x509.h" +#include "ssl.h" +#include "err.h" + +#ifdef WIN16 +#define APPS_WIN16 +#include "../crypto/buffer/bss_file.c" +#endif + +#define TEST_SERVER_CERT "../apps/server.pem" +#define TEST_CLIENT_CERT "../apps/client.pem" + +#define MAX_THREAD_NUMBER 100 + +#ifndef NOPROTO +int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth, + int error,char *arg); +void thread_setup(void); +void thread_cleanup(void); +void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx); +void irix_locking_callback(int mode,int type,char *file,int line); +void solaris_locking_callback(int mode,int type,char *file,int line); +void win32_locking_callback(int mode,int type,char *file,int line); +void linux_locking_callback(int mode,int type,char *file,int line); +unsigned long irix_thread_id(void ); +unsigned long solaris_thread_id(void ); +unsigned long linix_thread_id(void ); +#else +int MS_CALLBACK verify_callback(); +void thread_setup(); +void thread_cleanup(); +void do_threads(); +void irix_locking_callback(); +void solaris_locking_callback(); +void win32_locking_callback(); +void linux_locking_callback(); +unsigned long irix_thread_id(); +unsigned long solaris_thread_id(); +unsigned long linix_thread_id(); +#endif + +BIO *bio_err=NULL; +BIO *bio_stdout=NULL; + +static char *cipher=NULL; +int verbose=0; +#ifdef FIONBIO +static int s_nbio=0; +#endif + +int thread_number=10; +int number_of_loops=10; +int reconnect=0; +int cache_stats=0; + +#ifndef NOPROTO +int doit(char *ctx[4]); +#else +int doit(); +#endif + +static void print_stats(fp,ctx) +FILE *fp; +SSL_CTX *ctx; +{ + fprintf(fp,"%4ld items in the session cache\n", + SSL_CTX_sess_number(ctx)); + fprintf(fp,"%4d client connects (SSL_connect())\n", + SSL_CTX_sess_connect(ctx)); + fprintf(fp,"%4d client connects that finished\n", + SSL_CTX_sess_connect_good(ctx)); + fprintf(fp,"%4d server connects (SSL_accept())\n", + SSL_CTX_sess_accept(ctx)); + fprintf(fp,"%4d server connects that finished\n", + SSL_CTX_sess_accept_good(ctx)); + fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx)); + fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx)); + fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx)); + } + +static void sv_usage() + { + fprintf(stderr,"usage: ssltest [args ...]\n"); + fprintf(stderr,"\n"); + fprintf(stderr," -server_auth - check server certificate\n"); + fprintf(stderr," -client_auth - do client authentication\n"); + fprintf(stderr," -v - more output\n"); + fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); + fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); + fprintf(stderr," -threads arg - number of threads\n"); + fprintf(stderr," -loops arg - number of 'connections', per thread\n"); + fprintf(stderr," -reconnect - reuse session-id's\n"); + fprintf(stderr," -stats - server session-id cache stats\n"); + fprintf(stderr," -cert arg - server certificate/key\n"); + fprintf(stderr," -ccert arg - client certificate/key\n"); + fprintf(stderr," -ssl3 - just SSLv3n\n"); + } + +int main(argc, argv) +int argc; +char *argv[]; + { + char *CApath=NULL,*CAfile=NULL; + int badop=0; + int ret=1; + int client_auth=0; + int server_auth=0; + SSL_CTX *s_ctx=NULL; + SSL_CTX *c_ctx=NULL; + char *scert=TEST_SERVER_CERT; + char *ccert=TEST_CLIENT_CERT; + SSL_METHOD *ssl_method=SSLv23_method(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (bio_stdout == NULL) + bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); + argc--; + argv++; + + while (argc >= 1) + { + if (strcmp(*argv,"-server_auth") == 0) + server_auth=1; + else if (strcmp(*argv,"-client_auth") == 0) + client_auth=1; + else if (strcmp(*argv,"-reconnect") == 0) + reconnect=1; + else if (strcmp(*argv,"-stats") == 0) + cache_stats=1; + else if (strcmp(*argv,"-ssl3") == 0) + ssl_method=SSLv3_method(); + else if (strcmp(*argv,"-ssl2") == 0) + ssl_method=SSLv2_method(); + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + scert= *(++argv); + } + else if (strcmp(*argv,"-ccert") == 0) + { + if (--argc < 1) goto bad; + ccert= *(++argv); + } + else if (strcmp(*argv,"-threads") == 0) + { + if (--argc < 1) goto bad; + thread_number= atoi(*(++argv)); + if (thread_number == 0) thread_number=1; + if (thread_number > MAX_THREAD_NUMBER) + thread_number=MAX_THREAD_NUMBER; + } + else if (strcmp(*argv,"-loops") == 0) + { + if (--argc < 1) goto bad; + number_of_loops= atoi(*(++argv)); + if (number_of_loops == 0) number_of_loops=1; + } + else + { + fprintf(stderr,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sv_usage(); + goto end; + } + + if (cipher == NULL) cipher=getenv("SSL_CIPHER"); + + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + + c_ctx=SSL_CTX_new(ssl_method); + s_ctx=SSL_CTX_new(ssl_method); + if ((c_ctx == NULL) || (s_ctx == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CTX_set_session_cache_mode(s_ctx, + SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER); + SSL_CTX_set_session_cache_mode(c_ctx, + SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER); + + SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM); + SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM); + + if (client_auth) + { + SSL_CTX_use_certificate_file(c_ctx,ccert, + SSL_FILETYPE_PEM); + SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert, + SSL_FILETYPE_PEM); + } + + if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx)) || + (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(c_ctx))) + { + fprintf(stderr,"SSL_load_verify_locations\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (client_auth) + { + fprintf(stderr,"client authentication\n"); + SSL_CTX_set_verify(s_ctx, + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); + } + if (server_auth) + { + fprintf(stderr,"server authentication\n"); + SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, + verify_callback); + } + + thread_setup(); + do_threads(s_ctx,c_ctx); + thread_cleanup(); +end: + + if (c_ctx != NULL) + { + fprintf(stderr,"Client SSL_CTX stats then free it\n"); + print_stats(stderr,c_ctx); + SSL_CTX_free(c_ctx); + } + if (s_ctx != NULL) + { + fprintf(stderr,"Server SSL_CTX stats then free it\n"); + print_stats(stderr,s_ctx); + if (cache_stats) + { + fprintf(stderr,"-----\n"); + lh_stats(SSL_CTX_sessions(s_ctx),stderr); + fprintf(stderr,"-----\n"); + /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); + fprintf(stderr,"-----\n"); */ + lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr); + fprintf(stderr,"-----\n"); + } + SSL_CTX_free(s_ctx); + fprintf(stderr,"done free\n"); + } + exit(ret); + return(0); + } + +#define W_READ 1 +#define W_WRITE 2 +#define C_DONE 1 +#define S_DONE 2 + +int ndoit(ssl_ctx) +SSL_CTX *ssl_ctx[2]; + { + int i; + int ret; + char *ctx[4]; + + ctx[0]=(char *)ssl_ctx[0]; + ctx[1]=(char *)ssl_ctx[1]; + + if (reconnect) + { + ctx[2]=(char *)SSL_new(ssl_ctx[0]); + ctx[3]=(char *)SSL_new(ssl_ctx[1]); + } + else + { + ctx[2]=NULL; + ctx[3]=NULL; + } + + fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id()); + for (i=0; iref (%3d,%3d)\n", + CRYPTO_thread_id(),i, + ssl_ctx[0]->references, + ssl_ctx[1]->references); */ + /* pthread_delay_np(&tm);*/ + + ret=doit(ctx); + if (ret != 0) + { + fprintf(stdout,"error[%d] %lu - %d\n", + i,CRYPTO_thread_id(),ret); + return(ret); + } + } + fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id()); + if (reconnect) + { + SSL_free((SSL *)ctx[2]); + SSL_free((SSL *)ctx[3]); + } + return(0); + } + +int doit(ctx) +char *ctx[4]; + { + SSL_CTX *s_ctx,*c_ctx; + static char cbuf[200],sbuf[200]; + SSL *c_ssl=NULL; + SSL *s_ssl=NULL; + BIO *c_to_s=NULL; + BIO *s_to_c=NULL; + BIO *c_bio=NULL; + BIO *s_bio=NULL; + int c_r,c_w,s_r,s_w; + int c_want,s_want; + int i; + int done=0; + int c_write,s_write; + int do_server=0,do_client=0; + + s_ctx=(SSL_CTX *)ctx[0]; + c_ctx=(SSL_CTX *)ctx[1]; + + if (ctx[2] != NULL) + s_ssl=(SSL *)ctx[2]; + else + s_ssl=SSL_new(s_ctx); + + if (ctx[3] != NULL) + c_ssl=(SSL *)ctx[3]; + else + c_ssl=SSL_new(c_ctx); + + if ((s_ssl == NULL) || (c_ssl == NULL)) goto err; + + c_to_s=BIO_new(BIO_s_mem()); + s_to_c=BIO_new(BIO_s_mem()); + if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; + + c_bio=BIO_new(BIO_f_ssl()); + s_bio=BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) || (s_bio == NULL)) goto err; + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl,s_to_c,c_to_s); + BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE); + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl,c_to_s,s_to_c); + BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE); + + c_r=0; s_r=1; + c_w=1; s_w=0; + c_want=W_WRITE; + s_want=0; + c_write=1,s_write=0; + + /* We can always do writes */ + for (;;) + { + do_server=0; + do_client=0; + + i=(int)BIO_pending(s_bio); + if ((i && s_r) || s_w) do_server=1; + + i=(int)BIO_pending(c_bio); + if ((i && c_r) || c_w) do_client=1; + + if (do_server && verbose) + { + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); + } + + if (do_client && verbose) + { + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); + } + + if (!do_client && !do_server) + { + fprintf(stdout,"ERROR IN STARTUP\n"); + break; + } + if (do_client && !(done & C_DONE)) + { + if (c_write) + { + i=BIO_write(c_bio,"hello from client\n",18); + if (i < 0) + { + c_r=0; + c_w=0; + if (BIO_should_retry(c_bio)) + { + if (BIO_should_read(c_bio)) + c_r=1; + if (BIO_should_write(c_bio)) + c_w=1; + } + else + { + fprintf(stderr,"ERROR in CLIENT\n"); + return(1); + } + } + else if (i == 0) + { + fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + return(1); + } + else + { + /* ok */ + c_write=0; + } + } + else + { + i=BIO_read(c_bio,cbuf,100); + if (i < 0) + { + c_r=0; + c_w=0; + if (BIO_should_retry(c_bio)) + { + if (BIO_should_read(c_bio)) + c_r=1; + if (BIO_should_write(c_bio)) + c_w=1; + } + else + { + fprintf(stderr,"ERROR in CLIENT\n"); + return(1); + } + } + else if (i == 0) + { + fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + return(1); + } + else + { + done|=C_DONE; +#ifdef undef + fprintf(stdout,"CLIENT:from server:"); + fwrite(cbuf,1,i,stdout); + fflush(stdout); +#endif + } + } + } + + if (do_server && !(done & S_DONE)) + { + if (!s_write) + { + i=BIO_read(s_bio,sbuf,100); + if (i < 0) + { + s_r=0; + s_w=0; + if (BIO_should_retry(s_bio)) + { + if (BIO_should_read(s_bio)) + s_r=1; + if (BIO_should_write(s_bio)) + s_w=1; + } + else + { + fprintf(stderr,"ERROR in SERVER\n"); + ERR_print_errors_fp(stderr); + return(1); + } + } + else if (i == 0) + { + fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); + return(1); + } + else + { + s_write=1; + s_w=1; +#ifdef undef + fprintf(stdout,"SERVER:from client:"); + fwrite(sbuf,1,i,stdout); + fflush(stdout); +#endif + } + } + else + { + i=BIO_write(s_bio,"hello from server\n",18); + if (i < 0) + { + s_r=0; + s_w=0; + if (BIO_should_retry(s_bio)) + { + if (BIO_should_read(s_bio)) + s_r=1; + if (BIO_should_write(s_bio)) + s_w=1; + } + else + { + fprintf(stderr,"ERROR in SERVER\n"); + ERR_print_errors_fp(stderr); + return(1); + } + } + else if (i == 0) + { + fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); + return(1); + } + else + { + s_write=0; + s_r=1; + done|=S_DONE; + } + } + } + + if ((done & S_DONE) && (done & C_DONE)) break; + } + + SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + +#ifdef undef + fprintf(stdout,"DONE\n"); +#endif +err: + /* We have to set the BIO's to NULL otherwise they will be + * free()ed twice. Once when th s_ssl is SSL_free()ed and + * again when c_ssl is SSL_free()ed. + * This is a hack required because s_ssl and c_ssl are sharing the same + * BIO structure and SSL_set_bio() and SSL_free() automatically + * BIO_free non NULL entries. + * You should not normally do this or be required to do this */ + + if (s_ssl != NULL) + { + s_ssl->rbio=NULL; + s_ssl->wbio=NULL; + } + if (c_ssl != NULL) + { + c_ssl->rbio=NULL; + c_ssl->wbio=NULL; + } + + /* The SSL's are optionally freed in the following calls */ + if (c_to_s != NULL) BIO_free(c_to_s); + if (s_to_c != NULL) BIO_free(s_to_c); + + if (c_bio != NULL) BIO_free(c_bio); + if (s_bio != NULL) BIO_free(s_bio); + return(0); + } + +int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg) +int ok; +X509 *xs; +X509 *xi; +int depth; +int error; +char *arg; + { + char buf[256]; + + if (verbose) + { + X509_NAME_oneline(X509_get_subject_name(xs),buf,256); + if (ok) + fprintf(stderr,"depth=%d %s\n",depth,buf); + else + fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf); + } + return(ok); + } + +#define THREAD_STACK_SIZE (16*1024) + +#ifdef WIN32 + +static HANDLE lock_cs[CRYPTO_NUM_LOCKS]; + +void thread_setup() + { + int i; + + for (i=0; i end.wDayOfWeek) end.wDayOfWeek+=7; + ret=(end.wDayOfWeek-start.wDayOfWeek)*24; + + ret=(ret+end.wHour-start.wHour)*60; + ret=(ret+end.wMinute-start.wMinute)*60; + ret=(ret+end.wSecond-start.wSecond); + ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0; + + printf("win32 threads done - %.3f seconds\n",ret); + } + +#endif + +#ifdef SOLARIS + +static mutex_t lock_cs[CRYPTO_NUM_LOCKS]; +/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */ +static long lock_count[CRYPTO_NUM_LOCKS]; + +void thread_setup() + { + int i; + + for (i=0; ireferences,c_ctx->references); + } + +unsigned long solaris_thread_id() + { + unsigned long ret; + + ret=(unsigned long)thr_self(); + return(ret); + } +#endif + +#ifdef IRIX + + +static usptr_t *arena; +static usema_t *lock_cs[CRYPTO_NUM_LOCKS]; + +void thread_setup() + { + int i; + char filename[20]; + + strcpy(filename,"/tmp/mttest.XXXXXX"); + mktemp(filename); + + usconfig(CONF_STHREADIOOFF); + usconfig(CONF_STHREADMALLOCOFF); + usconfig(CONF_INITUSERS,100); + usconfig(CONF_LOCKTYPE,US_DEBUGPLUS); + arena=usinit(filename); + unlink(filename); + + for (i=0; ireferences,c_ctx->references); + } + +unsigned long irix_thread_id() + { + unsigned long ret; + + ret=(unsigned long)getpid(); + return(ret); + } +#endif + diff --git a/mt/profile.sh b/mt/profile.sh new file mode 100644 index 0000000000000000000000000000000000000000..de5eb0670860ad15d2e28b0da4804323cc9fb78a --- /dev/null +++ b/mt/profile.sh @@ -0,0 +1,4 @@ +#!/bin/sh +/bin/rm -f mttest +cc -p -DSOLARIS -I../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L.. -lthread -lssl -lcrypto -lnsl -lsocket + diff --git a/mt/ptest.bat b/mt/ptest.bat new file mode 100755 index 0000000000000000000000000000000000000000..ccaccae09dc8cf95f65fdafa1496b12fef65e52d --- /dev/null +++ b/mt/ptest.bat @@ -0,0 +1,4 @@ +del mttest.exe + +purify cl /O2 -DWIN32 /MD -I..\out mttest.c /Femttest ..\out\ssl32.lib ..\out\crypt32.lib + diff --git a/mt/purify.sh b/mt/purify.sh new file mode 100644 index 0000000000000000000000000000000000000000..57c4017073a8286c0b28eb6535936d31f7a196cc --- /dev/null +++ b/mt/purify.sh @@ -0,0 +1,4 @@ +#!/bin/sh +/bin/rm -f mttest +purify cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread -lssl -lcrypto -lnsl -lsocket + diff --git a/mt/solaris.sh b/mt/solaris.sh new file mode 100644 index 0000000000000000000000000000000000000000..f6a90b17ee0af99a8ecce692ec4eeac5020c5e65 --- /dev/null +++ b/mt/solaris.sh @@ -0,0 +1,4 @@ +#!/bin/sh +/bin/rm -f mttest +cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread -lssl -lcrypto -lnsl -lsocket + diff --git a/mt/win32.bat b/mt/win32.bat new file mode 100755 index 0000000000000000000000000000000000000000..56089f69be2f5ed41d7a3c7e6f78b9697a95c58f --- /dev/null +++ b/mt/win32.bat @@ -0,0 +1,4 @@ +del mttest.exe + +cl /O2 -DWIN32 /MD -I..\out mttest.c /Femttest ..\out\ssleay32.lib ..\out\libeay32.lib + diff --git a/rsaref/Makefile.ssl b/rsaref/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..e0e4fb735f8b194369a69dc3abd7190f4fbca96d --- /dev/null +++ b/rsaref/Makefile.ssl @@ -0,0 +1,85 @@ +# +# SSLeay/rsaref/Makefile +# + +DIR= rsaref +TOP= .. +CC= cc +INCLUDES= -I../crypto -I../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=rsaref +ERRC=rsar_err +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libRSAglue.a +LIBSRC= rsaref.c $(ERRC).c +LIBOBJ= rsaref.o $(ERRC).o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) rsaref.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ..; $(MAKE) DIRS=rsaref all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../include $(EXHEADER) + $(TOP)/util/mklink.sh ../test $(TEST) + $(TOP)/util/mklink.sh ../apps $(APPS) + +install: + +# @for i in $(EXHEADER) ; \ +# do \ +# (cp $$i $(INSTALLTOP)/include/$$i; \ +# chmod 644 $(INSTALLTOP)/include/$$i ); \ +# done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../crypto/err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/rsaref/rsar_err.c b/rsaref/rsar_err.c new file mode 100644 index 0000000000000000000000000000000000000000..b77f3e7c1ac3dfcfc4bfa62293e2f7cec99c7415 --- /dev/null +++ b/rsaref/rsar_err.c @@ -0,0 +1,124 @@ +/* lib/rsaref/rsaref_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "rsaref.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA RSAREF_str_functs[]= + { +{ERR_PACK(0,RSAREF_F_BN_REF_MOD_EXP,0), "BN_REF_MOD_EXP"}, +{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0), "RSAREF_BN2BIN"}, +{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0), "RSA_BN2BIN"}, +{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0), "RSA_PRIVATE_DECRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0), "RSA_PRIVATE_ENCRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0), "RSA_PUBLIC_DECRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0), "RSA_PUBLIC_ENCRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_REF_BN2BIN,0), "RSA_REF_BN2BIN"}, +{ERR_PACK(0,RSAREF_F_RSA_REF_MOD_EXP,0), "RSA_REF_MOD_EXP"}, +{ERR_PACK(0,RSAREF_F_RSA_REF_PRIVATE_DECRYPT,0), "RSA_REF_PRIVATE_DECRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,0), "RSA_REF_PRIVATE_ENCRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_REF_PUBLIC_DECRYPT,0), "RSA_REF_PUBLIC_DECRYPT"}, +{ERR_PACK(0,RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,0), "RSA_REF_PUBLIC_ENCRYPT"}, +{0,NULL}, + }; + +static ERR_STRING_DATA RSAREF_str_reasons[]= + { +{RE_CONTENT_ENCODING ,"content encoding"}, +{RE_DATA ,"data"}, +{RE_DIGEST_ALGORITHM ,"digest algorithm"}, +{RE_ENCODING ,"encoding"}, +{RE_KEY ,"key"}, +{RE_KEY_ENCODING ,"key encoding"}, +{RE_LEN ,"len"}, +{RE_MODULUS_LEN ,"modulus len"}, +{RE_NEED_RANDOM ,"need random"}, +{RE_PRIVATE_KEY ,"private key"}, +{RE_PUBLIC_KEY ,"public key"}, +{RE_SIGNATURE ,"signature"}, +{RE_SIGNATURE_ENCODING ,"signature encoding"}, +{RE_ENCRYPTION_ALGORITHM ,"encryption algorithm"}, +{RSAREF_R_CONTENT_ENCODING ,"content encoding"}, +{RSAREF_R_DATA ,"data"}, +{RSAREF_R_DIGEST_ALGORITHM ,"digest algorithm"}, +{RSAREF_R_ENCODING ,"encoding"}, +{RSAREF_R_ENCRYPTION_ALGORITHM ,"encryption algorithm"}, +{RSAREF_R_KEY ,"key"}, +{RSAREF_R_KEY_ENCODING ,"key encoding"}, +{RSAREF_R_LEN ,"len"}, +{RSAREF_R_MODULUS_LEN ,"modulus len"}, +{RSAREF_R_NEED_RANDOM ,"need random"}, +{RSAREF_R_PRIVATE_KEY ,"private key"}, +{RSAREF_R_PUBLIC_KEY ,"public key"}, +{RSAREF_R_SIGNATURE ,"signature"}, +{RSAREF_R_SIGNATURE_ENCODING ,"signature encoding"}, +{0,NULL}, + }; + +void ERR_load_RSAREF_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_functs); + ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_reasons); + } + } diff --git a/rsaref/rsaref.c b/rsaref/rsaref.c new file mode 100644 index 0000000000000000000000000000000000000000..ac4fe01939b47bfacc7dd6986f5344aefb668e4e --- /dev/null +++ b/rsaref/rsaref.c @@ -0,0 +1,351 @@ +/* rsaref/rsaref.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rsaref.h" +#include "rand.h" + +/* + * RSAREFerr(RSAREF_F_RSA_REF_BN2BIN,RSAREF_R_CONTENT_ENCODING); + * RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,RSAREF_R_DATA); + * RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,RSAREF_R_DIGEST_ALGORITHM); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,RSAREF_R_ENCODING); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_KEY); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_KEY_ENCODING); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_LEN); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_MODULUS_LEN); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_NEED_RANDOM); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_PRIVATE_KEY); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_PUBLIC_KEY); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_SIGNATURE); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_SIGNATURE_ENCODING); + * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_ENCRYPTION_ALGORITHM); + * RSAREFerr(RSAREF_F_RSAREF_BN2BIN,ERR_R_BN_LIB); + */ + +#ifndef NOPROTO +static int RSAref_bn2bin(BIGNUM * from, unsigned char* to, int max); +#ifdef undef +static BIGNUM* RSAref_bin2bn(unsigned char* from, BIGNUM * to, int max); +#endif +static int RSAref_Public_eay2ref(RSA * from, RSArefPublicKey * to); +static int RSAref_Private_eay2ref(RSA * from, RSArefPrivateKey * to); +int RSA_ref_private_decrypt(int len, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_ref_private_encrypt(int len, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_ref_public_encrypt(int len, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_ref_public_decrypt(int len, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int BN_ref_mod_exp(BIGNUM *r,BIGNUM *a,BIGNUM *p,BIGNUM *m, BN_CTX *ctx); +static int RSA_ref_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa); +#else + +static int RSAref_bn2bin(); +#ifdef undef +static BIGNUM* RSAref_bin2bn(); +#endif +static int RSAref_Public_eay2ref(); +static int RSAref_Private_eay2ref(); +static int BN_ref_mod_exp(); +static int RSA_ref_mod_exp(); +int RSA_ref_private_decrypt(); +int RSA_ref_private_encrypt(); +int RSA_ref_public_encrypt(); +int RSA_ref_public_decrypt(); +static int BN_ref_mod_exp(); +static int RSA_ref_mod_exp(); +#endif + +static RSA_METHOD rsa_pkcs1_ref_meth={ + "RSAref PKCS#1 RSA", + RSA_ref_public_encrypt, + RSA_ref_public_decrypt, + RSA_ref_private_encrypt, + RSA_ref_private_decrypt, + RSA_ref_mod_exp, + BN_ref_mod_exp, + NULL, + NULL, + }; + +RSA_METHOD *RSA_PKCS1_RSAref() + { + return(&rsa_pkcs1_ref_meth); + } + +static int RSA_ref_mod_exp(r0, I, rsa) +BIGNUM *r0; +BIGNUM *I; +RSA *rsa; + { + RSAREFerr(RSAREF_F_RSA_REF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } + +static int BN_ref_mod_exp(r,a,p,m,ctx) +BIGNUM *r,*a,*p,*m; +BN_CTX *ctx; + { + RSAREFerr(RSAREF_F_BN_REF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } + +static int RSAref_bn2bin(from,to,max) +BIGNUM *from; +unsigned char *to; /* [max] */ +int max; + { + int i; + + i=BN_num_bytes(from); + if (i > max) + { + RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN); + return(0); + } + + memset(to,0,(unsigned int)max); + if (!BN_bn2bin(from,&(to[max-i]))) + return(0); + return(1); + } + +#ifdef undef +static BIGNUM *RSAref_bin2bn(from,to,max) +unsigned char *from; /* [max] */ +BIGNUM *to; +int max; + { + int i; + BIGNUM *ret; + + for (i=0; in=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN); + to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN); + if ((to->n == NULL) || (to->e == NULL)) return(0); + return(1); + } +#endif + +static int RSAref_Public_eay2ref(from,to) +RSA *from; +RSArefPublicKey *to; + { + to->bits=BN_num_bits(from->n); + if (!RSAref_bn2bin(from->n,to->m,RSAref_MAX_LEN)) return(0); + if (!RSAref_bn2bin(from->e,to->e,RSAref_MAX_LEN)) return(0); + return(1); + } + +#ifdef undef +static int RSAref_Private_ref2eay(from,to) +RSArefPrivateKey *from; +RSA *to; + { + if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL) + return(0); + if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL) + return(0); + if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL) + return(0); + if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL) + return(0); + if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL) + return(0); + if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN)) + == NULL) + return(0); + if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN)) + == NULL) + return(0); + if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL) + return(0); + return(1); + } +#endif + +static int RSAref_Private_eay2ref(from,to) +RSA *from; +RSArefPrivateKey *to; + { + to->bits=BN_num_bits(from->n); + if (!RSAref_bn2bin(from->n,to->m,RSAref_MAX_LEN)) return(0); + if (!RSAref_bn2bin(from->e,to->e,RSAref_MAX_LEN)) return(0); + if (!RSAref_bn2bin(from->d,to->d,RSAref_MAX_LEN)) return(0); + if (!RSAref_bn2bin(from->p,to->prime[0],RSAref_MAX_PLEN)) return(0); + if (!RSAref_bn2bin(from->q,to->prime[1],RSAref_MAX_PLEN)) return(0); + if (!RSAref_bn2bin(from->dmp1,to->pexp[0],RSAref_MAX_PLEN)) return(0); + if (!RSAref_bn2bin(from->dmq1,to->pexp[1],RSAref_MAX_PLEN)) return(0); + if (!RSAref_bn2bin(from->iqmp,to->coef,RSAref_MAX_PLEN)) return(0); + return(1); + } + +int RSA_ref_private_decrypt(len,from,to,rsa,padding) +int len; +unsigned char *from,*to; +RSA *rsa; +int padding; + { + int i,outlen= -1; + RSArefPrivateKey RSAkey; + + if (!RSAref_Private_eay2ref(rsa,&RSAkey)) + goto err; + if ((i=RSAPrivateDecrypt(to,&outlen,from,len,&RSAkey)) != 0) + { + RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,i); + outlen= -1; + } +err: + memset(&RSAkey,0,sizeof(RSAkey)); + return(outlen); + } + +int RSA_ref_private_encrypt(len,from,to,rsa,padding) +int len; +unsigned char *from,*to; +RSA *rsa; +int padding; + { + int i,outlen= -1; + RSArefPrivateKey RSAkey; + + if (!RSAref_Private_eay2ref(rsa,&RSAkey)) + goto err; + if ((i=RSAPrivateEncrypt(to,&outlen,from,len,&RSAkey)) != 0) + { + RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,i); + outlen= -1; + } +err: + memset(&RSAkey,0,sizeof(RSAkey)); + return(outlen); + } + +int RSA_ref_public_decrypt(len,from,to,rsa,padding) +int len; +unsigned char *from,*to; +RSA *rsa; +int padding; + { + int i,outlen= -1; + RSArefPublicKey RSAkey; + + if (!RSAref_Public_eay2ref(rsa,&RSAkey)) + goto err; + if ((i=RSAPublicDecrypt(to,&outlen,from,len,&RSAkey)) != 0) + { + RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,i); + outlen= -1; + } +err: + memset(&RSAkey,0,sizeof(RSAkey)); + return(outlen); + } + +int RSA_ref_public_encrypt(len,from,to,rsa,padding) +int len; +unsigned char *from,*to; +RSA *rsa; +int padding; + { + int outlen= -1; + int i; + RSArefPublicKey RSAkey; + RSARandomState rnd; + unsigned char buf[16]; + + R_RandomInit(&rnd); + R_GetRandomBytesNeeded((unsigned int *)&i,&rnd); + while (i > 0) + { + RAND_bytes(buf,16); + R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i)); + i-=16; + } + + if (!RSAref_Public_eay2ref(rsa,&RSAkey)) + goto err; + if ((i=RSAPublicEncrypt(to,&outlen,from,len,&RSAkey,&rnd)) != 0) + { + RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,i); + outlen= -1; + goto err; + } +err: + memset(&RSAkey,0,sizeof(RSAkey)); + R_RandomFinal(&rnd); + memset(&rnd,0,sizeof(rnd)); + return(outlen); + } + diff --git a/rsaref/rsaref.err b/rsaref/rsaref.err new file mode 100644 index 0000000000000000000000000000000000000000..89f83b822c0f1ef14ce35c96dac9f58fc5635516 --- /dev/null +++ b/rsaref/rsaref.err @@ -0,0 +1,32 @@ +/* Error codes for the RSAREF functions. */ + +/* Function codes. */ +#define RSAREF_F_BN_REF_MOD_EXP 100 +#define RSAREF_F_RSAREF_BN2BIN 101 +#define RSAREF_F_RSA_BN2BIN 102 +#define RSAREF_F_RSA_PRIVATE_DECRYPT 103 +#define RSAREF_F_RSA_PRIVATE_ENCRYPT 104 +#define RSAREF_F_RSA_PUBLIC_DECRYPT 105 +#define RSAREF_F_RSA_PUBLIC_ENCRYPT 106 +#define RSAREF_F_RSA_REF_BN2BIN 107 +#define RSAREF_F_RSA_REF_MOD_EXP 108 +#define RSAREF_F_RSA_REF_PRIVATE_DECRYPT 109 +#define RSAREF_F_RSA_REF_PRIVATE_ENCRYPT 110 +#define RSAREF_F_RSA_REF_PUBLIC_DECRYPT 111 +#define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT 112 + +/* Reason codes. */ +#define RSAREF_R_CONTENT_ENCODING 1024 +#define RSAREF_R_DATA 1025 +#define RSAREF_R_DIGEST_ALGORITHM 1026 +#define RSAREF_R_ENCODING 1027 +#define RSAREF_R_ENCRYPTION_ALGORITHM 1037 +#define RSAREF_R_KEY 1028 +#define RSAREF_R_KEY_ENCODING 1029 +#define RSAREF_R_LEN 1030 +#define RSAREF_R_MODULUS_LEN 1031 +#define RSAREF_R_NEED_RANDOM 1032 +#define RSAREF_R_PRIVATE_KEY 1033 +#define RSAREF_R_PUBLIC_KEY 1034 +#define RSAREF_R_SIGNATURE 1035 +#define RSAREF_R_SIGNATURE_ENCODING 1036 diff --git a/rsaref/rsaref.h b/rsaref/rsaref.h new file mode 100644 index 0000000000000000000000000000000000000000..52fc469daba70f5ec638ddf343d3cfa63fbf29c0 --- /dev/null +++ b/rsaref/rsaref.h @@ -0,0 +1,186 @@ +/* rsaref/rsaref.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSAREF_H +#define HEADER_RSAREF_H + +#include "rsa.h" + +/* RSAeuro */ +/*#define RSAref_MAX_BITS 2048*/ + +/* RSAref */ +#define RSAref_MAX_BITS 1024 + +#define RSAref_MIN_BITS 508 +#define RSAref_MAX_LEN ((RSAref_MAX_BITS+7)/8) +#define RSAref_MAX_PBITS (RSAref_MAX_BITS+1)/2 +#define RSAref_MAX_PLEN ((RSAref_MAX_PBITS+7)/8) + +typedef struct RSArefPublicKey_st + { + unsigned int bits; + unsigned char m[RSAref_MAX_LEN]; + unsigned char e[RSAref_MAX_LEN]; + } RSArefPublicKey; + +typedef struct RSArefPrivateKey_st + { + unsigned int bits; + unsigned char m[RSAref_MAX_LEN]; + unsigned char e[RSAref_MAX_LEN]; + unsigned char d[RSAref_MAX_LEN]; + unsigned char prime[2][RSAref_MAX_PLEN];/* p & q */ + unsigned char pexp[2][RSAref_MAX_PLEN]; /* dmp1 & dmq1 */ + unsigned char coef[RSAref_MAX_PLEN]; /* iqmp */ + } RSArefPrivateKey; + +typedef struct RSARandomState_st + { + unsigned int needed; + unsigned char state[16]; + unsigned int outputnum; + unsigned char output[16]; + } RSARandomState; + +#define RE_CONTENT_ENCODING 0x0400 +#define RE_DATA 0x0401 +#define RE_DIGEST_ALGORITHM 0x0402 +#define RE_ENCODING 0x0403 +#define RE_KEY 0x0404 +#define RE_KEY_ENCODING 0x0405 +#define RE_LEN 0x0406 +#define RE_MODULUS_LEN 0x0407 +#define RE_NEED_RANDOM 0x0408 +#define RE_PRIVATE_KEY 0x0409 +#define RE_PUBLIC_KEY 0x040a +#define RE_SIGNATURE 0x040b +#define RE_SIGNATURE_ENCODING 0x040c +#define RE_ENCRYPTION_ALGORITHM 0x040d + +#ifndef NOPROTO +int RSAPrivateDecrypt(unsigned char *to, int *outlen, unsigned char *from, + int len, RSArefPrivateKey *RSAkey); +int RSAPrivateEncrypt(unsigned char *to, int *outlen, unsigned char *from, + int len, RSArefPrivateKey *RSAkey); +int RSAPublicDecrypt(unsigned char *to, int *outlen, unsigned char *from, + int len, RSArefPublicKey *RSAkey); +int RSAPublicEncrypt(unsigned char *to, int *outlen, unsigned char *from, + int len, RSArefPublicKey *RSAkey,RSARandomState *rnd); +int R_RandomInit(RSARandomState *rnd); +int R_GetRandomBytesNeeded(unsigned int *,RSARandomState *rnd); +int R_RandomUpdate(RSARandomState *rnd, unsigned char *data, unsigned int n); +int R_RandomFinal(RSARandomState *rnd); + +void ERR_load_RSAREF_strings(void ); +RSA_METHOD *RSA_PKCS1_RSAref(void ); + +#else +int RSAPrivateDecrypt(); +int RSAPrivateEncrypt(); +int RSAPublicDecrypt(); +int RSAPublicEncrypt(); +int R_RandomInit(); +int R_GetRandomBytesNeeded(); +int R_RandomUpdate(); +int R_RandomFinal(); + +void ERR_load_RSAREF_strings(); +RSA_METHOD *RSA_PKCS1_RSAref(); + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the RSAREF functions. */ + +/* Function codes. */ +#define RSAREF_F_BN_REF_MOD_EXP 100 +#define RSAREF_F_RSAREF_BN2BIN 101 +#define RSAREF_F_RSA_BN2BIN 102 +#define RSAREF_F_RSA_PRIVATE_DECRYPT 103 +#define RSAREF_F_RSA_PRIVATE_ENCRYPT 104 +#define RSAREF_F_RSA_PUBLIC_DECRYPT 105 +#define RSAREF_F_RSA_PUBLIC_ENCRYPT 106 +#define RSAREF_F_RSA_REF_BN2BIN 107 +#define RSAREF_F_RSA_REF_MOD_EXP 108 +#define RSAREF_F_RSA_REF_PRIVATE_DECRYPT 109 +#define RSAREF_F_RSA_REF_PRIVATE_ENCRYPT 110 +#define RSAREF_F_RSA_REF_PUBLIC_DECRYPT 111 +#define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT 112 + +/* Reason codes. */ +#define RSAREF_R_CONTENT_ENCODING 1024 +#define RSAREF_R_DATA 1025 +#define RSAREF_R_DIGEST_ALGORITHM 1026 +#define RSAREF_R_ENCODING 1027 +#define RSAREF_R_ENCRYPTION_ALGORITHM 1037 +#define RSAREF_R_KEY 1028 +#define RSAREF_R_KEY_ENCODING 1029 +#define RSAREF_R_LEN 1030 +#define RSAREF_R_MODULUS_LEN 1031 +#define RSAREF_R_NEED_RANDOM 1032 +#define RSAREF_R_PRIVATE_KEY 1033 +#define RSAREF_R_PUBLIC_KEY 1034 +#define RSAREF_R_SIGNATURE 1035 +#define RSAREF_R_SIGNATURE_ENCODING 1036 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/shlib/README b/shlib/README new file mode 100644 index 0000000000000000000000000000000000000000..fea07a59eab560f41d2ff8c015000d6ff1b0c3df --- /dev/null +++ b/shlib/README @@ -0,0 +1 @@ +Only the windows NT and, linux builds have been tested for SSLeay 0.8.0 diff --git a/shlib/irix.sh b/shlib/irix.sh new file mode 100644 index 0000000000000000000000000000000000000000..22e4e6ad508dd39a92bd4f7c6df0f817ded6a8c2 --- /dev/null +++ b/shlib/irix.sh @@ -0,0 +1,7 @@ +FLAGS="-DTERMIOS -O2 -mips2 -DB_ENDIAN -fomit-frame-pointer -Wall -Iinclude" +SHFLAGS="-DPIC -fpic" + +gcc -c -Icrypto $SHFLAGS $FLAGS -o crypto.o crypto/crypto.c +ld -shared -o libcrypto.so crypto.o +gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c +ld -shared -o libssl.so ssl.o diff --git a/shlib/libcrypto.so.0 b/shlib/libcrypto.so.0 new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/shlib/libssl.so.0 b/shlib/libssl.so.0 new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/shlib/linux.sh b/shlib/linux.sh new file mode 100644 index 0000000000000000000000000000000000000000..4d2b98d2c1a05a636c284aed06d90f0265ecd970 --- /dev/null +++ b/shlib/linux.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +echo "#define DATE \"`date`\"" >crypto/date.h + +major="0" +minor="8.0" +slib=libssl +clib=libcrypto +CC=gcc +CPP='gcc -E' +AS=as +FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall' +#FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -m486 -Wall -DREF_CHECK -DCRYPTO_MDEBUG' +INCLUDE='-Iinclude -Icrypto -Issl' +SHFLAGS='-DPIC -fpic' + +CFLAGS="$FLAGS $INCLUDE $SHFLAGS" +ASM_OBJ=""; + +echo compiling bignum assember +$AS -o bn_asm.o crypto/bn/asm/x86-lnx.s +CFLAGS="$CFLAGS -DBN_ASM" +ASM_OBJ="$ASM_OBJ bn_asm.o" + +echo compiling des assember +$CPP -DELF crypto/des/asm/dx86unix.cpp | $AS -o des_enc.o +$CPP -DELF crypto/des/asm/cx86unix.cpp | $AS -o fcrypt-b.o +CFLAGS="$CFLAGS -DDES_ASM" +ASM_OBJ="$ASM_OBJ des_enc.o fcrypt-b.o" + +echo compiling blowfish assember +$CPP -DELF crypto/bf/asm/bx86unix.cpp | $AS -o bf_enc.o +CFLAGS="$CFLAGS -DBF_ASM" +ASM_OBJ="$ASM_OBJ bf_enc.o" + +echo compiling $clib +$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c + +echo linking $clib.so +gcc $CFLAGS -shared -Wl,-soname,$clib.so.$major -o $clib.so.$major.$minor crypto.o $ASM_OBJ +/bin/rm -f $clib.so $clib.$major +ln -s $clib.so.$major.$minor $clib.so +ln -s $clib.so.$major.$minor $clib.so.$major + +echo compiling $slib.so +$CC -c $CFLAGS -o ssl.o ssl/ssl.c + +echo building $slib.so +gcc $CFLAGS -shared -Wl,-soname,$slib.so.$major -o $slib.so.$major.$minor ssl.o +/bin/rm -f $slib.so $slib.$mahor +ln -s $slib.so.$major.$minor $slib.so +ln -s $slib.so.$major.$minor $slib.so.$major + +echo building ssleay executable +gcc $CFLAGS -o ssleay apps/eay.c -L. -lssl -lcrypto + diff --git a/shlib/solaris.sh b/shlib/solaris.sh new file mode 100644 index 0000000000000000000000000000000000000000..03475f12b410c309cc5c4402c1cce88e0162c32b --- /dev/null +++ b/shlib/solaris.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +echo "#define DATE \"`date`\"" >crypto/date.h + +major="0" +minor="8.0" +slib=libssl +clib=libcrypto +CC=gcc +CPP='gcc -E' +AS=as +#FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -mv8 -Wall' +FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -Wall -DREF_CHECK -DCRYPTO_MDEBUG' +INCLUDE='-Iinclude -Icrypto -Issl' +SHFLAGS='-DPIC -fpic' + +CFLAGS="$FLAGS $INCLUDE $SHFLAGS" +ASM_OBJ=""; + +echo compiling bignum assember +$AS -o bn_asm.o crypto/bn/asm/sparc.s +CFLAGS="$CFLAGS -DBN_ASM" +ASM_OBJ="$ASM_OBJ bn_asm.o" + +echo compiling $clib +$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c + +echo linking $clib.so +gcc $CFLAGS -shared -o $clib.so.$major.$minor crypto.o $ASM_OBJ -lnsl -lsocket + +echo compiling $slib.so +$CC -c $CFLAGS -o ssl.o ssl/ssl.c + +echo building $slib.so +gcc $CFLAGS -shared -o $slib.so ssl.o -L. -lcrypto + diff --git a/shlib/sun.sh b/shlib/sun.sh new file mode 100644 index 0000000000000000000000000000000000000000..a890bbd376537023e16bb08bdc780dd0fd36426e --- /dev/null +++ b/shlib/sun.sh @@ -0,0 +1,8 @@ +FLAGS="-DTERMIO -O3 -DB_ENDIAN -fomit-frame-pointer -mv8 -Wall -Iinclude" +SHFLAGS="-DPIC -fpic" + +gcc -c -Icrypto $SHFLAGS -fpic $FLAGS -o crypto.o crypto/crypto.c +ld -G -z text -o libcrypto.so crypto.o + +gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c +ld -G -z text -o libssl.so ssl.o diff --git a/shlib/win32.bat b/shlib/win32.bat new file mode 100755 index 0000000000000000000000000000000000000000..c807a99d353d2a5aa204da71188bf54eb286196b --- /dev/null +++ b/shlib/win32.bat @@ -0,0 +1,18 @@ +rem win32 dll build + +set OPTIONS1=-DDES_ASM -DBN_ASM -DBF_ASM -DFLAT_INC -Iout -Itmp -DL_ENDIAN +set OPTIONS2=/W3 /WX /Ox /Gs0 /GF /Gy /nologo + +set OPTIONS=%OPTIONS1% %OPTIONS2% + +rem ml /coff /c crypto\bf\asm\b-win32.asm +rem ml /coff /c crypto\des\asm\c-win32.asm +rem ml /coff /c crypto\des\asm\d-win32.asm +rem ml /coff /c crypto\bn\asm\x86nt32.asm + +cl /Focrypto.obj -DWIN32 %OPTIONS% -c crypto\crypto.c +cl /Fossl.obj -DWIN32 %OPTIONS% -c ssl\ssl.c +cl /Foeay.obj -DWIN32 %OPTIONS% -c apps\eay.c + +cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib + diff --git a/shlib/win32dll.bat b/shlib/win32dll.bat new file mode 100755 index 0000000000000000000000000000000000000000..294c94c81c094daada1d98cdae7f47ffc77aca3e --- /dev/null +++ b/shlib/win32dll.bat @@ -0,0 +1,13 @@ +rem win32 dll build + +set OPTIONS1=-DDES_ASM -DBN_ASM -DBF_ASM -DFLAT_INC -Iout -Itmp -DL_ENDIAN +set OPTIONS2=/W3 /WX /Ox /Gf /nologo + +set OPTIONS=%OPTIONS1% %OPTIONS2% + +cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib + +cl /Fessleay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\ssleay32.def ssl\ssl.c libeay32.lib + +cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib wsock32.lib + diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..f6f40e44fc4c6fb130ba77241f5d5ad88e7598c3 --- /dev/null +++ b/ssl/Makefile.ssl @@ -0,0 +1,98 @@ +# +# SSLeay/ssl/Makefile +# + +DIR= ssl +TOP= .. +CC= cc +INCLUDES= -I../crypto -I../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=ssl +ERRC=ssl_err +GENERAL=Makefile README +TEST=ssltest.c +APPS= + +LIB=$(TOP)/libssl.a +LIBSRC= \ + s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c \ + s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c \ + s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \ + ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ + ssl_ciph.c ssl_stat.c ssl_rsa.c \ + ssl_asn1.c ssl_txt.c ssl_algs.c \ + bio_ssl.c $(ERRC).c +LIBOBJ= \ + s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o \ + s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o \ + s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ + ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ + ssl_ciph.o ssl_stat.o ssl_rsa.o \ + ssl_asn1.o ssl_txt.o ssl_algs.o \ + bio_ssl.o $(ERRC).o + +SRC= $(LIBSRC) + +EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h +HEADER= $(EXHEADER) ssl_locl.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ..; $(MAKE) DIRS=$(DIR) all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../include $(EXHEADER) + $(TOP)/util/mklink.sh ../test $(TEST) + $(TOP)/util/mklink.sh ../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../crypto/err/err_genc.pl $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c new file mode 100644 index 0000000000000000000000000000000000000000..6c0babaf30ccca03f6cbcd3fc6b03d7ac1f74ebb --- /dev/null +++ b/ssl/bio_ssl.c @@ -0,0 +1,432 @@ +/* ssl/bio_ssl.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "bio.h" +#include "err.h" +#include "ssl.h" + +#ifndef NOPROTO +static int ssl_write(BIO *h,char *buf,int num); +static int ssl_read(BIO *h,char *buf,int size); +static int ssl_puts(BIO *h,char *str); +static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int ssl_new(BIO *h); +static int ssl_free(BIO *data); +#else +static int ssl_write(); +static int ssl_read(); +static int ssl_puts(); +static long ssl_ctrl(); +static int ssl_new(); +static int ssl_free(); +#endif + +static BIO_METHOD methods_sslp= + { + BIO_TYPE_SSL,"ssl", + ssl_write, + ssl_read, + ssl_puts, + NULL, /* ssl_gets, */ + ssl_ctrl, + ssl_new, + ssl_free, + }; + +BIO_METHOD *BIO_f_ssl() + { + return(&methods_sslp); + } + +static int ssl_new(bi) +BIO *bi; + { + bi->init=0; + bi->ptr=NULL; /* The SSL structure */ + bi->flags=0; + return(1); + } + +static int ssl_free(a) +BIO *a; + { + if (a == NULL) return(0); + if (a->ptr != NULL) SSL_shutdown((SSL *)a->ptr); + if (a->shutdown) + { + if (a->init) SSL_free((SSL *)a->ptr); + a->init=0; + a->flags=0; + a->ptr=NULL; + } + return(1); + } + +static int ssl_read(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret=1; + int inflags,outflags; + SSL *ssl; + int retry_reason=0; + + if (out == NULL) return(0); + ssl=(SSL *)b->ptr; + + inflags=outflags=b->flags; + + outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY); + + if (!SSL_is_init_finished(ssl)) + { + ret=SSL_do_handshake(ssl); +#if 0 + if (ret > 0) + { + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + ret= -1; + goto end; + } +#endif + } + if (ret > 0) + ret=SSL_read(ssl,out,outl); + + switch (SSL_get_error(ssl,ret)) + { + case SSL_ERROR_NONE: + if (ret <= 0) break; + break; + case SSL_ERROR_WANT_READ: + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_WRITE: + outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + retry_reason=BIO_RR_SSL_X509_LOOKUP; + break; + case SSL_ERROR_WANT_CONNECT: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + retry_reason=BIO_RR_CONNECT; + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + case SSL_ERROR_ZERO_RETURN: + default: + break; + } + + b->retry_reason=retry_reason; + b->flags=outflags; + return(ret); + } + +static int ssl_write(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret; + int inflags,outflags,retry_reason=0; + SSL *ssl; + + if (out == NULL) return(0); + ssl=(SSL *)b->ptr; + + inflags=outflags=b->flags; + + outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY); + + ret=SSL_do_handshake(ssl); + if (ret > 0) + ret=SSL_write(ssl,out,outl); + + switch (SSL_get_error(ssl,ret)) + { + case SSL_ERROR_NONE: + if (ret <= 0) break; + break; + case SSL_ERROR_WANT_WRITE: + outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_READ: + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + retry_reason=BIO_RR_SSL_X509_LOOKUP; + break; + case SSL_ERROR_WANT_CONNECT: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + retry_reason=BIO_RR_CONNECT; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + default: + break; + } + + b->retry_reason=retry_reason; + b->flags=outflags; + return(ret); + } + +static long ssl_ctrl(b,cmd,num,ptr) +BIO *b; +int cmd; +long num; +char *ptr; + { + SSL **sslp,*ssl; + BIO *dbio,*bio; + long ret=1; + + ssl=(SSL *)b->ptr; + switch (cmd) + { + case BIO_CTRL_RESET: + SSL_shutdown(ssl); + + if (ssl->handshake_func == ssl->method->ssl_connect) + SSL_set_connect_state(ssl); + else if (ssl->handshake_func == ssl->method->ssl_accept) + SSL_set_accept_state(ssl); + + SSL_clear(ssl); + + if (b->next_bio != NULL) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + else if (ssl->rbio != NULL) + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); + else + ret=1; + break; + case BIO_CTRL_EOF: + case BIO_CTRL_INFO: + ret=0; + break; + case BIO_C_SSL_MODE: + if (num) /* client mode */ + SSL_set_connect_state(ssl); + else + SSL_set_accept_state(ssl); + break; + case BIO_C_SET_SSL: + ssl_free(b); + b->shutdown=(int)num; + b->ptr=ptr; + ssl=(SSL *)ptr; + bio=SSL_get_rbio(ssl); + if (bio != NULL) + { + if (b->next_bio != NULL) + BIO_push(bio,b->next_bio); + b->next_bio=bio; + } + b->init=1; + break; + case BIO_C_GET_SSL: + if (ptr != NULL) + { + sslp=(SSL **)ptr; + *sslp=ssl; + } + break; + case BIO_CTRL_GET_CLOSE: + ret=b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown=(int)num; + break; + case BIO_CTRL_WPENDING: + ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); + break; + case BIO_CTRL_PENDING: + ret=SSL_pending(ssl); + if (ret == 0) + ret=BIO_pending(ssl->rbio); + break; + case BIO_CTRL_FLUSH: + BIO_clear_retry_flags(b); + ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); + BIO_copy_next_retry(b); + break; + case BIO_CTRL_PUSH: + if (b->next_bio != NULL) + { + SSL_set_bio(ssl,b->next_bio,b->next_bio); + b->next_bio->references++; + } + break; + case BIO_CTRL_POP: + /* ugly bit of a hack */ + if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */ + { + BIO_free_all(ssl->wbio); + } + ssl->wbio=NULL; + ssl->rbio=NULL; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + + b->retry_reason=0; + ret=(int)SSL_do_handshake(ssl); + + switch (SSL_get_error(ssl,(int)ret)) + { + case SSL_ERROR_WANT_READ: + BIO_set_flags(b, + BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_WRITE: + BIO_set_flags(b, + BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_CONNECT: + BIO_set_flags(b, + BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + b->retry_reason=b->next_bio->retry_reason; + break; + default: + break; + } + break; + case BIO_CTRL_DUP: + dbio=(BIO *)ptr; + if (dbio->ptr != NULL) + SSL_free((SSL *)dbio->ptr); + dbio->ptr=(char *)SSL_dup(ssl); + ret=(dbio->ptr != NULL); + break; + default: + return(0); + break; + } + return(ret); + } + +static int ssl_puts(bp,str) +BIO *bp; +char *str; + { + int n,ret; + + n=strlen(str); + ret=BIO_write(bp,str,n); + return(ret); + } + +BIO *BIO_new_ssl(ctx,client) +SSL_CTX *ctx; +int client; + { + BIO *ret; + SSL *ssl; + + if ((ret=BIO_new(BIO_f_ssl())) == NULL) + return(NULL); + if ((ssl=SSL_new(ctx)) == NULL) + { + BIO_free(ret); + return(NULL); + } + if (client) + SSL_set_connect_state(ssl); + else + SSL_set_accept_state(ssl); + + BIO_set_ssl(ret,ssl,BIO_CLOSE); + return(ret); + } + +int BIO_ssl_copy_session_id(t,f) +BIO *t,*f; + { + t=BIO_find_type(t,BIO_TYPE_SSL); + f=BIO_find_type(f,BIO_TYPE_SSL); + if ((t == NULL) || (f == NULL)) + return(0); + if ((t->ptr == NULL) || (f->ptr == NULL)) + return(0); + SSL_copy_session_id((SSL *)t->ptr,(SSL *)f->ptr); + return(1); + } + +void BIO_ssl_shutdown(b) +BIO *b; + { + SSL *s; + + while (b != NULL) + { + if (b->method->type == BIO_TYPE_SSL) + { + s=(SSL *)b->ptr; + SSL_shutdown(s); + break; + } + b=b->next_bio; + } + } diff --git a/ssl/bio_ssl.orig.c b/ssl/bio_ssl.orig.c new file mode 100644 index 0000000000000000000000000000000000000000..25147d12e7c8aca439cd1acdf557f5f34568d93c --- /dev/null +++ b/ssl/bio_ssl.orig.c @@ -0,0 +1,440 @@ +/* ssl/bio_ssl.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "bio.h" +#include "err.h" +#include "ssl.h" + +#ifndef NOPROTO +static int ssl_write(BIO *h,char *buf,int num); +static int ssl_read(BIO *h,char *buf,int size); +static int ssl_puts(BIO *h,char *str); +static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2); +static int ssl_new(BIO *h); +static int ssl_free(BIO *data); +#else +static int ssl_write(); +static int ssl_read(); +static int ssl_puts(); +static long ssl_ctrl(); +static int ssl_new(); +static int ssl_free(); +#endif + +static BIO_METHOD methods_sslp= + { + BIO_TYPE_SSL,"ssl", + ssl_write, + ssl_read, + ssl_puts, + NULL, /* ssl_gets, */ + ssl_ctrl, + ssl_new, + ssl_free, + }; + +BIO_METHOD *BIO_f_ssl() + { + return(&methods_sslp); + } + +static int ssl_new(bi) +BIO *bi; + { + bi->init=0; + bi->ptr=NULL; /* The SSL structure */ + bi->flags=0; + return(1); + } + +static int ssl_free(a) +BIO *a; + { + if (a == NULL) return(0); + if (a->ptr != NULL) SSL_shutdown((SSL *)a->ptr); + if (a->shutdown) + { + if (a->init) SSL_free((SSL *)a->ptr); + a->init=0; + a->flags=0; + a->ptr=NULL; + } + return(1); + } + +static int ssl_read(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret=1,dr,dw; + int inflags,outflags; + SSL *ssl; + int retry_reason=0; + + if (out == NULL) return(0); + ssl=(SSL *)b->ptr; + + inflags=outflags=b->flags; + + dr=inflags&BIO_FLAGS_PROTOCOL_DELAYED_READ; + dw=inflags&BIO_FLAGS_PROTOCOL_DELAYED_WRITE; + + outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_WRITE| + BIO_FLAGS_PROTOCOL_DELAYED_READ); + + if (!SSL_is_init_finished(ssl)) + { + ret=SSL_do_handshake(ssl); +#if 0 + if (ret > 0) + { + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_READ|dw); + ret= -1; + goto end; + } +#endif + } + if (ret > 0) + ret=SSL_read(ssl,out,outl); + + switch (SSL_get_error(ssl,ret)) + { + case SSL_ERROR_NONE: + if (ret <= 0) break; + if (dw) + outflags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_READ: + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_READ|dw); + break; + case SSL_ERROR_WANT_WRITE: + outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_READ|dw); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_READ|dw); + retry_reason=BIO_RR_SSL_X509_LOOKUP; + break; + case SSL_ERROR_WANT_CONNECT: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_READ|dw); + retry_reason=BIO_RR_CONNECT; + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + case SSL_ERROR_ZERO_RETURN: + default: + break; + } + + b->retry_reason=retry_reason; + b->flags=outflags; + return(ret); + } + +static int ssl_write(b,out,outl) +BIO *b; +char *out; +int outl; + { + int ret,dr,dw; + int inflags,outflags,retry_reason=0; + SSL *ssl; + + if (out == NULL) return(0); + ssl=(SSL *)b->ptr; + + inflags=outflags=b->flags; + + dr=inflags&BIO_FLAGS_PROTOCOL_DELAYED_READ; + dw=inflags&BIO_FLAGS_PROTOCOL_DELAYED_WRITE; + + outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_WRITE| + BIO_FLAGS_PROTOCOL_DELAYED_READ); + + ret=SSL_do_handshake(ssl); + if (ret > 0) + ret=SSL_write(ssl,out,outl); + + switch (SSL_get_error(ssl,ret)) + { + case SSL_ERROR_NONE: + if (ret <= 0) break; + if (dr) + outflags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_WRITE: + outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_WRITE|dr); + break; + case SSL_ERROR_WANT_READ: + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_WRITE|dr); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_WRITE|dr); + retry_reason=BIO_RR_SSL_X509_LOOKUP; + break; + case SSL_ERROR_WANT_CONNECT: + outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY| + BIO_FLAGS_PROTOCOL_DELAYED_READ|dw); + retry_reason=BIO_RR_CONNECT; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + default: + break; + } + + b->retry_reason=retry_reason; + b->flags=outflags; + return(ret); + } + +static long ssl_ctrl(b,cmd,num,ptr) +BIO *b; +int cmd; +long num; +char *ptr; + { + SSL **sslp,*ssl; + BIO *dbio,*bio; + long ret=1; + + ssl=(SSL *)b->ptr; + switch (cmd) + { + case BIO_CTRL_RESET: + SSL_shutdown(ssl); + + if (ssl->handshake_func == ssl->method->ssl_connect) + SSL_set_connect_state(ssl); + else if (ssl->handshake_func == ssl->method->ssl_accept) + SSL_set_accept_state(ssl); + + SSL_clear(ssl); + + if (b->next_bio != NULL) + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + else if (ssl->rbio != NULL) + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); + else + ret=1; + break; + case BIO_CTRL_EOF: + case BIO_CTRL_INFO: + ret=0; + break; + case BIO_C_SSL_MODE: + if (num) /* client mode */ + SSL_set_connect_state(ssl); + else + SSL_set_accept_state(ssl); + break; + case BIO_C_SET_SSL: + ssl_free(b); + b->shutdown=(int)num; + b->ptr=ptr; + ssl=(SSL *)ptr; + bio=SSL_get_rbio(ssl); + if (bio != NULL) + { + if (b->next_bio != NULL) + BIO_push(bio,b->next_bio); + b->next_bio=bio; + } + b->init=1; + break; + case BIO_C_GET_SSL: + if (ptr != NULL) + { + sslp=(SSL **)ptr; + *sslp=ssl; + } + break; + case BIO_CTRL_GET_CLOSE: + ret=b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown=(int)num; + break; + case BIO_CTRL_WPENDING: + ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); + break; + case BIO_CTRL_PENDING: + ret=SSL_pending(ssl); + if (ret == 0) + ret=BIO_pending(ssl->rbio); + break; + case BIO_CTRL_FLUSH: + BIO_clear_retry_flags(b); + ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); + BIO_copy_next_retry(b); + break; + case BIO_CTRL_PUSH: + if (b->next_bio != NULL) + { + SSL_set_bio(ssl,b->next_bio,b->next_bio); + b->next_bio->references++; + } + break; + case BIO_CTRL_POP: + /* ugly bit of a hack */ + if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */ + { + BIO_free_all(ssl->wbio); + } + ssl->wbio=NULL; + ssl->rbio=NULL; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + + b->retry_reason=0; + ret=(int)SSL_do_handshake(ssl); + + switch (SSL_get_error(ssl,ret)) + { + case SSL_ERROR_WANT_READ: + BIO_set_flags(b, + BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_WRITE: + BIO_set_flags(b, + BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_CONNECT: + BIO_set_flags(b, + BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + b->retry_reason=b->next_bio->retry_reason; + break; + default: + break; + } + break; + case BIO_CTRL_DUP: + dbio=(BIO *)ptr; + if (dbio->ptr != NULL) + SSL_free((SSL *)dbio->ptr); + dbio->ptr=(char *)SSL_dup(ssl); + ret=(dbio->ptr != NULL); + break; + default: + return(0); + break; + } + return(ret); + } + +static int ssl_puts(bp,str) +BIO *bp; +char *str; + { + int n,ret; + + n=strlen(str); + ret=BIO_write(bp,str,n); + return(ret); + } + +BIO *BIO_new_ssl(ctx,client) +SSL_CTX *ctx; +int client; + { + BIO *ret; + SSL *ssl; + + if ((ret=BIO_new(BIO_f_ssl())) == NULL) + return(NULL); + if ((ssl=SSL_new(ctx)) == NULL) + { + BIO_free(ret); + return(NULL); + } + if (client) + SSL_set_connect_state(ssl); + else + SSL_set_accept_state(ssl); + + BIO_set_ssl(ret,ssl,BIO_CLOSE); + return(ret); + } + +int BIO_ssl_copy_session_id(t,f) +BIO *t,*f; + { + t=BIO_find_type(t,BIO_TYPE_SSL); + f=BIO_find_type(f,BIO_TYPE_SSL); + if ((t == NULL) || (f == NULL)) + return(0); + if ((t->ptr == NULL) || (f->ptr == NULL)) + return(0); + SSL_copy_session_id((SSL *)t->ptr,(SSL *)f->ptr); + return(1); + } + + diff --git a/ssl/build b/ssl/build new file mode 100644 index 0000000000000000000000000000000000000000..d3308356b3e34f52ae635a53200e487a12b2b33d --- /dev/null +++ b/ssl/build @@ -0,0 +1,6 @@ +#!/bin/sh +for i in BUILD_SSLV23 BUILD_SSLV2 BUILD_SSLV3 BUILD_SSL_COMMON BUILD_SSL_BIO BUILD_SSL_OPTIONAL +do +time gcc -D$i -o $i.o -c -I. -I../include -O3 -fomit-frame-pointer ssl.c +done + diff --git a/ssl/changes.ssl b/ssl/changes.ssl new file mode 100644 index 0000000000000000000000000000000000000000..ab94b95aa0741e5b8e8b4bb86a12632530332d53 --- /dev/null +++ b/ssl/changes.ssl @@ -0,0 +1,10 @@ + +Must do a +SSL_init_eay_ciphers(); +before calls to SSL_CTX_new() + +SSL_CTX *SSL_CTX_new(void ) -> SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); + +SSL_CTX_set_cert_verify_cb -> the callback is now +int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain); +where the 'cert_chain' has been added. diff --git a/ssl/f b/ssl/f new file mode 100644 index 0000000000000000000000000000000000000000..8730ef535dc1b5d020fb706aeaa18edb65aad334 --- /dev/null +++ b/ssl/f @@ -0,0 +1,40 @@ +/* return the actual cipher being used */ +char *SSL_CIPHER_get_name(c) +SSL_CIPHER *c; + { + if (c != NULL) + return(c->name); + return("UNKNOWN"); + } + +/* number of bits for symetric cipher */ +int SSL_CIPHER_get_bits(c,alg_bits) +SSL_CIPHER *c; +int *alg_bits; + { + int ret=0,a=0; + EVP_CIPHER *enc; + + if (c != NULL) + { + if (!ssl_cipher_get_evp(c,&enc,NULL)) + return(0); + + a=EVP_CIPHER_key_length(enc)*8; + + if (s->session->cipher->algorithms & SSL_EXP) + { + if (c->algorithm2 & SSL2_CF_8_BYTE_ENC) + ret=64; + else + ret=40; + } + else + ret=a; + } + + if (alg_bits != NULL) *alg_bits=a; + + return(ret); + } + diff --git a/ssl/readme b/ssl/readme new file mode 100644 index 0000000000000000000000000000000000000000..ca174848a1fcc91ad485adf800d4702346d15625 --- /dev/null +++ b/ssl/readme @@ -0,0 +1,277 @@ +22 Jun 1996 +This file belongs in ../apps, but I'll leave it here because it deals +with SSL :-) It is rather dated but it gives you an idea of how +things work. +=== + +17 Jul 1995 +I have been changing things quite a bit and have not fully updated +this file, so take what you read with a grain of salt +eric +=== +The s_client and s_server programs can be used to test SSL capable +IP/port addresses and the verification of the X509 certificates in use +by these services. I strongly advise having a look at the code to get +an idea of how to use the authentication under SSLeay. Any feedback +on changes and improvements would be greatly accepted. + +This file will probably be gibberish unless you have read +rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM +authentication. + +A Brief outline (and examples) how to use them to do so. + +NOTE: +The environment variable SSL_CIPER is used to specify the prefered +cipher to use, play around with setting it's value to combinations of +RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL +in a : separated list. + +This directory contains 3 X509 certificates which can be used by these programs. +client.pem: a file containing a certificate and private key to be used + by s_client. +server.pem :a file containing a certificate and private key to be used + by s_server. +eay1024.pem:the certificate used to sign client.pem and server.pem. + This would be your CA's certificate. There is also a link + from the file a8556381.0 to eay1024.PEM. The value a8556381 + is returned by 'x509 -hash -noout to exit. Flags are as follows. +-host arg : Arg is the host or IP address to connect to. +-port arg : Arg is the port to connect to (https is 443). +-verify arg : Turn on authentication of the server certificate. + : Arg specifies the 'depth', this will covered below. +-cert arg : The optional certificate to use. This certificate + : will be returned to the server if the server + : requests it for client authentication. +-key arg : The private key that matches the certificate + : specified by the -cert option. If this is not + : specified (but -cert is), the -cert file will be + : searched for the Private key. Both files are + : assumed to be in PEM format. +-CApath arg : When to look for certificates when 'verifying' the + : certificate from the server. +-CAfile arg : A file containing certificates to be used for + : 'verifying' the server certificate. +-reconnect : Once a connection has been made, drop it and + : reconnect with same session-id. This is for testing :-). + +The '-verify n' parameter specifies not only to verify the servers +certificate but to also only take notice of 'n' levels. The best way +to explain is to show via examples. +Given +s_server -cert server.PEM is running. + +s_client + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify error:num=1:unable to get issuer certificate + verify return:1 + CIPHER is CBC-DES-MD5 +What has happened is that the 'SSLeay demo server' certificate's +issuer ('CA') could not be found but because verify is not on, we +don't care and the connection has been made anyway. It is now 'up' +using CBC-DES-MD5 mode. This is an unauthenticate secure channel. +You may not be talking to the right person but the data going to them +is encrypted. + +s_client -verify 0 + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify error:num=1:unable to get issuer certificate + verify return:1 + CIPHER is CBC-DES-MD5 +We are 'verifying' but only to depth 0, so since the 'SSLeay demo server' +certificate passed the date and checksum, we are happy to proceed. + +s_client -verify 1 + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify error:num=1:unable to get issuer certificate + verify return:0 + ERROR + verify error:unable to get issuer certificate +In this case we failed to make the connection because we could not +authenticate the certificate because we could not find the +'CA' certificate. + +s_client -verify 1 -CAfile eay1024.PEM + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + CIPHER is CBC-DES-MD5 +We loaded the certificates from the file eay1024.PEM. Everything +checked out and so we made the connection. + +s_client -verify 1 -CApath . + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + CIPHER is CBC-DES-MD5 +We looked in out local directory for issuer certificates and 'found' +a8556381.0 and so everything is ok. + +It is worth noting that 'CA' is a self certified certificate. If you +are passed one of these, it will fail to 'verify' at depth 0 because +we need to lookup the certifier of a certificate from some information +that we trust and keep locally. + +SSL_CIPHER=CBC3-DES-MD5:RC4-MD5 +export SSL_CIPHER +s_client -verify 10 -CApath . -reconnect + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + drop the connection and reconnect with the same session id + CIPHER is CBC3-DES-MD5 +This has done a full connection and then re-estabished it with the +same session id but a new socket. No RSA stuff occures on the second +connection. Note that we said we would prefer to use CBC3-DES-MD5 +encryption and so, since the server supports it, we are. + +===== +s_server +This program accepts SSL connections on a specified port +Once connected, it will estabish an SSL connection and optionaly +attempt to authenticate the client. A 2 directional channel will be +open. Any text typed will be sent to the other end. Type Q to exit. +Flags are as follows. +-port arg : Arg is the port to listen on. +-verify arg : Turn on authentication of the client if they have a + : certificate. Arg specifies the 'depth'. +-Verify arg : Turn on authentication of the client. If they don't + : have a valid certificate, drop the connection. +-cert arg : The certificate to use. This certificate + : will be passed to the client. If it is not + : specified, it will default to server.PEM +-key arg : The private key that matches the certificate + : specified by the -cert option. If this is not + : specified (but -cert is), the -cert file will be + : searched for the Private key. Both files are + : assumed to be in PEM format. Default is server.PEM +-CApath arg : When to look for certificates when 'verifying' the + : certificate from the client. +-CAfile arg : A file containing certificates to be used for + : 'verifying' the client certificate. + +For the following 'demo' I will specify the s_server command and +the s_client command and then list the output from the s_server. +s_server +s_client + CONNECTED + CIPHER is CBC-DES-MD5 +Everything up and running + +s_server -verify 0 +s_client + CONNECTED + CIPHER is CBC-DES-MD5 +Ok since no certificate was returned and we don't care. + +s_server -verify 0 +./s_client -cert client.PEM + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client + issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify error:num=1:unable to get issuer certificate + verify return:1 + CIPHER is CBC-DES-MD5 +Ok since we were only verifying to level 0 + +s_server -verify 4 +s_client -cert client.PEM + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client + issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify error:num=1:unable to get issuer certificate + verify return:0 + ERROR + verify error:unable to get issuer certificate +Bad because we could not authenticate the returned certificate. + +s_server -verify 4 -CApath . +s_client -cert client.PEM + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + CIPHER is CBC-DES-MD5 +Ok because we could authenticate the returned certificate :-). + +s_server -Verify 0 -CApath . +s_client + CONNECTED + ERROR + SSL error:function is:REQUEST_CERTIFICATE + :error is :client end did not return a certificate +Error because no certificate returned. + +s_server -Verify 4 -CApath . +s_client -cert client.PEM + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + CIPHER is CBC-DES-MD5 +Full authentication of the client. + +So in summary to do full authentication of both ends +s_server -Verify 9 -CApath . +s_client -cert client.PEM -CApath . -verify 9 +From the server side + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + CIPHER is CBC-DES-MD5 +From the client side + CONNECTED + depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server + verify return:1 + depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA + verify return:1 + CIPHER is CBC-DES-MD5 + +For general probing of the 'internet https' servers for the +distribution area, run +s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash +Then enter +GET / +and you should be talking to the https server on that host. + +www.rsa.com was refusing to respond to connections on 443 when I was +testing. + +have fun :-). + +eric diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c new file mode 100644 index 0000000000000000000000000000000000000000..57d3623f3f001bb5c54c71622d7b154a4507fc60 --- /dev/null +++ b/ssl/s23_clnt.c @@ -0,0 +1,444 @@ +/* ssl/s23_clnt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "buffer.h" +#include "rand.h" +#include "objects.h" +#include "evp.h" +#include "ssl_locl.h" + +#define BREAK break + +#ifndef NOPROTO +static int ssl23_client_hello(SSL *s); +static int ssl23_get_server_hello(SSL *s); +#else +static int ssl23_client_hello(); +static int ssl23_get_server_hello(); +#endif + +static SSL_METHOD *ssl23_get_client_method(ver) +int ver; + { + if (ver == 2) + return(SSLv2_client_method()); + else if (ver == 3) + return(SSLv3_client_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv23_client_method() + { + static int init=1; + static SSL_METHOD SSLv23_client_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv23_client_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_client_data.ssl_connect=ssl23_connect; + SSLv23_client_data.get_ssl_method=ssl23_get_client_method; + } + return(&SSLv23_client_data); + } + +int ssl23_connect(s) +SSL *s; + { + BUF_MEM *buf; + unsigned long Time=time(NULL); + void (*cb)()=NULL; + int ret= -1; + int new_state,state; + + RAND_seed((unsigned char *)&Time,sizeof(Time)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + + for (;;) + { + state=s->state; + + switch(s->state) + { + case SSL_ST_BEFORE: + case SSL_ST_CONNECT: + case SSL_ST_BEFORE|SSL_ST_CONNECT: + case SSL_ST_OK|SSL_ST_CONNECT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=3; + s->type=SSL_ST_CONNECT; + + if (s->init_buf == NULL) + { + if ((buf=BUF_MEM_new()) == NULL) + { + ret= -1; + goto end; + } + if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) + { + ret= -1; + goto end; + } + s->init_buf=buf; + } + + if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } + + ssl3_init_finished_mac(s); + + s->state=SSL23_ST_CW_CLNT_HELLO_A; + s->ctx->sess_connect++; + s->init_num=0; + break; + + case SSL23_ST_CW_CLNT_HELLO_A: + case SSL23_ST_CW_CLNT_HELLO_B: + + s->shutdown=0; + ret=ssl23_client_hello(s); + if (ret <= 0) goto end; + s->state=SSL23_ST_CR_SRVR_HELLO_A; + s->init_num=0; + + break; + + case SSL23_ST_CR_SRVR_HELLO_A: + case SSL23_ST_CR_SRVR_HELLO_B: + ret=ssl23_get_server_hello(s); + if (ret >= 0) cb=NULL; + goto end; + break; + + default: + SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); + ret= -1; + goto end; + /* break; */ + } + + if (s->debug) BIO_flush(s->wbio); + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_CONNECT_LOOP,1); + s->state=new_state; + } + } +end: + s->in_handshake--; + if (cb != NULL) + cb(s,SSL_CB_CONNECT_EXIT,ret); + return(ret); + } + + +static int ssl23_client_hello(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p,*d; + int i,ch_len; + + buf=(unsigned char *)s->init_buf->data; + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + { +#if 0 + /* don't reuse session-id's */ + if (!ssl_get_new_session(s,0)) + { + return(-1); + } +#endif + + p=s->s3->client_random; + RAND_bytes(p,SSL3_RANDOM_SIZE); + + /* Do the message type and length last */ + d= &(buf[2]); + p=d+9; + + *(d++)=SSL2_MT_CLIENT_HELLO; + *(d++)=SSL3_VERSION_MAJOR; + *(d++)=SSL3_VERSION_MINOR; + + /* Ciphers supported */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); + if (i == 0) + { + /* no ciphers */ + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return(-1); + } + s2n(i,d); + p+=i; + + /* put in the session-id, zero since there is no + * reuse. */ +#if 0 + s->session->session_id_length=0; +#endif + s2n(0,d); + + if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) + ch_len=SSL2_CHALLENGE_LENGTH; + else + ch_len=SSL2_MAX_CHALLENGE_LENGTH; + + /* write out sslv2 challenge */ + if (SSL3_RANDOM_SIZE < ch_len) + i=SSL3_RANDOM_SIZE; + else + i=ch_len; + s2n(i,d); + memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); + RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + p+=i; + + i= p- &(buf[2]); + buf[0]=((i>>8)&0xff)|0x80; + buf[1]=(i&0xff); + + s->state=SSL23_ST_CW_CLNT_HELLO_B; + /* number of bytes to write */ + s->init_num=i+2; + s->init_off=0; + + ssl3_finish_mac(s,&(buf[2]),i); + } + + /* SSL3_ST_CW_CLNT_HELLO_B */ + return(ssl23_write_bytes(s)); + } + +static int ssl23_get_server_hello(s) +SSL *s; + { + char buf[8]; + unsigned char *p; + int i,ch_len; + int n; + BIO *bbio; + + n=ssl23_read_bytes(s,7); + + if (n != 7) return(n); + p=s->packet; + + memcpy(buf,p,n); + + if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && + (p[5] == 0x00) && (p[6] == 0x02)) + { + /* we are talking sslv2 */ + /* we need to clean up the SSLv3 setup and put in the + * sslv2 stuff. */ + + if (s->s2 == NULL) + { + if (!ssl2_new(s)) + goto err; + } + else + ssl2_clear(s); + + if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) + ch_len=SSL2_CHALLENGE_LENGTH; + else + ch_len=SSL2_MAX_CHALLENGE_LENGTH; + + /* write out sslv2 challenge */ + i=(SSL3_RANDOM_SIZE < ch_len) + ?SSL3_RANDOM_SIZE:ch_len; + s->s2->challenge_length=i; + memcpy(s->s2->challenge, + &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + + if (s->s3 != NULL) ssl3_free(s); + + if (!BUF_MEM_grow(s->init_buf, + SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); + goto err; + } + + s->state=SSL2_ST_GET_SERVER_HELLO_A; + s->s2->ssl2_rollback=1; + + /* setup the 5 bytes we have read so we get them from + * the sslv2 buffer */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + s->packet= &(s->s2->rbuf[0]); + memcpy(s->packet,buf,n); + s->s2->rbuf_left=n; + s->s2->rbuf_offs=0; + + /* we have already written one */ + s->s2->write_sequence=1; + + s->method=SSLv2_client_method(); + s->handshake_func=s->method->ssl_connect; + } + else if ((p[0] == SSL3_RT_HANDSHAKE) && + (p[1] == SSL3_VERSION_MAJOR) && + (p[2] == SSL3_VERSION_MINOR) && + (p[5] == SSL3_MT_SERVER_HELLO)) + { + /* we have sslv3 */ + + if (s->bbio == NULL) + { + bbio=BIO_new(BIO_f_buffer()); + if (bbio == NULL) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); + goto err; + } + s->bbio=bbio; + } + else + bbio=s->bbio; + + BIO_reset(bbio); + if (!BIO_set_write_buffer_size(bbio,16*1024)) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); + goto err; + } + + /* start the buffering */ + s->wbio=BIO_push(s->bbio,s->wbio); + + /* we are in this state */ + s->state=SSL3_ST_CR_SRVR_HELLO_A; + + /* put the 5 bytes we have read into the input buffer + * for SSLv3 */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + s->packet= &(s->s3->rbuf.buf[0]); + memcpy(s->packet,buf,n); + s->s3->rbuf.left=n; + s->s3->rbuf.offset=0; + + s->method=SSLv3_client_method(); + s->handshake_func=s->method->ssl_connect; + } + else if ((p[0] == SSL3_RT_ALERT) && + (p[1] == SSL3_VERSION_MAJOR) && + (p[2] == SSL3_VERSION_MINOR) && + (p[3] == 0) && + (p[4] == 2)) + { + void (*cb)()=NULL; + int j; + + /* An alert */ + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + i=p[5]; + if (cb != NULL) + { + j=(i<<8)|p[6]; + cb(s,SSL_CB_READ_ALERT,j); + } + + s->rwstate=SSL_NOTHING; + SSLerr(SSL_F_SSL3_READ_BYTES,1000+p[6]); + goto err; + } + else + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); + goto err; + } + s->init_num=0; + + /* Since, if we are sending a ssl23 client hello, we are not + * reusing a session-id */ + if (!ssl_get_new_session(s,0)) + goto err; + + s->first_packet=1; + return(SSL_connect(s)); +err: + return(-1); + } + diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..ff19adc1191dd0a4482c2dbe632310b393afe817 --- /dev/null +++ b/ssl/s23_lib.c @@ -0,0 +1,232 @@ +/* ssl/s23_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "ssl_locl.h" + +#ifndef NOPROTO +static int ssl23_num_ciphers(void ); +static SSL_CIPHER *ssl23_get_cipher(unsigned int u); +static int ssl23_read(SSL *s, char *buf, int len); +static int ssl23_write(SSL *s, char *buf, int len); +static long ssl23_default_timeout(void ); +static int ssl23_put_cipher_by_char(SSL_CIPHER *c, unsigned char *p); +static SSL_CIPHER *ssl23_get_cipher_by_char(unsigned char *p); +#else +static int ssl23_num_ciphers(); +static SSL_CIPHER *ssl23_get_cipher(); +static int ssl23_read(); +static int ssl23_write(); +static long ssl23_default_timeout(); +static int ssl23_put_cipher_by_char(); +static SSL_CIPHER *ssl23_get_cipher_by_char(); +#endif + +char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997"; + +static SSL_METHOD SSLv23_data= { + 3, + ssl3_new, + ssl3_clear, + ssl3_free, + ssl_undefined_function, + ssl_undefined_function, + ssl23_read, + ssl_undefined_function, + ssl23_write, + ssl_undefined_function, + ssl_undefined_function, + ssl3_ctrl, + ssl3_ctx_ctrl, + ssl23_get_cipher_by_char, + ssl23_put_cipher_by_char, + ssl_undefined_function, + ssl23_num_ciphers, + ssl23_get_cipher, + ssl_bad_method, + ssl23_default_timeout, + }; + +static long ssl23_default_timeout() + { + return(300); + } + +SSL_METHOD *sslv23_base_method() + { + return(&SSLv23_data); + } + +static int ssl23_num_ciphers() + { + return(ssl3_num_ciphers()+ssl2_num_ciphers()); + } + +static SSL_CIPHER *ssl23_get_cipher(u) +unsigned int u; + { + unsigned int uu=ssl3_num_ciphers(); + + if (u < uu) + return(ssl3_get_cipher(u)); + else + return(ssl2_get_cipher(u-uu)); + } + +/* This function needs to check if the ciphers required are actually + * available */ +static SSL_CIPHER *ssl23_get_cipher_by_char(p) +unsigned char *p; + { + SSL_CIPHER c,*cp; + unsigned long id; + int n; + + n=ssl3_num_ciphers(); + id=0x03000000|((unsigned long)p[0]<<16L)| + ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; + c.id=id; + cp=ssl3_get_cipher_by_char(p); + if (cp == NULL) + cp=ssl2_get_cipher_by_char(p); + return(cp); + } + +static int ssl23_put_cipher_by_char(c,p) +SSL_CIPHER *c; +unsigned char *p; + { + long l; + + /* We can write SSLv2 and SSLv3 ciphers */ + if (p != NULL) + { + l=c->id; + p[0]=((unsigned char)(l>>16L))&0xFF; + p[1]=((unsigned char)(l>> 8L))&0xFF; + p[2]=((unsigned char)(l ))&0xFF; + } + return(3); + } + +static int ssl23_read(s,buf,len) +SSL *s; +char *buf; +int len; + { + int n; + +#if 0 + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) + { + s->rwstate=SSL_NOTHING; + return(0); + } +#endif + errno=0; + if (SSL_in_init(s) && (!s->in_handshake)) + { + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + return(SSL_read(s,buf,len)); + } + else + { + ssl_undefined_function(s); + return(-1); + } + } + +static int ssl23_write(s,buf,len) +SSL *s; +char *buf; +int len; + { + int n; + +#if 0 + if (s->shutdown & SSL_SENT_SHUTDOWN) + { + s->rwstate=SSL_NOTHING; + return(0); + } +#endif + errno=0; + if (SSL_in_init(s) && (!s->in_handshake)) + { + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + return(SSL_write(s,buf,len)); + } + else + { + ssl_undefined_function(s); + return(-1); + } + } diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c new file mode 100644 index 0000000000000000000000000000000000000000..dbe282bfd0ab73c689c52df9c951634bbae795b9 --- /dev/null +++ b/ssl/s23_meth.c @@ -0,0 +1,90 @@ +/* ssl/s23_meth.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "ssl_locl.h" + +static SSL_METHOD *ssl23_get_method(ver) +int ver; + { + if (ver == 2) + return(SSLv23_method()); + else if (ver == 3) + return(SSLv3_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv23_method() + { + static int init=1; + static SSL_METHOD SSLv23_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), + sizeof(SSL_METHOD)); + SSLv23_data.ssl_connect=ssl23_connect; + SSLv23_data.ssl_accept=ssl23_accept; + SSLv23_data.get_ssl_method=ssl23_get_method; + } + return(&SSLv23_data); + } + diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c new file mode 100644 index 0000000000000000000000000000000000000000..e9b2add0b8ff777ed64507bf4862f85af26d715f --- /dev/null +++ b/ssl/s23_pkt.c @@ -0,0 +1,120 @@ +/* ssl/s23_pkt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#define USE_SOCKETS +#include "evp.h" +#include "buffer.h" +#include "ssl_locl.h" + +int ssl23_write_bytes(s) +SSL *s; + { + int i,num,tot; + char *buf; + + buf=s->init_buf->data; + tot=s->init_off; + num=s->init_num; + for (;;) + { + s->rwstate=SSL_WRITING; + i=BIO_write(s->wbio,&(buf[tot]),num); + if (i < 0) + { + s->init_off=tot; + s->init_num=num; + return(i); + } + s->rwstate=SSL_NOTHING; + if (i == num) return(tot+i); + + num-=i; + tot+=i; + } + } + +/* only return when we have read 'n' bytes */ +int ssl23_read_bytes(s,n) +SSL *s; +int n; + { + unsigned char *p; + int j; + + if (s->packet_length < (unsigned int)n) + { + p=s->packet; + + for (;;) + { + s->rwstate=SSL_READING; + j=BIO_read(s->rbio,(char *)&(p[s->packet_length]), + n-s->packet_length); + if (j <= 0) + return(j); + s->rwstate=SSL_NOTHING; + s->packet_length+=j; + if (s->packet_length >= (unsigned int)n) + return(s->packet_length); + } + } + return(n); + } + diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c new file mode 100644 index 0000000000000000000000000000000000000000..398f0058217b70d1cf0105f9f3784a34ea2d96da --- /dev/null +++ b/ssl/s23_srvr.c @@ -0,0 +1,474 @@ +/* ssl/s23_srvr.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "buffer.h" +#include "rand.h" +#include "objects.h" +#include "evp.h" +#include "ssl_locl.h" + +#define BREAK break + +#ifndef NOPROTO +int ssl23_get_client_hello(SSL *s); +#else +int ssl23_get_client_hello(); +#endif + +static SSL_METHOD *ssl23_get_server_method(ver) +int ver; + { + if (ver == 2) + return(SSLv2_server_method()); + else if (ver == 3) + return(SSLv3_server_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv23_server_method() + { + static int init=1; + static SSL_METHOD SSLv23_server_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv23_server_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_server_data.ssl_accept=ssl23_accept; + SSLv23_server_data.get_ssl_method=ssl23_get_server_method; + } + return(&SSLv23_server_data); + } + +int ssl23_accept(s) +SSL *s; + { + BUF_MEM *buf; + unsigned long Time=time(NULL); + void (*cb)()=NULL; + int ret= -1; + int new_state,state; + + RAND_seed((unsigned char *)&Time,sizeof(Time)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + + for (;;) + { + state=s->state; + + switch(s->state) + { + case SSL_ST_BEFORE: + case SSL_ST_ACCEPT: + case SSL_ST_BEFORE|SSL_ST_ACCEPT: + case SSL_ST_OK|SSL_ST_ACCEPT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=3; + s->type=SSL_ST_ACCEPT; + + if (s->init_buf == NULL) + { + if ((buf=BUF_MEM_new()) == NULL) + { + ret= -1; + goto end; + } + if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) + { + ret= -1; + goto end; + } + s->init_buf=buf; + } + + ssl3_init_finished_mac(s); + + s->state=SSL23_ST_SR_CLNT_HELLO_A; + s->ctx->sess_accept++; + s->init_num=0; + break; + + case SSL23_ST_SR_CLNT_HELLO_A: + case SSL23_ST_SR_CLNT_HELLO_B: + + s->shutdown=0; + ret=ssl23_get_client_hello(s); + if (ret >= 0) cb=NULL; + goto end; + break; + + default: + SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); + ret= -1; + goto end; + /* break; */ + } + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_ACCEPT_LOOP,1); + s->state=new_state; + } + } +end: + if (cb != NULL) + cb(s,SSL_CB_ACCEPT_EXIT,ret); + s->in_handshake--; + return(ret); + } + + +int ssl23_get_client_hello(s) +SSL *s; + { + char buf_space[8]; + char *buf= &(buf_space[0]); + unsigned char *p,*d,*dd; + unsigned int i; + unsigned int csl,sil,cl; + int n=0,j; + BIO *bbio; + int type=0,use_sslv2_strong=0; + + /* read the initial header */ + if (s->state == SSL23_ST_SR_CLNT_HELLO_A) + { + if (!ssl3_setup_buffers(s)) goto err; + + n=ssl23_read_bytes(s,7); + if (n != 7) return(n); + + p=s->packet; + + memcpy(buf,p,n); + + if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) + { + /* SSLv2 header */ + if ((p[3] == 0x00) && (p[4] == 0x02)) + { + /* SSLv2 */ + type=1; + } + else if (p[3] == SSL3_VERSION_MAJOR) + { + if (s->ctx->options & SSL_OP_NON_EXPORT_FIRST) + { + STACK *sk; + SSL_CIPHER *c; + int ne2,ne3; + + j=((p[0]&0x7f)<<8)|p[1]; + if (j > (1024*4)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); + goto err; + } + + n=ssl23_read_bytes(s,j+2); + if (n <= 0) return(n); + p=s->packet; + + if ((buf=Malloc(n)) == NULL) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(buf,p,n); + + p+=5; + n2s(p,csl); + p+=4; + + sk=ssl_bytes_to_cipher_list( + s,p,csl,NULL); + if (sk != NULL) + { + ne2=ne3=0; + for (j=0; jalgorithms & SSL_EXP)) + { + if ((c->id>>24L) == 2L) + ne2=1; + else + ne3=1; + } + } + if (ne2 && !ne3) + { + type=1; + use_sslv2_strong=1; + goto next_bit; + } + } + } + /* SSLv3 */ + s->state=SSL23_ST_SR_CLNT_HELLO_B; + } + } + else if ((p[0] == SSL3_RT_HANDSHAKE) && + (p[1] == SSL3_VERSION_MAJOR) && + (p[5] == SSL3_MT_CLIENT_HELLO)) + { + /* true SSLv3 */ + type=3; + } + /* I will not introduce error codes since that will probably + * disrupt the error codes alread allocated and could play + * havoc with dynamic allocation. Upgrade to 0.9.x :-) + */ + else if ((strncmp("GET ", (char *)p,4) == 0) || + (strncmp("POST ",(char *)p,5) == 0) || + (strncmp("HEAD ",(char *)p,5) == 0) || + (strncmp("PUT ", (char *)p,4) == 0)) + { + goto err; + } + else if (strncmp("CONNECT",(char *)p,7) == 0) + { + goto err; + } + } + +next_bit: + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) + { + /* we have a SSLv3 in a SSLv2 header */ + type=2; + p=s->packet; + n=((p[0]&0x7f)<<8)|p[1]; + if (n > (1024*4)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); + goto err; + } + + j=ssl23_read_bytes(s,n+2); + if (j <= 0) return(j); + + ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); + + p=s->packet; + p+=5; + n2s(p,csl); + n2s(p,sil); + n2s(p,cl); + d=(unsigned char *)s->init_buf->data; + if ((csl+sil+cl+11) != s->packet_length) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); + goto err; + } + + *(d++)=SSL3_VERSION_MAJOR; + *(d++)=SSL3_VERSION_MINOR; + + /* lets populate the random area */ + /* get the chalenge_length */ + i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; + memset(d,0,SSL3_RANDOM_SIZE); + memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); + d+=SSL3_RANDOM_SIZE; + + /* no session-id reuse */ + *(d++)=0; + + /* ciphers */ + j=0; + dd=d; + d+=2; + for (i=0; iinit_buf->data); + + /* get the data reused from the init_buf */ + s->s3->tmp.reuse_message=1; + s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; + s->s3->tmp.message_size=i; + } + + if (type == 1) + { + /* we are talking sslv2 */ + /* we need to clean up the SSLv3 setup and put in the + * sslv2 stuff. */ + + if (s->s2 == NULL) + { + if (!ssl2_new(s)) + goto err; + } + else + ssl2_clear(s); + + if (s->s3 != NULL) ssl3_free(s); + + if (!BUF_MEM_grow(s->init_buf, + SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) + { + goto err; + } + + s->state=SSL2_ST_GET_CLIENT_HELLO_A; + if ((s->ctx->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || + use_sslv2_strong) + s->s2->ssl2_rollback=0; + else + s->s2->ssl2_rollback=1; + + /* setup the 5 bytes we have read so we get them from + * the sslv2 buffer */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + s->packet= &(s->s2->rbuf[0]); + memcpy(s->packet,buf,n); + s->s2->rbuf_left=n; + s->s2->rbuf_offs=0; + + s->method=SSLv2_server_method(); + s->handshake_func=s->method->ssl_accept; + } + + if ((type == 2) || (type == 3)) + { + /* we have sslv3 */ + + if (s->bbio == NULL) + { + bbio=BIO_new(BIO_f_buffer()); + if (bbio == NULL) + goto err; + s->bbio=bbio; + } + else + bbio=s->bbio; + BIO_reset(bbio); + if (!BIO_set_write_buffer_size(bbio,16*1024)) + goto err; + s->wbio=BIO_push(bbio,s->wbio); + + /* we are in this state */ + s->state=SSL3_ST_SR_CLNT_HELLO_A; + + if (type == 3) + { + /* put the 'n' bytes we have read into the input buffer + * for SSLv3 */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + s->packet= &(s->s3->rbuf.buf[0]); + memcpy(s->packet,buf,n); + s->s3->rbuf.left=n; + s->s3->rbuf.offset=0; + } + else + { + s->packet_length=0; + s->s3->rbuf.left=0; + s->s3->rbuf.offset=0; + } + + s->method=SSLv3_server_method(); + s->handshake_func=s->method->ssl_accept; + } + + if ((type < 1) || (type > 3)) + { + /* bad, very bad */ + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); + goto err; + } + s->init_num=0; + + if (buf != buf_space) Free(buf); + s->first_packet=1; + return(SSL_accept(s)); +err: + if (buf != buf_space) Free(buf); + return(-1); + } + diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c new file mode 100644 index 0000000000000000000000000000000000000000..67578a45ade8fb0fcc2733156ae3ca3795d202bd --- /dev/null +++ b/ssl/s2_clnt.c @@ -0,0 +1,982 @@ +/* ssl/s2_clnt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#ifndef NO_MD5 +#include "md5.h" +#endif +#include "rand.h" +#include "buffer.h" +#include "objects.h" +#include "ssl_locl.h" +#include "evp.h" + +#ifndef NOPROTO +static int get_server_finished(SSL *s); +static int get_server_verify(SSL *s); +static int get_server_hello(SSL *s); +static int client_hello(SSL *s); +static int client_master_key(SSL *s); +static int client_finished(SSL *s); +static int client_certificate(SSL *s); +static int ssl_rsa_public_encrypt(CERT *c, int len, unsigned char *from, + unsigned char *to,int padding); +#else +static int get_server_finished(); +static int get_server_verify(); +static int get_server_hello(); +static int client_hello(); +static int client_master_key(); +static int client_finished(); +static int client_certificate(); +static int ssl_rsa_public_encrypt(); +#endif + +#define BREAK break + +static SSL_METHOD *ssl2_get_client_method(ver) +int ver; + { + if (ver == 2) + return(SSLv2_client_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv2_client_method() + { + static int init=1; + static SSL_METHOD SSLv2_client_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_client_data.ssl_connect=ssl2_connect; + SSLv2_client_data.get_ssl_method=ssl2_get_client_method; + } + return(&SSLv2_client_data); + } + +int ssl2_connect(s) +SSL *s; + { + unsigned long l=time(NULL); + BUF_MEM *buf=NULL; + int ret= -1; + void (*cb)()=NULL; + int new_state,state; + + RAND_seed((unsigned char *)&l,sizeof(l)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + /* init things to blank */ + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + + for (;;) + { + state=s->state; + + switch (s->state) + { + case SSL_ST_BEFORE: + case SSL_ST_CONNECT: + case SSL_ST_BEFORE|SSL_ST_CONNECT: + case SSL_ST_OK|SSL_ST_CONNECT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=2; + s->type=SSL_ST_CONNECT; + + buf=s->init_buf; + if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) + { + ret= -1; + goto end; + } + if (!BUF_MEM_grow(buf, + SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) + { + ret= -1; + goto end; + } + s->init_buf=buf; + s->init_num=0; + s->state=SSL2_ST_SEND_CLIENT_HELLO_A; + s->ctx->sess_connect++; + s->handshake_func=ssl2_connect; + BREAK; + + case SSL2_ST_SEND_CLIENT_HELLO_A: + case SSL2_ST_SEND_CLIENT_HELLO_B: + s->shutdown=0; + ret=client_hello(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_GET_SERVER_HELLO_A; + BREAK; + + case SSL2_ST_GET_SERVER_HELLO_A: + case SSL2_ST_GET_SERVER_HELLO_B: + ret=get_server_hello(s); + if (ret <= 0) goto end; + s->init_num=0; + if (!s->hit) /* new session */ + { + s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A; + BREAK; + } + else + { + s->state=SSL2_ST_CLIENT_START_ENCRYPTION; + break; + } + + case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: + case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: + ret=client_master_key(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_CLIENT_START_ENCRYPTION; + break; + + case SSL2_ST_CLIENT_START_ENCRYPTION: + /* Ok, we now have all the stuff needed to + * start encrypting, so lets fire it up :-) */ + if (!ssl2_enc_init(s,1)) + { + ret= -1; + goto end; + } + s->s2->clear_text=0; + s->state=SSL2_ST_SEND_CLIENT_FINISHED_A; + break; + + case SSL2_ST_SEND_CLIENT_FINISHED_A: + case SSL2_ST_SEND_CLIENT_FINISHED_B: + ret=client_finished(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_GET_SERVER_VERIFY_A; + break; + + case SSL2_ST_GET_SERVER_VERIFY_A: + case SSL2_ST_GET_SERVER_VERIFY_B: + ret=get_server_verify(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_GET_SERVER_FINISHED_A; + break; + + case SSL2_ST_GET_SERVER_FINISHED_A: + case SSL2_ST_GET_SERVER_FINISHED_B: + ret=get_server_finished(s); + if (ret <= 0) goto end; + break; + + case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: + case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: + case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: + case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: + case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: + ret=client_certificate(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_GET_SERVER_FINISHED_A; + break; + + case SSL_ST_OK: + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; + s->init_num=0; + /* ERR_clear_error();*/ + + /* If we want to cache session-ids in the client + * and we sucessfully add the session-id to the + * cache, and there is a callback, then pass it out. + * 26/11/96 - eay - only add if not a re-used session. + */ + + ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); + + ret=1; + /* s->server=0; */ + s->ctx->sess_connect_good++; + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + + goto end; + break; + default: + SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE); + return(-1); + /* break; */ + } + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_CONNECT_LOOP,1); + s->state=new_state; + } + } +end: + s->in_handshake--; + if (cb != NULL) + cb(s,SSL_CB_CONNECT_EXIT,ret); + return(ret); + } + +static int get_server_hello(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p; + int i,j; + STACK *sk,*cl; + + buf=(unsigned char *)s->init_buf->data; + p=buf; + if (s->state == SSL2_ST_GET_SERVER_HELLO_A) + { + i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num); + if (i < (11-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); + + if (*(p++) != SSL2_MT_SERVER_HELLO) + { + if (p[-1] != SSL2_MT_ERROR) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_HELLO, + SSL_R_READ_WRONG_PACKET_TYPE); + } + else + SSLerr(SSL_F_GET_SERVER_HELLO, + SSL_R_PEER_ERROR); + return(-1); + } + s->hit=(*(p++))?1:0; + s->s2->tmp.cert_type= *(p++); + n2s(p,i); + if (i < s->version) s->version=i; + n2s(p,i); s->s2->tmp.cert_length=i; + n2s(p,i); s->s2->tmp.csl=i; + n2s(p,i); s->s2->tmp.conn_id_length=i; + s->state=SSL2_ST_GET_SERVER_HELLO_B; + s->init_num=0; + } + + /* SSL2_ST_GET_SERVER_HELLO_B */ + j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length + - s->init_num; + i=ssl2_read(s,(char *)&(buf[s->init_num]),j); + if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); + + /* things are looking good */ + + p=buf; + if (s->hit) + { + if (s->s2->tmp.cert_length != 0) + { + SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO); + return(-1); + } + if (s->s2->tmp.cert_type != 0) + { + if (!(s->ctx->options & + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) + { + SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO); + return(-1); + } + } + if (s->s2->tmp.csl != 0) + { + SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO); + return(-1); + } + } + else + { +#ifdef undef + /* very bad */ + memset(s->session->session_id,0, + SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES); + s->session->session_id_length=0; + */ +#endif + + /* we need to do this incase we were trying to reuse a + * client session but others are already reusing it. + * If this was a new 'blank' session ID, the session-id + * length will still be 0 */ + if (s->session->session_id_length > 0) + { + if (!ssl_get_new_session(s,0)) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + return(-1); + } + } + + if (ssl2_set_certificate(s,s->s2->tmp.cert_type, + s->s2->tmp.cert_length,p) <= 0) + { + ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); + return(-1); + } + p+=s->s2->tmp.cert_length; + + if (s->s2->tmp.csl == 0) + { + ssl2_return_error(s,SSL2_PE_NO_CIPHER); + SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST); + return(-1); + } + + /* We have just received a list of ciphers back from the + * server. We need to get the ones that match, then select + * the one we want the most :-). */ + + /* load the ciphers */ + sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl, + &s->session->ciphers); + p+=s->s2->tmp.csl; + if (sk == NULL) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); + return(-1); + } + + sk_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); + + /* get the array of ciphers we will accept */ + cl=ssl_get_ciphers_by_id(s); + + /* In theory we could have ciphers sent back that we + * don't want to use but that does not matter since we + * will check against the list we origionally sent and + * for performance reasons we should not bother to match + * the two lists up just to check. */ + for (i=0; i= 0) + break; + } + + if (i >= sk_num(cl)) + { + ssl2_return_error(s,SSL2_PE_NO_CIPHER); + SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH); + return(-1); + } + s->session->cipher=(SSL_CIPHER *)sk_value(cl,i); + } + + if ((s->session != NULL) && (s->session->peer != NULL)) + X509_free(s->session->peer); + + /* hmmm, can we have the problem of the other session with this + * cert, Free's it before we increment the reference count. */ + CRYPTO_w_lock(CRYPTO_LOCK_X509); + s->session->peer=s->session->cert->key->x509; + s->session->peer->references++; + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + + s->s2->conn_id_length=s->s2->tmp.conn_id_length; + memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); + return(1); + } + +static int client_hello(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p,*d; +/* CIPHER **cipher;*/ + int i,n,j; + + buf=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) + { + if ((s->session == NULL) || + (s->session->ssl_version != s->version)) + { + if (!ssl_get_new_session(s,0)) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + return(-1); + } + } + /* else use the pre-loaded session */ + + p=buf; /* header */ + d=p+9; /* data section */ + *(p++)=SSL2_MT_CLIENT_HELLO; /* type */ + s2n(SSL2_CLIENT_VERSION,p); /* version */ + n=j=0; + + n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d); + d+=n; + + if (n == 0) + { + SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return(-1); + } + + s2n(n,p); /* cipher spec num bytes */ + + if ((s->session->session_id_length > 0) && + (s->session->session_id_length <= + SSL2_MAX_SSL_SESSION_ID_LENGTH)) + { + i=s->session->session_id_length; + s2n(i,p); /* session id length */ + memcpy(d,s->session->session_id,(unsigned int)i); + d+=i; + } + else + { + s2n(0,p); + } + + s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; + s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ + /*challenge id data*/ + RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH); + memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); + d+=SSL2_CHALLENGE_LENGTH; + + s->state=SSL2_ST_SEND_CLIENT_HELLO_B; + s->init_num=d-buf; + s->init_off=0; + } + /* SSL2_ST_SEND_CLIENT_HELLO_B */ + return(ssl2_do_write(s)); + } + +static int client_master_key(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p,*d; + int clear,enc,karg,i; + SSL_SESSION *sess; + EVP_CIPHER *c; + EVP_MD *md; + + buf=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) + { + + if (!ssl_cipher_get_evp(s->session->cipher,&c,&md)) + { + ssl2_return_error(s,SSL2_PE_NO_CIPHER); + SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); + return(-1); + } + sess=s->session; + p=buf; + d=p+10; + *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */ + + i=ssl_put_cipher_by_char(s,sess->cipher,p); + p+=i; + + /* make key_arg data */ + i=EVP_CIPHER_iv_length(c); + sess->key_arg_length=i; + if (i > 0) RAND_bytes(sess->key_arg,i); + + /* make a master key */ + i=EVP_CIPHER_key_length(c); + sess->master_key_length=i; + if (i > 0) RAND_bytes(sess->master_key,i); + + if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) + enc=8; + else if (sess->cipher->algorithms & SSL_EXP) + enc=5; + else + enc=i; + + if (i < enc) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); + return(-1); + } + clear=i-enc; + s2n(clear,p); + memcpy(d,sess->master_key,(unsigned int)clear); + d+=clear; + + enc=ssl_rsa_public_encrypt(sess->cert,enc, + &(sess->master_key[clear]),d, + (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); + if (enc <= 0) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR); + return(-1); + } + s2n(enc,p); + d+=enc; + karg=sess->key_arg_length; + s2n(karg,p); /* key arg size */ + memcpy(d,sess->key_arg,(unsigned int)karg); + d+=karg; + + s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B; + s->init_num=d-buf; + s->init_off=0; + } + + /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */ + return(ssl2_do_write(s)); + } + +static int client_finished(s) +SSL *s; + { + unsigned char *p; + + if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) + { + p=(unsigned char *)s->init_buf->data; + *(p++)=SSL2_MT_CLIENT_FINISHED; + memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); + + s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; + s->init_num=s->s2->conn_id_length+1; + s->init_off=0; + } + return(ssl2_do_write(s)); + } + +/* read the data and then respond */ +static int client_certificate(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p,*d; + int i; + unsigned int n; + int cert_ch_len=0; + unsigned char *cert_ch; + + buf=(unsigned char *)s->init_buf->data; + cert_ch= &(buf[2]); + + /* We have a cert associated with the SSL, so attach it to + * the session if it does not have one */ + + if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) + { + i=ssl2_read(s,(char *)&(buf[s->init_num]), + SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); + if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) + return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); + + /* type=buf[0]; */ + /* type eq x509 */ + if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) + { + ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); + SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE); + return(-1); + } + cert_ch_len=i-1; + + if ((s->cert == NULL) || + (s->cert->key->x509 == NULL) || + (s->cert->key->privatekey == NULL)) + { + s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE; + } + else + s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; + } + + if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) + { + X509 *x509=NULL; + EVP_PKEY *pkey=NULL; + + /* If we get an error we need to + * ssl->rwstate=SSL_X509_LOOKUP; + * return(error); + * We should then be retried when things are ok and we + * can get a cert or not */ + + i=0; + if (s->ctx->client_cert_cb != NULL) + { + i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + } + + if (i < 0) + { + s->rwstate=SSL_X509_LOOKUP; + return(-1); + } + s->rwstate=SSL_NOTHING; + + if ((i == 1) && (pkey != NULL) && (x509 != NULL)) + { + s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; + if ( !SSL_use_certificate(s,x509) || + !SSL_use_PrivateKey(s,pkey)) + { + i=0; + } + X509_free(x509); + EVP_PKEY_free(pkey); + } + else if (i == 1) + { + if (x509 != NULL) X509_free(x509); + if (pkey != NULL) EVP_PKEY_free(pkey); + SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); + i=0; + } + + if (i == 0) + { + /* We have no client certificate to respond with + * so send the correct error message back */ + s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B; + p=buf; + *(p++)=SSL2_MT_ERROR; + s2n(SSL2_PE_NO_CERTIFICATE,p); + s->init_off=0; + s->init_num=3; + /* Write is done at the end */ + } + } + + if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) + { + return(ssl2_do_write(s)); + } + + if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) + { + EVP_MD_CTX ctx; + + /* ok, now we calculate the checksum + * do it first so we can reuse buf :-) */ + p=buf; + EVP_SignInit(&ctx,EVP_md5()); + EVP_SignUpdate(&ctx,s->s2->key_material, + (unsigned int)s->s2->key_material_length); + EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); + n=i2d_X509(s->session->cert->key->x509,&p); + EVP_SignUpdate(&ctx,buf,(unsigned int)n); + + p=buf; + d=p+6; + *(p++)=SSL2_MT_CLIENT_CERTIFICATE; + *(p++)=SSL2_CT_X509_CERTIFICATE; + n=i2d_X509(s->cert->key->x509,&d); + s2n(n,p); + + if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey)) + { + /* this is not good. If things have failed it + * means there so something wrong with the key. + * We will contiune with a 0 length signature + */ + } + memset(&ctx,0,sizeof(ctx)); + s2n(n,p); + d+=n; + + s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D; + s->init_num=d-buf; + s->init_off=0; + } + /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */ + return(ssl2_do_write(s)); + } + +static int get_server_verify(s) +SSL *s; + { + unsigned char *p; + int i; + + p=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) + { + i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); + if (i < (1-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); + + s->state= SSL2_ST_GET_SERVER_VERIFY_B; + s->init_num=0; + if (*p != SSL2_MT_SERVER_VERIFY) + { + if (p[0] != SSL2_MT_ERROR) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_VERIFY, + SSL_R_READ_WRONG_PACKET_TYPE); + } + else + SSLerr(SSL_F_GET_SERVER_VERIFY, + SSL_R_PEER_ERROR); + return(-1); + } + } + + p=(unsigned char *)s->init_buf->data; + i=ssl2_read(s,(char *)&(p[s->init_num]), + (unsigned int)s->s2->challenge_length-s->init_num); + if (i < ((int)s->s2->challenge_length-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); + if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); + return(-1); + } + return(1); + } + +static int get_server_finished(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p; + int i; + + buf=(unsigned char *)s->init_buf->data; + p=buf; + if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) + { + i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num); + if (i < (1-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); + s->init_num=i; + if (*p == SSL2_MT_REQUEST_CERTIFICATE) + { + s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A; + return(1); + } + else if (*p != SSL2_MT_SERVER_FINISHED) + { + if (p[0] != SSL2_MT_ERROR) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); + } + else + SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); + return(-1); + } + s->state=SSL_ST_OK; + s->init_num=0; + } + + i=ssl2_read(s,(char *)&(buf[s->init_num]), + SSL2_SSL_SESSION_ID_LENGTH-s->init_num); + if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); + + if (!s->hit) /* new session */ + { + /* new session-id */ + s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; + memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH); + } + else + { + if (!(s->ctx->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) + { + if (memcmp(buf,s->session->session_id, + (unsigned int)s->session->session_id_length) != 0) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); + return(-1); + } + } + } + return(1); + } + +/* loads in the certificate from the server */ +int ssl2_set_certificate(s, type, len, data) +SSL *s; +int type; +int len; +unsigned char *data; + { + STACK *sk=NULL; + EVP_PKEY *pkey=NULL; + CERT *c=NULL; + int i; + X509 *x509=NULL; + int ret=0; + + x509=d2i_X509(NULL,&data,(long)len); + if (x509 == NULL) + { + SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB); + goto err; + } + + if (((sk=sk_new_null()) == NULL) || + (!sk_push(sk,(char *)x509))) + { + SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto err; + } + + i=ssl_verify_cert_chain(s,sk); + + if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + { + SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); + goto err; + } + + /* cert for ssl */ + c=ssl_cert_new(); + if (c == NULL) + { + ret= -1; + goto err; + } + + /* cert for session */ + if (s->session->cert) ssl_cert_free(s->session->cert); + s->session->cert=c; + +/* c->cert_type=type; */ + + c->pkeys[SSL_PKEY_RSA_ENC].x509=x509; + c->key= &(c->pkeys[SSL_PKEY_RSA_ENC]); + + pkey=X509_get_pubkey(x509); + x509=NULL; + if (pkey == NULL) + { + SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY); + goto err; + } + if (pkey->type != EVP_PKEY_RSA) + { + SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA); + goto err; + } + + if (!ssl_set_cert_type(c,SSL2_CT_X509_CERTIFICATE)) + goto err; + ret=1; +err: + if (sk != NULL) sk_free(sk); + if (x509 != NULL) X509_free(x509); + return(ret); + } + +static int ssl_rsa_public_encrypt(c, len, from, to, padding) +CERT *c; +int len; +unsigned char *from; +unsigned char *to; +int padding; + { + EVP_PKEY *pkey=NULL; + int i= -1; + + if ((c == NULL) || (c->key->x509 == NULL) || + ((pkey=X509_get_pubkey(c->key->x509)) == NULL)) + { + SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY); + return(-1); + } + if (pkey->type != EVP_PKEY_RSA) + { + SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); + goto end; + } + + /* we have the public key */ + i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding); + if (i < 0) + SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB); +end: + return(i); + } + diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..b915f099e55a73b4e94d106697b5dec03059d126 --- /dev/null +++ b/ssl/s2_enc.c @@ -0,0 +1,187 @@ +/* ssl/s2_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "ssl_locl.h" + +#define RS 0 +#define WS 1 + +int ssl2_enc_init(s, client) +SSL *s; +int client; + { + /* Max number of bytes needed */ + EVP_CIPHER_CTX *rs,*ws; + EVP_CIPHER *c; + EVP_MD *md; + int num; + + if (!ssl_cipher_get_evp(s->session->cipher,&c,&md)) + { + ssl2_return_error(s,SSL2_PE_NO_CIPHER); + SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); + return(0); + } + + s->read_hash=md; + s->write_hash=md; + + if ((s->enc_read_ctx == NULL) && + ((s->enc_read_ctx=(EVP_CIPHER_CTX *) + Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + goto err; + if ((s->enc_write_ctx == NULL) && + ((s->enc_write_ctx=(EVP_CIPHER_CTX *) + Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + goto err; + + rs= s->enc_read_ctx; + ws= s->enc_write_ctx; + + num=c->key_len; + s->s2->key_material_length=num*2; + + ssl2_generate_key_material(s); + + EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), + s->session->key_arg); + EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]), + s->session->key_arg); + s->s2->read_key= &(s->s2->key_material[(client)?0:num]); + s->s2->write_key= &(s->s2->key_material[(client)?num:0]); + return(1); +err: + SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE); + return(0); + } + +/* read/writes from s->s2->mac_data using length for encrypt and + * decrypt. It sets the s->s2->padding, s->[rw]length and + * s->s2->pad_data ptr if we are encrypting */ +void ssl2_enc(s,send) +SSL *s; +int send; + { + EVP_CIPHER_CTX *ds; + unsigned long l; + int bs; + + if (send) + { + ds=s->enc_write_ctx; + l=s->s2->wlength; + } + else + { + ds=s->enc_read_ctx; + l=s->s2->rlength; + } + + /* check for NULL cipher */ + if (ds == NULL) return; + + + bs=ds->cipher->block_size; + /* This should be using (bs-1) and bs instead of 7 and 8, but + * what the hell. */ + if (bs == 8) + l=(l+7)/8*8; + + EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); + } + +void ssl2_mac(s, md,send) +SSL *s; +unsigned char *md; +int send; + { + EVP_MD_CTX c; + unsigned char sequence[4],*p,*sec,*act; + unsigned long seq; + unsigned int len; + + if (send) + { + seq=s->s2->write_sequence; + sec=s->s2->write_key; + len=s->s2->wact_data_length; + act=s->s2->wact_data; + } + else + { + seq=s->s2->read_sequence; + sec=s->s2->read_key; + len=s->s2->ract_data_length; + act=s->s2->ract_data; + } + + p= &(sequence[0]); + l2n(seq,p); + + /* There has to be a MAC algorithm. */ + EVP_DigestInit(&c,s->read_hash); + EVP_DigestUpdate(&c,sec, + EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); + EVP_DigestUpdate(&c,act,len); + /* the above line also does the pad data */ + EVP_DigestUpdate(&c,sequence,4); + EVP_DigestFinal(&c,md,NULL); + /* some would say I should zero the md context */ + } + diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..fb91582217047e256584b0b88cee711be67ed3f8 --- /dev/null +++ b/ssl/s2_lib.c @@ -0,0 +1,455 @@ +/* ssl/s2_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rsa.h" +#include "objects.h" +#include "ssl_locl.h" + +#ifndef NOPROTO +static int ssl2_ok(SSL *s); +static long ssl2_default_timeout(void ); +#else +static int ssl2_ok(); +static long ssl2_default_timeout(); +#endif + +char *ssl2_version_str="SSLv2 part of SSLeay 0.8.1b 29-Jun-1998"; + +#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) + +SSL_CIPHER ssl2_ciphers[]={ +/* NULL_WITH_MD5 v3 */ +#if 0 + { + 1, + SSL2_TXT_NULL_WITH_MD5, + SSL2_CK_NULL_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2, + 0, + SSL_ALL_CIPHERS, + }, +#endif +/* RC4_128_EXPORT40_WITH_MD5 */ + { + 1, + SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, + SSL2_CK_RC4_128_EXPORT40_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2, + SSL2_CF_5_BYTE_ENC, + SSL_ALL_CIPHERS, + }, +/* RC4_128_WITH_MD5 */ + { + 1, + SSL2_TXT_RC4_128_WITH_MD5, + SSL2_CK_RC4_128_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, + 0, + SSL_ALL_CIPHERS, + }, +/* RC2_128_CBC_EXPORT40_WITH_MD5 */ + { + 1, + SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, + SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2, + SSL2_CF_5_BYTE_ENC, + SSL_ALL_CIPHERS, + }, +/* RC2_128_CBC_WITH_MD5 */ + { + 1, + SSL2_TXT_RC2_128_CBC_WITH_MD5, + SSL2_CK_RC2_128_CBC_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, + 0, + SSL_ALL_CIPHERS, + }, +/* IDEA_128_CBC_WITH_MD5 */ + { + 1, + SSL2_TXT_IDEA_128_CBC_WITH_MD5, + SSL2_CK_IDEA_128_CBC_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, + 0, + SSL_ALL_CIPHERS, + }, +/* DES_64_CBC_WITH_MD5 */ + { + 1, + SSL2_TXT_DES_64_CBC_WITH_MD5, + SSL2_CK_DES_64_CBC_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +/* DES_64_CBC_WITH_SHA */ +#if 0 + { + 1, + SSL2_TXT_DES_64_CBC_WITH_SHA, + SSL2_CK_DES_64_CBC_WITH_SHA, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA0|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +#endif +/* DES_192_EDE3_CBC_WITH_MD5 */ + { + 1, + SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, + SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, +/* DES_192_EDE3_CBC_WITH_SHA */ +#if 0 + { + 1, + SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA, + SSL2_CK_DES_192_EDE3_CBC_WITH_SHA, + SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA0|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, +#endif +/* RC4_64_WITH_MD5 */ +#if 1 + { + 1, + SSL2_TXT_RC4_64_WITH_MD5, + SSL2_CK_RC4_64_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW, + SSL2_CF_8_BYTE_ENC, + SSL_ALL_CIPHERS, + }, +#endif +/* NULL SSLeay (testing) */ +#if 0 + { + 0, + SSL2_TXT_NULL, + SSL2_CK_NULL, + 0, + SSL_ALL_CIPHERS, + }, +#endif + +/* end of list :-) */ + }; + +static SSL_METHOD SSLv2_data= { + 2, + ssl2_new, /* local */ + ssl2_clear, /* local */ + ssl2_free, /* local */ + ssl_undefined_function, + ssl_undefined_function, + ssl2_read, + ssl2_peek, + ssl2_write, + ssl2_shutdown, + ssl2_ok, + ssl2_ctrl, /* local */ + ssl2_ctx_ctrl, /* local */ + ssl2_get_cipher_by_char, + ssl2_put_cipher_by_char, + ssl2_pending, + ssl2_num_ciphers, + ssl2_get_cipher, + ssl_bad_method, + ssl2_default_timeout, + }; + +static long ssl2_default_timeout() + { + return(300); + } + +SSL_METHOD *sslv2_base_method() + { + return(&SSLv2_data); + } + +int ssl2_num_ciphers() + { + return(SSL2_NUM_CIPHERS); + } + +SSL_CIPHER *ssl2_get_cipher(u) +unsigned int u; + { + if (u < SSL2_NUM_CIPHERS) + return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); + else + return(NULL); + } + +int ssl2_pending(s) +SSL *s; + { + return(s->s2->ract_data_length); + } + +int ssl2_new(s) +SSL *s; + { + SSL2_CTX *s2; + + if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err; + + if ((s2->rbuf=(unsigned char *)Malloc( + SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; + if ((s2->wbuf=(unsigned char *)Malloc( + SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; + s->s2=s2; + + ssl2_clear(s); + return(1); +err: + if (s2 != NULL) + { + if (s2->wbuf != NULL) Free(s2->wbuf); + if (s2->rbuf != NULL) Free(s2->rbuf); + Free(s2); + } + return(0); + } + +void ssl2_free(s) +SSL *s; + { + SSL2_CTX *s2; + + s2=s->s2; + if (s2->rbuf != NULL) Free(s2->rbuf); + if (s2->wbuf != NULL) Free(s2->wbuf); + memset(s2,0,sizeof(SSL2_CTX)); + Free(s2); + s->s2=NULL; + } + +void ssl2_clear(s) +SSL *s; + { + SSL2_CTX *s2; + unsigned char *rbuf,*wbuf; + + s2=s->s2; + + rbuf=s2->rbuf; + wbuf=s2->wbuf; + + memset(s2,0,sizeof(SSL2_CTX)); + + s2->rbuf=rbuf; + s2->wbuf=wbuf; + s2->clear_text=1; + s2->first_packet=0; + s->packet=s2->rbuf; + s->version=2; + s->packet_length=0; + } + +long ssl2_ctrl(s,cmd,larg,parg) +SSL *s; +int cmd; +long larg; +char *parg; + { + return(0); + } + +long ssl2_ctx_ctrl(ctx,cmd,larg,parg) +SSL_CTX *ctx; +int cmd; +long larg; +char *parg; + { + return(0); + } + +/* This function needs to check if the ciphers required are actually + * available */ +SSL_CIPHER *ssl2_get_cipher_by_char(p) +unsigned char *p; + { + static int init=1; + static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; + SSL_CIPHER c,*cp= &c,**cpp; + unsigned long id; + int i; + + if (init) + { + init=0; + + for (i=0; ivalid) + return(NULL); + else + return(*cpp); + } + +int ssl2_put_cipher_by_char(c,p) +SSL_CIPHER *c; +unsigned char *p; + { + long l; + + if (p != NULL) + { + l=c->id; + if ((l & 0xff000000) != 0x02000000) return(0); + p[0]=((unsigned char)(l>>16L))&0xFF; + p[1]=((unsigned char)(l>> 8L))&0xFF; + p[2]=((unsigned char)(l ))&0xFF; + } + return(3); + } + +void ssl2_generate_key_material(s) +SSL *s; + { + unsigned int i; + MD5_CTX ctx; + unsigned char *km; + unsigned char c='0'; + + km=s->s2->key_material; + for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) + { + MD5_Init(&ctx); + + MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); + MD5_Update(&ctx,(unsigned char *)&c,1); + c++; + MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); + MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); + MD5_Final(km,&ctx); + km+=MD5_DIGEST_LENGTH; + } + } + +void ssl2_return_error(s,err) +SSL *s; +int err; + { + if (!s->error) + { + s->error=3; + s->error_code=err; + + ssl2_write_error(s); + } + } + + +void ssl2_write_error(s) +SSL *s; + { + char buf[3]; + int i,error; + + buf[0]=SSL2_MT_ERROR; + buf[1]=(s->error_code>>8)&0xff; + buf[2]=(s->error_code)&0xff; + +/* state=s->rwstate;*/ + error=s->error; + s->error=0; + i=ssl2_write(s,&(buf[3-error]),error); +/* if (i == error) s->rwstate=state; */ + + if (i < 0) + s->error=error; + else if (i != s->error) + s->error=error-i; + /* else + s->error=0; */ + } + +static int ssl2_ok(s) +SSL *s; + { + return(1); + } + +int ssl2_shutdown(s) +SSL *s; + { + s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + return(1); + } + diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c new file mode 100644 index 0000000000000000000000000000000000000000..0b8c2acb48333003453a5f8215ffb858c2417515 --- /dev/null +++ b/ssl/s2_meth.c @@ -0,0 +1,88 @@ +/* ssl/s2_meth.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "ssl_locl.h" + +static SSL_METHOD *ssl2_get_method(ver) +int ver; + { + if (ver == 2) + return(SSLv2_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv2_method() + { + static int init=1; + static SSL_METHOD SSLv2_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_data.ssl_connect=ssl2_connect; + SSLv2_data.ssl_accept=ssl2_accept; + SSLv2_data.get_ssl_method=ssl2_get_method; + } + return(&SSLv2_data); + } + diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c new file mode 100644 index 0000000000000000000000000000000000000000..84bea33e2efd3976b281d304a319683e3bbf62f3 --- /dev/null +++ b/ssl/s2_pkt.c @@ -0,0 +1,651 @@ +/* ssl/s2_pkt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#define USE_SOCKETS +#include "ssl_locl.h" + +/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CIPHER); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_UNKNOWN_REMOTE_ERROR_TYPE); + */ + +#ifndef NOPROTO +static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); +static int do_ssl_write(SSL *s, const char *buf, unsigned int len); +static int write_pending(SSL *s, const char *buf, unsigned int len); +static int ssl_mt_error(int n); +#else +static int read_n(); +static int do_ssl_write(); +static int write_pending(); +static int ssl_mt_error(); +#endif + +int ssl2_peek(s,buf,len) +SSL *s; +char *buf; +int len; + { + int ret; + + ret=ssl2_read(s,buf,len); + if (ret > 0) + { + s->s2->ract_data_length+=ret; + s->s2->ract_data-=ret; + } + return(ret); + } + +/* SSL_read - + * This routine will return 0 to len bytes, decrypted etc if required. + */ +int ssl2_read(s, buf, len) +SSL *s; +char *buf; +int len; + { + int n; + unsigned char mac[MAX_MAC_SIZE]; + unsigned char *p; + int i; + unsigned int mac_size=0; + + if (SSL_in_init(s) && !s->in_handshake) + { + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + } + + errno=0; + s->rwstate=SSL_NOTHING; + if (len <= 0) return(len); + + if (s->s2->ract_data_length != 0) /* read from buffer */ + { + if (len > s->s2->ract_data_length) + n=s->s2->ract_data_length; + else + n=len; + + memcpy(buf,s->s2->ract_data,(unsigned int)n); + s->s2->ract_data_length-=n; + s->s2->ract_data+=n; + if (s->s2->ract_data_length == 0) + s->rstate=SSL_ST_READ_HEADER; + return(n); + } + + if (s->rstate == SSL_ST_READ_HEADER) + { + if (s->first_packet) + { + n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); + if (n <= 0) return(n); /* error or non-blocking */ + s->first_packet=0; + p=s->packet; + if (!((p[0] & 0x80) && ( + (p[2] == SSL2_MT_CLIENT_HELLO) || + (p[2] == SSL2_MT_SERVER_HELLO)))) + { + SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); + return(-1); + } + } + else + { + n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); + if (n <= 0) return(n); /* error or non-blocking */ + } + /* part read stuff */ + + s->rstate=SSL_ST_READ_BODY; + p=s->packet; + /* Do header */ + /*s->s2->padding=0;*/ + s->s2->escape=0; + s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]); + if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */ + { + s->s2->three_byte_header=0; + s->s2->rlength&=TWO_BYTE_MASK; + } + else + { + s->s2->three_byte_header=1; + s->s2->rlength&=THREE_BYTE_MASK; + + /* security >s2->escape */ + s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0; + } + } + + if (s->rstate == SSL_ST_READ_BODY) + { + n=s->s2->rlength+2+s->s2->three_byte_header; + if (n > (int)s->packet_length) + { + n-=s->packet_length; + i=read_n(s,(unsigned int)n,(unsigned int)n,1); + if (i <= 0) return(i); /* ERROR */ + } + + p= &(s->packet[2]); + s->rstate=SSL_ST_READ_HEADER; + if (s->s2->three_byte_header) + s->s2->padding= *(p++); + else s->s2->padding=0; + + /* Data portion */ + if (s->s2->clear_text) + { + s->s2->mac_data=p; + s->s2->ract_data=p; + s->s2->pad_data=NULL; + } + else + { + mac_size=EVP_MD_size(s->read_hash); + s->s2->mac_data=p; + s->s2->ract_data= &p[mac_size]; + s->s2->pad_data= &p[mac_size+ + s->s2->rlength-s->s2->padding]; + } + + s->s2->ract_data_length=s->s2->rlength; + /* added a check for length > max_size in case + * encryption was not turned on yet due to an error */ + if ((!s->s2->clear_text) && + (s->s2->rlength >= mac_size)) + { + ssl2_enc(s,0); + s->s2->ract_data_length-=mac_size; + ssl2_mac(s,mac,0); + s->s2->ract_data_length-=s->s2->padding; + if ( (memcmp(mac,s->s2->mac_data, + (unsigned int)mac_size) != 0) || + (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) + { + SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE); + return(SSL_RWERR_BAD_MAC_DECODE); + } + } + INC32(s->s2->read_sequence); /* expect next number */ + /* s->s2->ract_data is now available for processing */ + + /* If a 0 byte packet was sent, return 0, otherwise + * we play havoc with people using select with + * blocking sockets. Let them handle a packet at a time, + * they should really be using non-blocking sockets. */ + if (s->s2->ract_data_length == 0) + return(0); + return(ssl2_read(s,buf,len)); + } + else + { + SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE); + return(SSL_RWERR_INTERNAL_ERROR); + } + } + +static int read_n(s, n, max, extend) +SSL *s; +unsigned int n; +unsigned int max; +unsigned int extend; + { + int i,off,newb; + + /* if there is stuff still in the buffer from a previous read, + * and there is more than we want, take some. */ + if (s->s2->rbuf_left >= (int)n) + { + if (extend) + s->packet_length+=n; + else + { + s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]); + s->packet_length=n; + } + s->s2->rbuf_left-=n; + s->s2->rbuf_offs+=n; + return(n); + } + + if (!s->read_ahead) max=n; + if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) + max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2; + + + /* Else we want more than we have. + * First, if there is some left or we want to extend */ + off=0; + if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) + { + newb=s->s2->rbuf_left; + if (extend) + { + off=s->packet_length; + if (s->packet != s->s2->rbuf) + memcpy(s->s2->rbuf,s->packet, + (unsigned int)newb+off); + } + else if (s->s2->rbuf_offs != 0) + { + memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]), + (unsigned int)newb); + s->s2->rbuf_offs=0; + } + s->s2->rbuf_left=0; + } + else + newb=0; + + /* off is the offset to start writing too. + * r->s2->rbuf_offs is the 'unread data', now 0. + * newb is the number of new bytes so far + */ + s->packet=s->s2->rbuf; + while (newb < (int)n) + { + errno=0; + if (s->rbio != NULL) + { + s->rwstate=SSL_READING; + i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]), + max-newb); + } + else + { + SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET); + i= -1; + } +#ifdef PKT_DEBUG + if (s->debug & 0x01) sleep(1); +#endif + if (i <= 0) + { + s->s2->rbuf_left+=newb; + return(i); + } + newb+=i; + } + + /* record unread data */ + if (newb > (int)n) + { + s->s2->rbuf_offs=n+off; + s->s2->rbuf_left=newb-n; + } + else + { + s->s2->rbuf_offs=0; + s->s2->rbuf_left=0; + } + if (extend) + s->packet_length+=n; + else + s->packet_length=n; + s->rwstate=SSL_NOTHING; + return(n); + } + +int ssl2_write(s, buf, len) +SSL *s; +const char *buf; +int len; + { + unsigned int n,tot; + int i; + + if (SSL_in_init(s) && !s->in_handshake) + { + i=s->handshake_func(s); + if (i < 0) return(i); + if (i == 0) + { + SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + } + + if (s->error) + { + ssl2_write_error(s); + if (s->error) + return(-1); + } + + errno=0; + s->rwstate=SSL_NOTHING; + if (len <= 0) return(len); + + tot=s->s2->wnum; + s->s2->wnum=0; + + n=(len-tot); + for (;;) + { + i=do_ssl_write(s,&(buf[tot]),n); + if (i <= 0) + { + s->s2->wnum=tot; + return(i); + } + if (i == (int)n) return(tot+i); + + n-=i; + tot+=i; + } + } + +static int write_pending(s,buf,len) +SSL *s; +const char *buf; +unsigned int len; + { + int i; + + /* s->s2->wpend_len != 0 MUST be true. */ + + /* check that they have given us the same buffer to + * write */ + if ((s->s2->wpend_tot != (int)len) || (s->s2->wpend_buf != buf)) + { + SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); + return(SSL_RWERR_BAD_WRITE_RETRY); + } + + for (;;) + { + errno=0; + if (s->wbio != NULL) + { + s->rwstate=SSL_WRITING; + i=BIO_write(s->wbio, + (char *)&(s->s2->write_ptr[s->s2->wpend_off]), + (unsigned int)s->s2->wpend_len); + } + else + { + SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET); + i= -1; + } +#ifdef PKT_DEBUG + if (s->debug & 0x01) sleep(1); +#endif + if (i == s->s2->wpend_len) + { + s->s2->wpend_len=0; + s->rwstate=SSL_NOTHING; + return(s->s2->wpend_ret); + } + else if (i <= 0) + return(i); + s->s2->wpend_off+=i; + s->s2->wpend_len-=i; + } + } + +static int do_ssl_write(s, buf, len) +SSL *s; +const char *buf; +unsigned int len; + { + unsigned int j,k,olen,p,mac_size,bs; + register unsigned char *pp; + + olen=len; + + /* first check if there is data from an encryption waiting to + * be sent - it must be sent because the other end is waiting. + * This will happen with non-blocking IO. We print it and then + * return. + */ + if (s->s2->wpend_len != 0) return(write_pending(s,buf,len)); + + /* set mac_size to mac size */ + if (s->s2->clear_text) + mac_size=0; + else + mac_size=EVP_MD_size(s->write_hash); + + /* lets set the pad p */ + if (s->s2->clear_text) + { + if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) + len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; + p=0; + s->s2->three_byte_header=0; + /* len=len; */ + } + else + { + bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); + j=len+mac_size; + if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && + (!s->s2->escape)) + { + if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) + j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER; + /* set k to the max number of bytes with 2 + * byte header */ + k=j-(j%bs); + /* how many data bytes? */ + len=k-mac_size; + s->s2->three_byte_header=0; + p=0; + } + else if ((bs <= 1) && (!s->s2->escape)) + { + /* len=len; */ + s->s2->three_byte_header=0; + p=0; + } + else /* 3 byte header */ + { + /*len=len; */ + p=(j%bs); + p=(p == 0)?0:(bs-p); + if (s->s2->escape) + s->s2->three_byte_header=1; + else + s->s2->three_byte_header=(p == 0)?0:1; + } + } + /* mac_size is the number of MAC bytes + * len is the number of data bytes we are going to send + * p is the number of padding bytes + * if p == 0, it is a 2 byte header */ + + s->s2->wlength=len; + s->s2->padding=p; + s->s2->mac_data= &(s->s2->wbuf[3]); + s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); + /* we copy the data into s->s2->wbuf */ + memcpy(s->s2->wact_data,buf,len); +#ifdef PURIFY + if (p) + memset(&(s->s2->wact_data[len]),0,p); +#endif + + if (!s->s2->clear_text) + { + s->s2->wact_data_length=len+p; + ssl2_mac(s,s->s2->mac_data,1); + s->s2->wlength+=p+mac_size; + ssl2_enc(s,1); + } + + /* package up the header */ + s->s2->wpend_len=s->s2->wlength; + if (s->s2->three_byte_header) /* 3 byte header */ + { + pp=s->s2->mac_data; + pp-=3; + pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8); + if (s->s2->escape) pp[0]|=SEC_ESC_BIT; + pp[1]=s->s2->wlength&0xff; + pp[2]=s->s2->padding; + s->s2->wpend_len+=3; + } + else + { + pp=s->s2->mac_data; + pp-=2; + pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT; + pp[1]=s->s2->wlength&0xff; + s->s2->wpend_len+=2; + } + s->s2->write_ptr=pp; + + INC32(s->s2->write_sequence); /* expect next number */ + + /* lets try to actually write the data */ + s->s2->wpend_tot=olen; + s->s2->wpend_buf=(char *)buf; + + s->s2->wpend_ret=len; + + s->s2->wpend_off=0; + return(write_pending(s,buf,olen)); + } + +int ssl2_part_read(s,f,i) +SSL *s; +unsigned long f; +int i; + { + unsigned char *p; + int j; + + /* check for error */ + if ((s->init_num == 0) && (i >= 3)) + { + p=(unsigned char *)s->init_buf->data; + if (p[0] == SSL2_MT_ERROR) + { + j=(p[1]<<8)|p[2]; + SSLerr((int)f,ssl_mt_error(j)); + } + } + + if (i < 0) + { + /* ssl2_return_error(s); */ + /* for non-blocking io, + * this is not fatal */ + return(i); + } + else + { + s->init_num+=i; + return(0); + } + } + +int ssl2_do_write(s) +SSL *s; + { + int ret; + + ret=ssl2_write(s,(char *)&(s->init_buf->data[s->init_off]), + s->init_num); + if (ret == s->init_num) + return(1); + if (ret < 0) + return(-1); + s->init_off+=ret; + s->init_num-=ret; + return(0); + } + +static int ssl_mt_error(n) +int n; + { + int ret; + + switch (n) + { + case SSL2_PE_NO_CIPHER: + ret=SSL_R_PEER_ERROR_NO_CIPHER; + break; + case SSL2_PE_NO_CERTIFICATE: + ret=SSL_R_PEER_ERROR_NO_CERTIFICATE; + break; + case SSL2_PE_BAD_CERTIFICATE: + ret=SSL_R_PEER_ERROR_CERTIFICATE; + break; + case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE: + ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE; + break; + default: + ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE; + break; + } + return(ret); + } diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c new file mode 100644 index 0000000000000000000000000000000000000000..0112397e536d83390b9649134b1f7ed6ad8b0f6f --- /dev/null +++ b/ssl/s2_srvr.c @@ -0,0 +1,983 @@ +/* ssl/s2_srvr.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#ifdef NO_MD5 +#include "md5.h" +#endif +#include "bio.h" +#include "rand.h" +#include "objects.h" +#include "ssl_locl.h" +#include "evp.h" + +#ifndef NOPROTO +static int get_client_master_key(SSL *s); +static int get_client_hello(SSL *s); +static int server_hello(SSL *s); +static int get_client_finished(SSL *s); +static int server_verify(SSL *s); +static int server_finish(SSL *s); +static int request_certificate(SSL *s); +static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, + unsigned char *to,int padding); +#else +static int get_client_master_key(); +static int get_client_hello(); +static int server_hello(); +static int get_client_finished(); +static int server_verify(); +static int server_finish(); +static int request_certificate(); +static int ssl_rsa_private_decrypt(); +#endif + +#define BREAK break + +static SSL_METHOD *ssl2_get_server_method(ver) +int ver; + { + if (ver == 2) + return(SSLv2_server_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv2_server_method() + { + static int init=1; + static SSL_METHOD SSLv2_server_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_server_data.ssl_accept=ssl2_accept; + SSLv2_server_data.get_ssl_method=ssl2_get_server_method; + } + return(&SSLv2_server_data); + } + +int ssl2_accept(s) +SSL *s; + { + unsigned long l=time(NULL); + BUF_MEM *buf=NULL; + int ret= -1; + long num1; + void (*cb)()=NULL; + int new_state,state; + + RAND_seed((unsigned char *)&l,sizeof(l)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + /* init things to blank */ + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + + if (((s->session == NULL) || (s->session->cert == NULL)) && + (s->cert == NULL)) + { + SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET); + return(-1); + } + + errno=0; + for (;;) + { + state=s->state; + + switch (s->state) + { + case SSL_ST_BEFORE: + case SSL_ST_ACCEPT: + case SSL_ST_BEFORE|SSL_ST_ACCEPT: + case SSL_ST_OK|SSL_ST_ACCEPT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=2; + s->type=SSL_ST_ACCEPT; + + buf=s->init_buf; + if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) + { ret= -1; goto end; } + if (!BUF_MEM_grow(buf,(int) + SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) + { ret= -1; goto end; } + s->init_buf=buf; + s->init_num=0; + s->ctx->sess_accept++; + s->handshake_func=ssl2_accept; + s->state=SSL2_ST_GET_CLIENT_HELLO_A; + BREAK; + + case SSL2_ST_GET_CLIENT_HELLO_A: + case SSL2_ST_GET_CLIENT_HELLO_B: + case SSL2_ST_GET_CLIENT_HELLO_C: + s->shutdown=0; + ret=get_client_hello(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_SEND_SERVER_HELLO_A; + BREAK; + + case SSL2_ST_SEND_SERVER_HELLO_A: + case SSL2_ST_SEND_SERVER_HELLO_B: + ret=server_hello(s); + if (ret <= 0) goto end; + s->init_num=0; + if (!s->hit) + { + s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A; + BREAK; + } + else + { + s->state=SSL2_ST_SERVER_START_ENCRYPTION; + BREAK; + } + case SSL2_ST_GET_CLIENT_MASTER_KEY_A: + case SSL2_ST_GET_CLIENT_MASTER_KEY_B: + ret=get_client_master_key(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_SERVER_START_ENCRYPTION; + BREAK; + + case SSL2_ST_SERVER_START_ENCRYPTION: + /* Ok we how have sent all the stuff needed to + * start encrypting, the next packet back will + * be encrypted. */ + if (!ssl2_enc_init(s,0)) + { ret= -1; goto end; } + s->s2->clear_text=0; + s->state=SSL2_ST_SEND_SERVER_VERIFY_A; + BREAK; + + case SSL2_ST_SEND_SERVER_VERIFY_A: + case SSL2_ST_SEND_SERVER_VERIFY_B: + ret=server_verify(s); + if (ret <= 0) goto end; + s->init_num=0; + if (s->hit) + { + /* If we are in here, we have been + * buffering the output, so we need to + * flush it and remove buffering from + * future traffic */ + s->state=SSL2_ST_SEND_SERVER_VERIFY_C; + BREAK; + } + else + { + s->state=SSL2_ST_GET_CLIENT_FINISHED_A; + break; + } + + case SSL2_ST_SEND_SERVER_VERIFY_C: + /* get the number of bytes to write */ + num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); + if (num1 != 0) + { + s->rwstate=SSL_WRITING; + num1=BIO_flush(s->wbio); + if (num1 <= 0) { ret= -1; goto end; } + s->rwstate=SSL_NOTHING; + } + + /* flushed and now remove buffering */ + s->wbio=BIO_pop(s->wbio); + + s->state=SSL2_ST_GET_CLIENT_FINISHED_A; + BREAK; + + case SSL2_ST_GET_CLIENT_FINISHED_A: + case SSL2_ST_GET_CLIENT_FINISHED_B: + ret=get_client_finished(s); + if (ret <= 0) + goto end; + s->init_num=0; + s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A; + BREAK; + + case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: + case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: + case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: + case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: + /* don't do a 'request certificate' if we + * don't want to, or we already have one, and + * we only want to do it once. */ + if (!(s->verify_mode & SSL_VERIFY_PEER) || + ((s->session->peer != NULL) && + (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) + { + s->state=SSL2_ST_SEND_SERVER_FINISHED_A; + break; + } + else + { + ret=request_certificate(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL2_ST_SEND_SERVER_FINISHED_A; + } + BREAK; + + case SSL2_ST_SEND_SERVER_FINISHED_A: + case SSL2_ST_SEND_SERVER_FINISHED_B: + ret=server_finish(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL_ST_OK; + break; + + case SSL_ST_OK: + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; + s->init_num=0; + /* ERR_clear_error();*/ + + ssl_update_cache(s,SSL_SESS_CACHE_SERVER); + + s->ctx->sess_accept_good++; + /* s->server=1; */ + ret=1; + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + + goto end; + BREAK; + + default: + SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE); + ret= -1; + goto end; + BREAK; + } + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_ACCEPT_LOOP,1); + s->state=new_state; + } + } +end: + s->in_handshake--; + if (cb != NULL) + cb(s,SSL_CB_ACCEPT_EXIT,ret); + return(ret); + } + +static int get_client_master_key(s) +SSL *s; + { + int export,i,n,keya,ek; + unsigned char *p; + SSL_CIPHER *cp; + EVP_CIPHER *c; + EVP_MD *md; + + p=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) + { + i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num); + + if (i < (10-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); + if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) + { + if (p[-1] != SSL2_MT_ERROR) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); + } + else + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, + SSL_R_PEER_ERROR); + return(-1); + } + + cp=ssl2_get_cipher_by_char(p); + if (cp == NULL) + { + ssl2_return_error(s,SSL2_PE_NO_CIPHER); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, + SSL_R_NO_CIPHER_MATCH); + return(-1); + } + s->session->cipher= cp; + + p+=3; + n2s(p,i); s->s2->tmp.clear=i; + n2s(p,i); s->s2->tmp.enc=i; + n2s(p,i); s->session->key_arg_length=i; + s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; + s->init_num=0; + } + + /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ + p=(unsigned char *)s->init_buf->data; + keya=s->session->key_arg_length; + n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num; + i=ssl2_read(s,(char *)&(p[s->init_num]),n); + if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); + + memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]), + (unsigned int)keya); + + if (s->session->cert->key->privatekey == NULL) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); + return(-1); + } + i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, + &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), + (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); + + export=(s->session->cipher->algorithms & SSL_EXP)?1:0; + + if (!ssl_cipher_get_evp(s->session->cipher,&c,&md)) + { + ssl2_return_error(s,SSL2_PE_NO_CIPHER); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); + return(0); + } + + if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) + { + export=1; + ek=8; + } + else + ek=5; + + /* bad decrypt */ +#if 1 + /* If a bad decrypt, continue with protocol but with a + * dud master secret */ + if ((i < 0) || + ((!export && (i != EVP_CIPHER_key_length(c))) + || ( export && ((i != ek) || (s->s2->tmp.clear+i != + EVP_CIPHER_key_length(c)))))) + { + if (export) + i=ek; + else + i=EVP_CIPHER_key_length(c); + RAND_bytes(p,i); + } +#else + if (i < 0) + { + error=1; + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); + } + /* incorrect number of key bytes for non export cipher */ + else if ((!export && (i != EVP_CIPHER_key_length(c))) + || ( export && ((i != ek) || (s->s2->tmp.clear+i != + EVP_CIPHER_key_length(c))))) + { + error=1; + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS); + } + if (error) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + return(-1); + } +#endif + + if (export) i+=s->s2->tmp.clear; + s->session->master_key_length=i; + memcpy(s->session->master_key,p,(unsigned int)i); + return(1); + } + +static int get_client_hello(s) +SSL *s; + { + int i,n; + unsigned char *p; + STACK *cs; /* a stack of SSL_CIPHERS */ + STACK *cl; /* the ones we want to use */ + int z; + + /* This is a bit of a hack to check for the correct packet + * type the first time round. */ + if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) + { + s->first_packet=1; + s->state=SSL2_ST_GET_CLIENT_HELLO_B; + } + + p=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) + { + i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num); + if (i < (9-s->init_num)) + return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); + + if (*(p++) != SSL2_MT_CLIENT_HELLO) + { + if (p[-1] != SSL2_MT_ERROR) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE); + } + else + SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR); + return(-1); + } + n2s(p,i); + if (i < s->version) s->version=i; + n2s(p,i); s->s2->tmp.cipher_spec_length=i; + n2s(p,i); s->s2->tmp.session_id_length=i; + n2s(p,i); s->s2->challenge_length=i; + if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || + (i > SSL2_MAX_CHALLENGE_LENGTH)) + { + SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); + return(-1); + } + s->state=SSL2_ST_GET_CLIENT_HELLO_C; + s->init_num=0; + } + + /* SSL2_ST_GET_CLIENT_HELLO_C */ + p=(unsigned char *)s->init_buf->data; + n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+ + s->s2->tmp.session_id_length-s->init_num; + i=ssl2_read(s,(char *)&(p[s->init_num]),n); + if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); + + /* get session-id before cipher stuff so we can get out session + * structure if it is cached */ + /* session-id */ + if ((s->s2->tmp.session_id_length != 0) && + (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH); + return(-1); + } + + if (s->s2->tmp.session_id_length == 0) + { + if (!ssl_get_new_session(s,1)) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + return(-1); + } + } + else + { + i=ssl_get_prev_session(s,s->s2->tmp.session_id_length, + &(p[s->s2->tmp.cipher_spec_length])); + if (i == 1) + { /* previous session */ + s->hit=1; + } + else if (i == -1) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + return(-1); + } + else + { + if (s->cert == NULL) + { + ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); + SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET); + return(-1); + } + + if (!ssl_get_new_session(s,1)) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + return(-1); + } + } + } + + if (!s->hit) + { + cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length, + &s->session->ciphers); + if (cs == NULL) goto mem_err; + + cl=ssl_get_ciphers_by_id(s); + + for (z=0; zsession->ciphers should now have a list of + * ciphers that are on both the client and server. + * This list is ordered by the order the client sent + * the ciphers. + */ + } + p+=s->s2->tmp.cipher_spec_length; + /* done cipher selection */ + + /* session id extracted already */ + p+=s->s2->tmp.session_id_length; + + /* challenge */ + memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); + return(1); +mem_err: + SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); + return(0); + } + +static int server_hello(s) +SSL *s; + { + unsigned char *p,*d; + int n,hit; + STACK *sk; + + p=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) + { + d=p+11; + *(p++)=SSL2_MT_SERVER_HELLO; /* type */ + hit=s->hit; + *(p++)=(unsigned char)hit; + if (!hit) + { /* else add cert to session */ + CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); + if (s->session->cert != NULL) + ssl_cert_free(s->session->cert); + s->session->cert=s->cert; + } + else /* We have a session id-cache hit, if the + * session-id has no certificate listed against + * the 'cert' structure, grab the 'old' one + * listed against the SSL connection */ + { + if (s->session->cert == NULL) + { + CRYPTO_add(&s->cert->references,1, + CRYPTO_LOCK_SSL_CERT); + s->session->cert=s->cert; + } + } + + if (s->session->cert == NULL) + { + ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); + SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED); + return(-1); + } + + if (hit) + { + *(p++)=0; /* no certificate type */ + s2n(s->version,p); /* version */ + s2n(0,p); /* cert len */ + s2n(0,p); /* ciphers len */ + } + else + { + /* EAY EAY */ + /* put certificate type */ + *(p++)=SSL2_CT_X509_CERTIFICATE; + s2n(s->version,p); /* version */ + n=i2d_X509(s->cert->key->x509,NULL); + s2n(n,p); /* certificate length */ + i2d_X509(s->cert->key->x509,&d); + n=0; + + /* lets send out the ciphers we like in the + * prefered order */ + sk= s->session->ciphers; + n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d); + d+=n; + s2n(n,p); /* add cipher length */ + } + + /* make and send conn_id */ + s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ + s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; + RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length); + memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); + d+=SSL2_CONNECTION_ID_LENGTH; + + s->state=SSL2_ST_SEND_SERVER_HELLO_B; + s->init_num=d-(unsigned char *)s->init_buf->data; + s->init_off=0; + } + /* SSL2_ST_SEND_SERVER_HELLO_B */ + /* If we are using TCP/IP, the performace is bad if we do 2 + * writes without a read between them. This occurs when + * Session-id reuse is used, so I will put in a buffering module + */ + if (s->hit) + { + BIO *buf; + + if (s->bbio == NULL) + { + buf=BIO_new(BIO_f_buffer()); + if (buf == NULL) + { + SSLerr(SSL_F_SERVER_HELLO,ERR_LIB_BUF); + return(-1); + } + s->bbio=buf; + } + else + buf=s->bbio; + + BIO_reset(buf); + s->wbio=BIO_push(buf,s->wbio); + } + + return(ssl2_do_write(s)); + } + +static int get_client_finished(s) +SSL *s; + { + unsigned char *p; + int i; + + p=(unsigned char *)s->init_buf->data; + if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) + { + i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); + if (i < 1-s->init_num) + return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); + + if (*p != SSL2_MT_CLIENT_FINISHED) + { + if (*p != SSL2_MT_ERROR) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); + } + else + SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); + return(-1); + } + s->init_num=0; + s->state=SSL2_ST_GET_CLIENT_FINISHED_B; + } + + /* SSL2_ST_GET_CLIENT_FINISHED_B */ + i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num); + if (i < (int)s->s2->conn_id_length-s->init_num) + { + return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); + } + if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); + return(-1); + } + return(1); + } + +static int server_verify(s) +SSL *s; + { + unsigned char *p; + + if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) + { + p=(unsigned char *)s->init_buf->data; + *(p++)=SSL2_MT_SERVER_VERIFY; + memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); + /* p+=s->s2->challenge_length; */ + + s->state=SSL2_ST_SEND_SERVER_VERIFY_B; + s->init_num=s->s2->challenge_length+1; + s->init_off=0; + } + return(ssl2_do_write(s)); + } + +static int server_finish(s) +SSL *s; + { + unsigned char *p; + + if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) + { + p=(unsigned char *)s->init_buf->data; + *(p++)=SSL2_MT_SERVER_FINISHED; + + memcpy(p,s->session->session_id, + (unsigned int)s->session->session_id_length); + /* p+=s->session->session_id_length; */ + + s->state=SSL2_ST_SEND_SERVER_FINISHED_B; + s->init_num=s->session->session_id_length+1; + s->init_off=0; + } + + /* SSL2_ST_SEND_SERVER_FINISHED_B */ + return(ssl2_do_write(s)); + } + +/* send the request and check the response */ +static int request_certificate(s) +SSL *s; + { + unsigned char *p,*p2,*buf2; + unsigned char *ccd; + int i,j,ctype,ret= -1; + X509 *x509=NULL; + STACK *sk=NULL; + + ccd=s->s2->tmp.ccl; + if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) + { + p=(unsigned char *)s->init_buf->data; + *(p++)=SSL2_MT_REQUEST_CERTIFICATE; + *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; + RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + + s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; + s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2; + s->init_off=0; + } + + if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) + { + i=ssl2_do_write(s); + if (i <= 0) + { + ret=i; + goto end; + } + + s->init_num=0; + s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C; + } + + if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) + { + p=(unsigned char *)s->init_buf->data; + i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); + if (i < 3) + { + ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); + goto end; + } + + if ((*p == SSL2_MT_ERROR) && (i >= 3)) + { + n2s(p,i); + if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) + { + ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + goto end; + } + ret=1; + goto end; + } + if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6)) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ); + goto end; + } + /* ok we have a response */ + /* certificate type, there is only one right now. */ + ctype= *(p++); + if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) + { + ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT); + goto end; + } + n2s(p,i); s->s2->tmp.clen=i; + n2s(p,i); s->s2->tmp.rlen=i; + s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D; + s->init_num=0; + } + + /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */ + p=(unsigned char *)s->init_buf->data; + j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num; + i=ssl2_read(s,(char *)&(p[s->init_num]),j); + if (i < j) + { + ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); + goto end; + } + + x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen); + if (x509 == NULL) + { + SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); + goto msg_end; + } + + if (((sk=sk_new_null()) == NULL) || (!sk_push(sk,(char *)x509))) + { + SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto msg_end; + } + + i=ssl_verify_cert_chain(s,sk); + + if (i) /* we like the packet, now check the chksum */ + { + EVP_MD_CTX ctx; + EVP_PKEY *pkey=NULL; + + EVP_VerifyInit(&ctx,EVP_md5()); + EVP_VerifyUpdate(&ctx,s->s2->key_material, + (unsigned int)s->s2->key_material_length); + EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + + i=i2d_X509(s->session->cert->key->x509,NULL); + buf2=(unsigned char *)Malloc((unsigned int)i); + if (buf2 == NULL) + { + SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto msg_end; + } + p2=buf2; + i=i2d_X509(s->session->cert->key->x509,&p2); + EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); + Free(buf2); + + pkey=X509_get_pubkey(x509); + if (pkey == NULL) goto end; + i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); + memset(&ctx,0,sizeof(ctx)); + + if (i) + { + if (s->session->peer != NULL) + X509_free(s->session->peer); + s->session->peer=x509; + CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); + ret=1; + goto end; + } + else + { + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM); + goto msg_end; + } + } + else + { +msg_end: + ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); + } +end: + if (sk != NULL) sk_free(sk); + if (x509 != NULL) X509_free(x509); + return(ret); + } + +static int ssl_rsa_private_decrypt(c, len, from, to,padding) +CERT *c; +int len; +unsigned char *from; +unsigned char *to; +int padding; + { + RSA *rsa; + int i; + + if ((c == NULL) || (c->key->privatekey == NULL)) + { + SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY); + return(-1); + } + if (c->key->privatekey->type != EVP_PKEY_RSA) + { + SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); + return(-1); + } + rsa=c->key->privatekey->pkey.rsa; + + /* we have the public key */ + i=RSA_private_decrypt(len,from,to,rsa,padding); + if (i < 0) + SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); + return(i); + } + diff --git a/ssl/s3_both.c b/ssl/s3_both.c new file mode 100644 index 0000000000000000000000000000000000000000..1d710eef2e9499fa48fdb7898e9a9d1c27477939 --- /dev/null +++ b/ssl/s3_both.c @@ -0,0 +1,444 @@ +/* ssl/s3_both.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "buffer.h" +#include "rand.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "ssl_locl.h" + +#define BREAK break + +/* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE); + */ + +unsigned char ssl3_server_finished_const[4]= + {SSL3_MD_SERVER_FINISHED_CONST}; +unsigned char ssl3_client_finished_const[4]= + {SSL3_MD_CLIENT_FINISHED_CONST}; + +int ssl3_send_finished(s,a,b,sender) +SSL *s; +int a; +int b; +unsigned char *sender; + { + unsigned char *p,*d; + int i; + unsigned long l; + + if (s->state == a) + { + d=(unsigned char *)s->init_buf->data; + p= &(d[4]); + + i=ssl3_final_finish_mac(s,&(s->s3->finish_dgst1),sender,p); + p+=i; + l=i; + i=ssl3_final_finish_mac(s,&(s->s3->finish_dgst2),sender,p); + l+=i; + + *(d++)=SSL3_MT_FINISHED; + l2n3(l,d); + s->init_num=(int)l+4; + s->init_off=0; + + s->state=b; + } + + /* SSL3_ST_SEND_xxxxxx_HELLO_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + +int ssl3_get_finished(s,a,b,sender) +SSL *s; +int a; +int b; +unsigned char *sender; + { + int al,i,j,ok; + long n; + unsigned char *p; + + /* the mac has already been generated when we received the + * change cipher spec message and is in s->s3->tmp.in_dgst[12] + */ + + n=ssl3_get_message(s, + a, + b, + SSL3_MT_FINISHED, + 64, /* should actually be 36+4 :-) */ + &ok); + + if (!ok) return((int)n); + + /* If this occurs if we has missed a message */ + if (!s->s3->change_cipher_spec) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); + goto f_err; + } + s->s3->change_cipher_spec=0; + + p=(unsigned char *)s->init_buf->data; + + i=EVP_MD_CTX_size(&(s->s3->finish_dgst1)); + j=EVP_MD_CTX_size(&(s->s3->finish_dgst2)); + + if ((i+j) != n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); + goto f_err; + } + + if ( (memcmp( p, &(s->s3->tmp.finish_md1[0]),i) != 0) || + (memcmp(&(p[i]),&(s->s3->tmp.finish_md2[0]),j) != 0)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); + goto f_err; + } + + return(1); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return(0); + } + +/* for these 2 messages, we need to + * ssl->enc_read_ctx re-init + * ssl->s3->read_sequence zero + * ssl->s3->read_mac_secret re-init + * ssl->session->read_sym_enc assign + * ssl->session->read_compression assign + * ssl->session->read_hash assign + */ +int ssl3_send_change_cipher_spec(s,a,b) +SSL *s; +int a,b; + { + unsigned char *p; + + if (s->state == a) + { + p=(unsigned char *)s->init_buf->data; + *p=SSL3_MT_CCS; + s->init_num=1; + s->init_off=0; + + s->state=b; + } + + /* SSL3_ST_CW_CHANGE_B */ + return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); + } + +unsigned long ssl3_output_cert_chain(s,x) +SSL *s; +X509 *x; + { + unsigned char *p; + int n,i; + unsigned long l=7; + BUF_MEM *buf; + X509_STORE_CTX xs_ctx; + X509_OBJECT obj; + + X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL); + + buf=s->init_buf; + for (;;) + { + n=i2d_X509(x,NULL); + if (!BUF_MEM_grow(buf,(int)(n+l+3))) + { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); + return(0); + } + p=(unsigned char *)&(buf->data[l]); + l2n3(n,p); + i2d_X509(x,&p); + l+=n+3; + if (X509_NAME_cmp(X509_get_subject_name(x), + X509_get_issuer_name(x)) == 0) break; + + i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, + X509_get_issuer_name(x),&obj); + if (i <= 0) break; + x=obj.data.x509; + /* Count is one too high since the X509_STORE_get uped the + * ref count */ + X509_free(x); + } + + X509_STORE_CTX_cleanup(&xs_ctx); + + l-=7; + p=(unsigned char *)&(buf->data[4]); + l2n3(l,p); + l+=3; + p=(unsigned char *)&(buf->data[0]); + *(p++)=SSL3_MT_CERTIFICATE; + l2n3(l,p); + l+=4; + return(l); + } + +long ssl3_get_message(s,st1,stn,mt,max,ok) +SSL *s; +int st1,stn,mt; +long max; +int *ok; + { + unsigned char *p; + unsigned long l; + long n; + int i,al; + + if (s->s3->tmp.reuse_message) + { + s->s3->tmp.reuse_message=0; + if ((mt >= 0) && (s->s3->tmp.message_type != mt)) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + *ok=1; + return((int)s->s3->tmp.message_size); + } + + p=(unsigned char *)s->init_buf->data; + + if (s->state == st1) + { + i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE, + (char *)&(p[s->init_num]), + 4-s->init_num); + if (i < (4-s->init_num)) + { + *ok=0; + return(ssl3_part_read(s,i)); + } + + if ((mt >= 0) && (*p != mt)) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + s->s3->tmp.message_type= *(p++); + + n2l3(p,l); + if (l > (unsigned long)max) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + goto f_err; + } + if (l && !BUF_MEM_grow(s->init_buf,(int)l)) + { + SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); + goto err; + } + s->s3->tmp.message_size=l; + s->state=stn; + + s->init_num=0; + } + + /* next state (stn) */ + p=(unsigned char *)s->init_buf->data; + n=s->s3->tmp.message_size; + if (n > 0) + { + i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE, + (char *)&(p[s->init_num]),(int)n); + if (i != (int)n) + { + *ok=0; + return(ssl3_part_read(s,i)); + } + } + *ok=1; + return(n); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + *ok=0; + return(-1); + } + +int ssl_cert_type(x,pkey) +X509 *x; +EVP_PKEY *pkey; + { + EVP_PKEY *pk; + int ret= -1,i,j; + + if (pkey == NULL) + pk=X509_get_pubkey(x); + else + pk=pkey; + if (pk == NULL) goto err; + + i=pk->type; + if (i == EVP_PKEY_RSA) + { + ret=SSL_PKEY_RSA_ENC; + if (x != NULL) + { + j=X509_get_ext_count(x); + /* check to see if this is a signing only certificate */ + /* EAY EAY EAY EAY */ + } + } + else if (i == EVP_PKEY_DSA) + { + ret=SSL_PKEY_DSA_SIGN; + } + else if (i == EVP_PKEY_DH) + { + /* if we just have a key, we needs to be guess */ + + if (x == NULL) + ret=SSL_PKEY_DH_DSA; + else + { + j=X509_get_signature_type(x); + if (j == EVP_PKEY_RSA) + ret=SSL_PKEY_DH_RSA; + else if (j== EVP_PKEY_DSA) + ret=SSL_PKEY_DH_DSA; + else ret= -1; + } + } + else + ret= -1; + +err: + return(ret); + } + +int ssl_verify_alarm_type(type) +int type; + { + int al; + + switch(type) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + + case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: + case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: + case X509_V_ERR_CERT_SIGNATURE_FAILURE: + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + al=SSL3_AD_BAD_CERTIFICATE; + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + al=SSL3_AD_CERTIFICATE_EXPIRED; + break; + default: + al=SSL3_AD_CERTIFICATE_UNKNOWN; + break; + } + return(al); + } + +int ssl3_setup_buffers(s) +SSL *s; + { + unsigned char *p; + unsigned int extra; + + if (s->s3->rbuf.buf == NULL) + { + if (s->ctx->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + extra=SSL3_RT_MAX_EXTRA; + else + extra=0; + if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) + == NULL) + goto err; + s->s3->rbuf.buf=p; + } + + if (s->s3->wbuf.buf == NULL) + { + if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE)) + == NULL) + goto err; + s->s3->wbuf.buf=p; + } + s->packet= &(s->s3->rbuf.buf[0]); + return(1); +err: + SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE); + return(0); + } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c new file mode 100644 index 0000000000000000000000000000000000000000..4f551d20e9984d3ee3db05d4aafcafcf9c291063 --- /dev/null +++ b/ssl/s3_clnt.c @@ -0,0 +1,1642 @@ +/* ssl/s3_clnt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "buffer.h" +#include "rand.h" +#include "objects.h" +#include "evp.h" +#include "ssl_locl.h" + +#define BREAK break +/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE); +SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); + */ + +#ifndef NOPROTO +static int ssl3_client_hello(SSL *s); +static int ssl3_get_server_hello(SSL *s); +static int ssl3_get_certificate_request(SSL *s); +static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); +static int ssl3_get_server_done(SSL *s); +static int ssl3_send_client_verify(SSL *s); +static int ssl3_send_client_certificate(SSL *s); +static int ssl3_send_client_key_exchange(SSL *s); +static int ssl3_get_key_exchange(SSL *s); +static int ssl3_get_server_certificate(SSL *s); +static int ssl3_check_cert_and_algorithm(SSL *s); +#else +static int ssl3_client_hello(); +static int ssl3_get_server_hello(); +static int ssl3_get_certificate_request(); +static int ca_dn_cmp(); +static int ssl3_get_server_done(); +static int ssl3_send_client_verify(); +static int ssl3_send_client_certificate(); +static int ssl3_send_client_key_exchange(); +static int ssl3_get_key_exchange(); +static int ssl3_get_server_certificate(); +static int ssl3_check_cert_and_algorithm(); +#endif + +static SSL_METHOD *ssl3_get_client_method(ver) +int ver; + { + if (ver == 3) + return(SSLv3_client_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv3_client_method() + { + static int init=1; + static SSL_METHOD SSLv3_client_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), + sizeof(SSL_METHOD)); + SSLv3_client_data.ssl_connect=ssl3_connect; + SSLv3_client_data.get_ssl_method=ssl3_get_client_method; + } + return(&SSLv3_client_data); + } + +int ssl3_connect(s) +SSL *s; + { + BUF_MEM *buf; + unsigned long Time=time(NULL),l; + long num1; + void (*cb)()=NULL; + int ret= -1; + BIO *bbio,*under; + int new_state,state,skip=0;; + + RAND_seed((unsigned char *)&Time,sizeof(Time)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + + for (;;) + { + state=s->state; + + switch(s->state) + { + case SSL_ST_RENEGOTIATE: + s->new_session=1; + s->state=SSL_ST_CONNECT; + /* break */ + case SSL_ST_BEFORE: + case SSL_ST_CONNECT: + case SSL_ST_BEFORE|SSL_ST_CONNECT: + case SSL_ST_OK|SSL_ST_CONNECT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=3; + s->type=SSL_ST_CONNECT; + + if (s->init_buf == NULL) + { + if ((buf=BUF_MEM_new()) == NULL) + { + ret= -1; + goto end; + } + if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) + { + ret= -1; + goto end; + } + s->init_buf=buf; + } + + if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } + + /* setup buffing BIO */ + if (s->bbio == NULL) + { + bbio=BIO_new(BIO_f_buffer()); + if (bbio == NULL) + { + SSLerr(SSL_F_SSL3_CONNECT,ERR_LIB_BUF); + ret= -1; + goto end; + } + s->bbio=bbio; + } + else + bbio=s->bbio; + + BIO_reset(bbio); + if (!BIO_set_write_buffer_size(bbio,16*1024)) + { + SSLerr(SSL_F_SSL3_CONNECT,ERR_LIB_BUF); + ret= -1; + goto end; + } + + /* don't push the buffering BIO quite yet */ + + ssl3_init_finished_mac(s); + + s->state=SSL3_ST_CW_CLNT_HELLO_A; + s->ctx->sess_connect++; + s->init_num=0; + break; + + case SSL3_ST_CW_CLNT_HELLO_A: + case SSL3_ST_CW_CLNT_HELLO_B: + + s->shutdown=0; + ret=ssl3_client_hello(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_SRVR_HELLO_A; + s->init_num=0; + + /* turn on buffering for the next lot of output */ + s->wbio=BIO_push(s->bbio,s->wbio); + + break; + + case SSL3_ST_CR_SRVR_HELLO_A: + case SSL3_ST_CR_SRVR_HELLO_B: + ret=ssl3_get_server_hello(s); + if (ret <= 0) goto end; + if (s->hit) + s->state=SSL3_ST_CR_FINISHED_A; + else + s->state=SSL3_ST_CR_CERT_A; + s->init_num=0; + break; + + case SSL3_ST_CR_CERT_A: + case SSL3_ST_CR_CERT_B: + /* Check if it is anon DH */ + if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) + { + ret=ssl3_get_server_certificate(s); + if (ret <= 0) goto end; + } + else + skip=1; + s->state=SSL3_ST_CR_KEY_EXCH_A; + s->init_num=0; + break; + + case SSL3_ST_CR_KEY_EXCH_A: + case SSL3_ST_CR_KEY_EXCH_B: + ret=ssl3_get_key_exchange(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_CERT_REQ_A; + s->init_num=0; + + /* at this point we check that we have the + * required stuff from the server */ + if (!ssl3_check_cert_and_algorithm(s)) + { + ret= -1; + goto end; + } + break; + + case SSL3_ST_CR_CERT_REQ_A: + case SSL3_ST_CR_CERT_REQ_B: + ret=ssl3_get_certificate_request(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_SRVR_DONE_A; + s->init_num=0; + break; + + case SSL3_ST_CR_SRVR_DONE_A: + case SSL3_ST_CR_SRVR_DONE_B: + ret=ssl3_get_server_done(s); + if (ret <= 0) goto end; + if (s->s3->tmp.cert_req) + s->state=SSL3_ST_CW_CERT_A; + else + s->state=SSL3_ST_CW_KEY_EXCH_A; + s->init_num=0; + + break; + + case SSL3_ST_CW_CERT_A: + case SSL3_ST_CW_CERT_B: + case SSL3_ST_CW_CERT_C: + ret=ssl3_send_client_certificate(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CW_KEY_EXCH_A; + s->init_num=0; + break; + + case SSL3_ST_CW_KEY_EXCH_A: + case SSL3_ST_CW_KEY_EXCH_B: + ret=ssl3_send_client_key_exchange(s); + if (ret <= 0) goto end; + l=s->s3->tmp.new_cipher->algorithms; + /* EAY EAY EAY need to check for DH fix cert + * sent back */ + if ((s->s3->tmp.cert_req) && 1) + { + s->state=SSL3_ST_CW_CERT_VRFY_A; + } + else + { + s->state=SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec=0; + } + + s->init_num=0; + break; + + case SSL3_ST_CW_CERT_VRFY_A: + case SSL3_ST_CW_CERT_VRFY_B: + ret=ssl3_send_client_verify(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CW_CHANGE_A; + s->init_num=0; + s->s3->change_cipher_spec=0; + break; + + case SSL3_ST_CW_CHANGE_A: + case SSL3_ST_CW_CHANGE_B: + ret=ssl3_send_change_cipher_spec(s, + SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); + if (ret <= 0) goto end; + s->state=SSL3_ST_CW_FINISHED_A; + s->init_num=0; + + s->session->cipher=s->s3->tmp.new_cipher; + if (!ssl3_setup_key_block(s)) + { + ret= -1; + goto end; + } + + if (!ssl3_change_cipher_state(s, + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) + { + ret= -1; + goto end; + } + + break; + + case SSL3_ST_CW_FINISHED_A: + case SSL3_ST_CW_FINISHED_B: + ret=ssl3_send_finished(s, + SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, + &(ssl3_client_finished_const[0])); + if (ret <= 0) goto end; + s->state=SSL3_ST_CW_FLUSH; + + /* clear flags */ + s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; + if (s->hit) + { + s->s3->tmp.next_state=SSL_ST_OK; + if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) + { + s->state=SSL_ST_OK; + s->s3->flags|=SSL3_FLAGS_POP_BUFFER; + s->s3->delay_buf_pop_ret=0; + } + } + else + { + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; + } + s->init_num=0; + break; + + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: + + ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, + SSL3_ST_CR_FINISHED_B, + &(ssl3_server_finished_const[0])); + if (ret <= 0) goto end; + + if (s->hit) + s->state=SSL3_ST_CW_CHANGE_A; + else + s->state=SSL_ST_OK; + s->init_num=0; + break; + + case SSL3_ST_CW_FLUSH: + /* number of bytes to be flushed */ + num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); + if (num1 > 0) + { + s->rwstate=SSL_WRITING; + num1=BIO_flush(s->wbio); + if (num1 <= 0) { ret= -1; goto end; } + s->rwstate=SSL_NOTHING; + } + + s->state=s->s3->tmp.next_state; + break; + + case SSL_ST_OK: + /* clean a few things up */ + ssl3_cleanup_key_block(s); + + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; + + if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) + { + /* remove buffering */ + under=BIO_pop(s->wbio); + if (under != NULL) + s->wbio=under; + else + abort(); /* ok */ + + BIO_free(s->bbio); + s->bbio=NULL; + } + /* else do it later */ + + s->init_num=0; + s->new_session=0; + + ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); + + ret=1; + /* s->server=0; */ + s->handshake_func=ssl3_connect; + s->ctx->sess_connect_good++; + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + + goto end; + break; + + default: + SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); + ret= -1; + goto end; + /* break; */ + } + + /* did we do anything */ + if (!s->s3->tmp.reuse_message && !skip) + { + if (s->debug) BIO_flush(s->wbio); + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_CONNECT_LOOP,1); + s->state=new_state; + } + } + skip=0; + } +end: + if (cb != NULL) + cb(s,SSL_CB_CONNECT_EXIT,ret); + s->in_handshake--; + return(ret); + } + + +static int ssl3_client_hello(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p,*d; + int i; + unsigned long Time,l; + + buf=(unsigned char *)s->init_buf->data; + if (s->state == SSL3_ST_CW_CLNT_HELLO_A) + { + if ((s->session == NULL) || + (s->session->ssl_version != s->version)) + { + if (!ssl_get_new_session(s,0)) + goto err; + } + /* else use the pre-loaded session */ + + p=s->s3->client_random; + Time=time(NULL); /* Time */ + l2n(Time,p); + RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time)); + + /* Do the message type and length last */ + d=p= &(buf[4]); + + *(p++)=SSL3_VERSION_MAJOR; + *(p++)=SSL3_VERSION_MINOR; + + /* Random stuff */ + memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); + p+=SSL3_RANDOM_SIZE; + + /* Session ID */ + if (s->new_session) + i=0; + else + i=s->session->session_id_length; + *(p++)=i; + if (i != 0) + { + memcpy(p,s->session->session_id,i); + p+=i; + } + + /* Ciphers supported */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); + if (i == 0) + { + SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + goto err; + } + s2n(i,p); + p+=i; + + /* hardwire in the NULL compression algorithm. */ + *(p++)=1; + *(p++)=0; + + l=(p-d); + d=buf; + *(d++)=SSL3_MT_CLIENT_HELLO; + l2n3(l,d); + + s->state=SSL3_ST_CW_CLNT_HELLO_B; + /* number of bytes to write */ + s->init_num=p-buf; + s->init_off=0; + } + + /* SSL3_ST_CW_CLNT_HELLO_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); +err: + return(-1); + } + +static int ssl3_get_server_hello(s) +SSL *s; + { + STACK *sk; + SSL_CIPHER *c; + unsigned char *p,*d; + int i,al,ok; + unsigned int j; + long n; + + n=ssl3_get_message(s, + SSL3_ST_CR_SRVR_HELLO_A, + SSL3_ST_CR_SRVR_HELLO_B, + SSL3_MT_SERVER_HELLO, + 300, /* ?? */ + &ok); + + if (!ok) return((int)n); + d=p=(unsigned char *)s->init_buf->data; + + if ((p[0] != SSL3_VERSION_MAJOR) && (p[1] != SSL3_VERSION_MINOR)) + { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); + goto err; + } + p+=2; + + /* load the server hello data */ + /* load the server random */ + memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); + p+=SSL3_RANDOM_SIZE; + + /* get the session-id */ + j= *(p++); + + if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) + { + /* SSLref returns 16 :-( */ + if (j < SSL2_SSL_SESSION_ID_LENGTH) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); + goto f_err; + } + } + if (j == 0) + { + s->hit=0; + memset(s->session->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + s->session->session_id_length=0; + } + else if ((j == s->session->session_id_length) && + (memcmp(p,s->session->session_id,j) == 0)) + s->hit=1; + else + { + memcpy(s->session->session_id,p,j); + s->session->session_id_length=j; + s->hit=0; + } + p+=j; + c=ssl_get_cipher_by_char(s,p); + if (c == NULL) + { + /* unknown cipher */ + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); + goto f_err; + } + p+=ssl_put_cipher_by_char(s,NULL,NULL); + + sk=ssl_get_ciphers_by_id(s); + i=sk_find(sk,(char *)c); + if (i < 0) + { + /* we did not say we would use this cipher */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); + goto f_err; + } + + if (s->hit && (s->session->cipher != c)) + { + if (!(s->ctx->options & + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + goto f_err; + } + } + s->s3->tmp.new_cipher=c; + + /* lets get the compression algorithm */ + j= *(p++); + if (j != 0) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + goto f_err; + } + + if (p != (d+n)) + { + /* wrong packet length */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); + goto err; + } + + return(1); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(-1); + } + +static int ssl3_get_server_certificate(s) +SSL *s; + { + int al,i,ok,ret= -1; + unsigned long n,nc,llen,l; + X509 *x=NULL; + unsigned char *p,*d,*q; + STACK *sk=NULL; + CERT *c; + EVP_PKEY *pkey=NULL; + + n=ssl3_get_message(s, + SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, + -1, +#if defined(MSDOS) && !defined(WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif + &ok); + + if (!ok) return((int)n); + + if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) + { + s->s3->tmp.reuse_message=1; + return(1); + } + + if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); + goto f_err; + } + d=p=(unsigned char *)s->init_buf->data; + + if ((sk=sk_new_null()) == NULL) + { + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto err; + } + + n2l3(p,llen); + if (llen+3 != n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + for (nc=0; nc llen) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } + + q=p; + x=d2i_X509(NULL,&q,l); + if (x == NULL) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); + goto f_err; + } + if (q != (p+l)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } + if (!sk_push(sk,(char *)x)) + { + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto err; + } + x=NULL; + nc+=l+3; + p=q; + } + + i=ssl_verify_cert_chain(s,sk); + if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + { + al=ssl_verify_alarm_type(s->verify_result); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); + goto f_err; + } + + c=ssl_cert_new(); + if (c == NULL) goto err; + + if (s->session->cert) ssl_cert_free(s->session->cert); + s->session->cert=c; + + c->cert_chain=sk; + x=(X509 *)sk_value(sk,0); + sk=NULL; + + pkey=X509_get_pubkey(x); + + if (EVP_PKEY_missing_parameters(pkey)) + { + x=NULL; + al=SSL3_AL_FATAL; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + goto f_err; + } + + i=ssl_cert_type(x,pkey); + if (i < 0) + { + x=NULL; + al=SSL3_AL_FATAL; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto f_err; + } + + c->cert_type=i; + x->references++; + if (c->pkeys[i].x509 != NULL) + X509_free(c->pkeys[i].x509); + c->pkeys[i].x509=x; + c->key= &(c->pkeys[i]); + + if ((s->session != NULL) && (s->session->peer != NULL)) + X509_free(s->session->peer); + x->references++; + s->session->peer=x; + + x=NULL; + ret=1; + + if (0) + { +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + } +err: + if (x != NULL) X509_free(x); + if (sk != NULL) sk_pop_free(sk,X509_free); + return(ret); + } + +static int ssl3_get_key_exchange(s) +SSL *s; + { +#ifndef NO_RSA + unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; +#endif + EVP_MD_CTX md_ctx; + unsigned char *param,*p; + int al,i,j,param_len,ok; + long n,alg; + EVP_PKEY *pkey=NULL; + RSA *rsa=NULL; + DH *dh=NULL; + + n=ssl3_get_message(s, + SSL3_ST_CR_KEY_EXCH_A, + SSL3_ST_CR_KEY_EXCH_B, + -1, + 1024*8, /* ?? */ + &ok); + + if (!ok) return((int)n); + + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) + { + s->s3->tmp.reuse_message=1; + return(1); + } + + param=p=(unsigned char *)s->init_buf->data; + + if (s->session->cert != NULL) + { +#ifndef NO_RSA + if (s->session->cert->rsa_tmp != NULL) + { + RSA_free(s->session->cert->rsa_tmp); + s->session->cert->rsa_tmp=NULL; + } +#endif +#ifndef NO_DH + if (s->session->cert->dh_tmp) + { + DH_free(s->session->cert->dh_tmp); + s->session->cert->dh_tmp=NULL; + } +#endif + } + else + { + s->session->cert=ssl_cert_new(); + } + + param_len=0; + alg=s->s3->tmp.new_cipher->algorithms; + +#ifndef NO_RSA + if (alg & SSL_kRSA) + { + if ((rsa=RSA_new()) == NULL) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); + goto err; + } + n2s(p,i); + param_len=i+2; + if (param_len > n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); + goto f_err; + } + if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); + goto err; + } + p+=i; + + n2s(p,i); + param_len+=i+2; + if (param_len > n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); + goto f_err; + } + if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); + goto err; + } + p+=i; + n-=param_len; + +/* s->session->cert->rsa_tmp=rsa;*/ + /* this should be because we are using an export cipher */ + if (alg & SSL_aRSA) + pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + else + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + goto err; + } + s->session->cert->rsa_tmp=rsa; + } + else +#endif +#ifndef NO_DH + if (alg & SSL_kEDH) + { + if ((dh=DH_new()) == NULL) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + n2s(p,i); + param_len=i+2; + if (param_len > n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); + goto f_err; + } + if (!(dh->p=BN_bin2bn(p,i,NULL))) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); + goto err; + } + p+=i; + + n2s(p,i); + param_len+=i+2; + if (param_len > n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); + goto f_err; + } + if (!(dh->g=BN_bin2bn(p,i,NULL))) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); + goto err; + } + p+=i; + + n2s(p,i); + param_len+=i+2; + if (param_len > n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); + goto f_err; + } + if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); + goto err; + } + p+=i; + n-=param_len; + +#ifndef NO_RSA + if (alg & SSL_aRSA) + pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + else +#endif +#ifndef NO_DSA + if (alg & SSL_aDSS) + pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509); +#endif + /* else anonymous DH, so no certificate or pkey. */ + + s->session->cert->dh_tmp=dh; + } + else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); + goto f_err; + } +#endif + + /* p points to the next byte, there are 'n' bytes left */ + + + /* if it was signed, check the signature */ + if (pkey != NULL) + { + n2s(p,i); + n-=2; + j=EVP_PKEY_size(pkey); + + if ((i != n) || (n > j) || (n <= 0)) + { + /* wrong packet length */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); + goto err; + } + +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + int num; + + j=0; + q=md_buf; + for (num=2; num > 0; num--) + { + EVP_DigestInit(&md_ctx,(num == 2)?EVP_md5():EVP_sha1()); + EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx,param,param_len); + EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i); + q+=i; + j+=i; + } + i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa, + RSA_PKCS1_PADDING); + if (i <= 0) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + goto f_err; + } + if ((j != i) || (memcmp(p,md_buf,i) != 0)) + { + /* bad signature */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); + goto f_err; + } + } + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + /* lets do DSS */ + EVP_VerifyInit(&md_ctx,EVP_dss1()); + EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx,param,param_len); + if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + { + /* bad signature */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); + goto f_err; + } + } + else +#endif + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + goto err; + } + } + else + { + /* still data left over */ + if (!(alg & SSL_aNULL)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + goto err; + } + if (n != 0) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); + goto f_err; + } + } + + return(1); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(-1); + } + +static int ssl3_get_certificate_request(s) +SSL *s; + { + int ok,ret=0; + unsigned long n,nc; + unsigned int llen,l,ctype_num,i; + X509_NAME *xn=NULL; + unsigned char *p,*d,*q; + STACK *ca_sk=NULL; + + n=ssl3_get_message(s, + SSL3_ST_CR_CERT_REQ_A, + SSL3_ST_CR_CERT_REQ_B, + -1, +#if defined(MSDOS) && !defined(WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif + &ok); + + if (!ok) return((int)n); + + s->s3->tmp.cert_req=0; + + if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) + { + s->s3->tmp.reuse_message=1; + return(1); + } + + if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); + goto err; + } + + d=p=(unsigned char *)s->init_buf->data; + + if ((ca_sk=sk_new(ca_dn_cmp)) == NULL) + { + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* get the certificate types */ + ctype_num= *(p++); + if (ctype_num > SSL3_CT_NUMBER) + ctype_num=SSL3_CT_NUMBER; + for (i=0; is3->tmp.ctype[i]= p[i]; + p+=ctype_num; + + /* get the CA RDNs */ + n2s(p,llen); + if ((llen+ctype_num+2+1) != n) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); + goto err; + } + + for (nc=0; nc llen) + { + if ((s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG)) + goto cont; /* netscape bugs */ + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); + goto err; + } + + q=p; + + if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) + { + /* If netscape tollerance is on, ignore errors */ + if (s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG) + goto cont; + else + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); + goto err; + } + } + + if (q != (p+l)) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); + goto err; + } + if (!sk_push(ca_sk,(char *)xn)) + { + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); + goto err; + } + + p+=l; + nc+=l+2; + } + + if (0) + { +cont: + ERR_clear_error(); + } + + /* we should setup a certficate to return.... */ + s->s3->tmp.cert_req=1; + s->s3->tmp.ctype_num=ctype_num; + if (s->s3->tmp.ca_names != NULL) + sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + s->s3->tmp.ca_names=ca_sk; + ca_sk=NULL; + + ret=1; +err: + if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free); + return(ret); + } + +static int ca_dn_cmp(a,b) +X509_NAME **a,**b; + { + return(X509_NAME_cmp(*a,*b)); + } + +static int ssl3_get_server_done(s) +SSL *s; + { + int ok,ret=0; + long n; + + n=ssl3_get_message(s, + SSL3_ST_CR_SRVR_DONE_A, + SSL3_ST_CR_SRVR_DONE_B, + SSL3_MT_SERVER_DONE, + 30, /* should be very small, like 0 :-) */ + &ok); + + if (!ok) return((int)n); + if (n > 0) + { + /* should contain no data */ + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); + } + ret=1; + return(ret); + } + +static int ssl3_send_client_key_exchange(s) +SSL *s; + { + unsigned char *p,*d; + int n; + unsigned long l; + EVP_PKEY *pkey=NULL; + + if (s->state == SSL3_ST_CW_KEY_EXCH_A) + { + d=(unsigned char *)s->init_buf->data; + p= &(d[4]); + + l=s->s3->tmp.new_cipher->algorithms; + +#ifndef NO_RSA + if (l & SSL_kRSA) + { + RSA *rsa; + unsigned char tmp_buf[48]; + + if (s->session->cert->rsa_tmp != NULL) + rsa=s->session->cert->rsa_tmp; + else + { + pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + if ((pkey == NULL) || + (pkey->type != EVP_PKEY_RSA) || + (pkey->pkey.rsa == NULL)) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + goto err; + } + rsa=pkey->pkey.rsa; + } + + tmp_buf[0]=SSL3_VERSION_MAJOR; + tmp_buf[1]=SSL3_VERSION_MINOR; + RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2); + + s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + + n=RSA_public_encrypt(48,tmp_buf,p,rsa, + RSA_PKCS1_PADDING); + if (n <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); + goto err; + } + + s->session->master_key_length= + ssl3_generate_master_secret(s, + s->session->master_key, + tmp_buf,48); + memset(tmp_buf,0,48); + } + else +#endif +#ifndef NO_DH + if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) + { + DH *dh_srvr,*dh_clnt; + + if (s->session->cert->dh_tmp != NULL) + dh_srvr=s->session->cert->dh_tmp; + else + { + /* we get them from the cert */ + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); + goto err; + } + + /* generate a new random key */ + if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + if (!DH_generate_key(dh_clnt)) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + + /* use the 'p' output buffer for the DH key, but + * make sure to clear it out afterwards */ + n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); + if (n <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + + /* generate master key from the result */ + s->session->master_key_length= + ssl3_generate_master_secret(s, + s->session->master_key,p,n); + /* clean up */ + memset(p,0,n); + + /* send off the data */ + n=BN_num_bytes(dh_clnt->pub_key); + s2n(n,p); + BN_bn2bin(dh_clnt->pub_key,p); + n+=2; + + DH_free(dh_clnt); + + /* perhaps clean things up a bit EAY EAY EAY EAY*/ + } + else +#endif + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + goto err; + } + + *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; + l2n3(n,d); + + s->state=SSL3_ST_CW_KEY_EXCH_B; + /* number of bytes to write */ + s->init_num=n+4; + s->init_off=0; + } + + /* SSL3_ST_CW_KEY_EXCH_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); +err: + return(-1); + } + +static int ssl3_send_client_verify(s) +SSL *s; + { + unsigned char *p,*d; + unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; + EVP_PKEY *pkey; + int i=0,j; + unsigned long n; + + if (s->state == SSL3_ST_CW_CERT_VRFY_A) + { + d=(unsigned char *)s->init_buf->data; + p= &(d[4]); + pkey=s->cert->key->privatekey; + + ssl3_final_finish_mac(s,&(s->s3->finish_dgst2), + NULL,&(data[MD5_DIGEST_LENGTH])); + +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + ssl3_final_finish_mac(s,&(s->s3->finish_dgst1), + NULL,&(data[0])); + i=RSA_private_encrypt( + MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, + data,&(p[2]),pkey->pkey.rsa, + RSA_PKCS1_PADDING); + if (i <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); + goto err; + } + s2n(i,p); + n=i+2; + } + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + if (!DSA_sign(pkey->save_type, + &(data[MD5_DIGEST_LENGTH]), + SHA_DIGEST_LENGTH,&(p[2]), + (unsigned int *)&j,pkey->pkey.dsa)) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); + goto err; + } + s2n(j,p); + n=j+2; + } + else +#endif + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR); + goto err; + } + *(d++)=SSL3_MT_CERTIFICATE_VERIFY; + l2n3(n,d); + + s->init_num=(int)n+4; + s->init_off=0; + } + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); +err: + return(-1); + } + +static int ssl3_send_client_certificate(s) +SSL *s; + { + X509 *x509=NULL; + EVP_PKEY *pkey=NULL; + int i; + unsigned long l; + + if (s->state == SSL3_ST_CW_CERT_A) + { + if ((s->cert == NULL) || + (s->cert->key->x509 == NULL) || + (s->cert->key->privatekey == NULL)) + s->state=SSL3_ST_CW_CERT_B; + else + s->state=SSL3_ST_CW_CERT_C; + } + + /* We need to get a client cert */ + if (s->state == SSL3_ST_CW_CERT_B) + { + /* If we get an error, we need to + * ssl->rwstate=SSL_X509_LOOKUP; return(-1); + * We then get retied later */ + i=0; + if (s->ctx->client_cert_cb != NULL) + i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + if (i < 0) + { + s->rwstate=SSL_X509_LOOKUP; + return(-1); + } + s->rwstate=SSL_NOTHING; + if ((i == 1) && (pkey != NULL) && (x509 != NULL)) + { + s->state=SSL3_ST_CW_CERT_B; + if ( !SSL_use_certificate(s,x509) || + !SSL_use_PrivateKey(s,pkey)) + i=0; + } + else if (i == 1) + { + i=0; + SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); + } + + if (x509 != NULL) X509_free(x509); + if (pkey != NULL) EVP_PKEY_free(pkey); + if (i == 0) + { + s->s3->tmp.cert_req=0; + ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_NO_CERTIFICATE); + return(1); + } + + /* Ok, we have a cert */ + s->state=SSL3_ST_CW_CERT_C; + } + + if (s->state == SSL3_ST_CW_CERT_C) + { + s->state=SSL3_ST_CW_CERT_D; + l=ssl3_output_cert_chain(s,s->cert->key->x509); + s->init_num=(int)l; + s->init_off=0; + } + /* SSL3_ST_CW_CERT_D */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + +#define has_bits(i,m) (((i)&(m)) == (m)) + +static int ssl3_check_cert_and_algorithm(s) +SSL *s; + { + int i,idx; + long algs; + EVP_PKEY *pkey=NULL; + CERT *c; + RSA *rsa; + DH *dh; + + c=s->session->cert; + + if (c == NULL) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR); + goto err; + } + + algs=s->s3->tmp.new_cipher->algorithms; + + /* we don't have a certificate */ + if (algs & (SSL_aDH|SSL_aNULL)) + return(1); + + rsa=s->session->cert->rsa_tmp; + dh=s->session->cert->dh_tmp; + + /* This is the passed certificate */ + + idx=c->cert_type; + pkey=X509_get_pubkey(c->pkeys[idx].x509); + i=X509_certificate_type(c->pkeys[idx].x509,pkey); + + + /* Check that we have a certificate if we require one */ + if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); + goto f_err; + } +#ifndef NO_DSA + else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); + goto f_err; + } +#endif + + if ((algs & SSL_kRSA) && + !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } +#ifndef NO_DH + else if ((algs & SSL_kEDH) && + !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); + goto f_err; + } + else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); + goto f_err; + } +#ifndef NO_DSA + else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); + goto f_err; + } +#endif +#endif + + if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP)) + { +#ifndef NO_RSA + if (algs & SSL_kRSA) + { + if ((rsa == NULL) || (RSA_size(rsa) > 512)) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + goto f_err; + } + } + else +#endif +#ifndef NO_DH + if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) + { + if ((dh == NULL) || (DH_size(dh) > 512)) + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; + } + } + else +#endif + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + goto f_err; + } + } + return(1); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE); +err: + return(0); + } + diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c new file mode 100644 index 0000000000000000000000000000000000000000..f1cd25e3d35bab4498c2d989736fd66e2227a2b2 --- /dev/null +++ b/ssl/s3_enc.c @@ -0,0 +1,481 @@ +/* ssl/s3_enc.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "evp.h" +#include "ssl_locl.h" + +static unsigned char ssl3_pad_1[48]={ + 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, + 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, + 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, + 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, + 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, + 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; + +static unsigned char ssl3_pad_2[48]={ + 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, + 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, + 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, + 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, + 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, + 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; + +int ssl3_change_cipher_state(s,which) +SSL *s; +int which; + { + unsigned char *p,*key_block,*mac_secret; + unsigned char exp_key[EVP_MAX_KEY_LENGTH]; + unsigned char exp_iv[EVP_MAX_KEY_LENGTH]; + unsigned char *ms,*key,*iv,*er1,*er2; + EVP_CIPHER_CTX *dd; + EVP_CIPHER *c; + SSL_COMPRESSION *comp; + EVP_MD *m; + MD5_CTX md; + int exp,n,i,j,k; + + exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0; + c=s->s3->tmp.new_sym_enc; + m=s->s3->tmp.new_hash; + comp=s->s3->tmp.new_compression; + key_block=s->s3->tmp.key_block; + + if (which & SSL3_CC_READ) + { + if ((s->enc_read_ctx == NULL) && + ((s->enc_read_ctx=(EVP_CIPHER_CTX *) + Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + goto err; + dd= s->enc_read_ctx; + s->read_hash=m; + s->read_compression=comp; + memset(&(s->s3->read_sequence[0]),0,8); + mac_secret= &(s->s3->read_mac_secret[0]); + } + else + { + if ((s->enc_write_ctx == NULL) && + ((s->enc_write_ctx=(EVP_CIPHER_CTX *) + Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + goto err; + dd= s->enc_write_ctx; + s->write_hash=m; + s->write_compression=comp; + memset(&(s->s3->write_sequence[0]),0,8); + mac_secret= &(s->s3->write_mac_secret[0]); + } + + p=s->s3->tmp.key_block; + i=EVP_MD_size(m); + j=(exp)?5:EVP_CIPHER_key_length(c); + k=EVP_CIPHER_iv_length(c); + if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || + (which == SSL3_CHANGE_CIPHER_SERVER_READ)) + { + ms= &(p[ 0]); n=i+i; + key= &(p[ n]); n+=j+j; + iv= &(p[ n]); n+=k+k; + er1= &(s->s3->client_random[0]); + er2= &(s->s3->server_random[0]); + } + else + { + n=i; + ms= &(p[ n]); n+=i+j; + key= &(p[ n]); n+=j+k; + iv= &(p[ n]); n+=k; + er1= &(s->s3->server_random[0]); + er2= &(s->s3->client_random[0]); + } + + if (n > s->s3->tmp.key_block_length) + { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR); + goto err2; + } + + memcpy(mac_secret,ms,i); + if (exp) + { + /* In here I set both the read and write key/iv to the + * same value since only the correct one will be used :-). + */ + MD5_Init(&md); + MD5_Update(&md,key,j); + MD5_Update(&md,er1,SSL3_RANDOM_SIZE); + MD5_Update(&md,er2,SSL3_RANDOM_SIZE); + MD5_Final(&(exp_key[0]),&md); + key= &(exp_key[0]); + + MD5_Init(&md); + MD5_Update(&md,er1,SSL3_RANDOM_SIZE); + MD5_Update(&md,er2,SSL3_RANDOM_SIZE); + MD5_Final(&(exp_iv[0]),&md); + iv= &(exp_iv[0]); + } + + s->session->key_arg_length=k; + if (k > 0) + memcpy(&(s->session->key_arg[0]),iv,k); + + EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); + memset(&(exp_key[0]),0,sizeof(exp_key)); + memset(&(exp_iv[0]),0,sizeof(exp_iv)); + return(1); +err: + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); +err2: + return(0); + } + +int ssl3_setup_key_block(s) +SSL *s; + { + unsigned char *p; + EVP_CIPHER *c; + EVP_MD *hash; + int num,exp; + + if (s->s3->tmp.key_block_length != 0) + return(1); + + if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash)) + { + SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + return(0); + } + + s->s3->tmp.new_sym_enc=c; + s->s3->tmp.new_hash=hash; + + exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0; + + num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); + num*=2; + + ssl3_cleanup_key_block(s); + + if ((p=(unsigned char *)Malloc(num)) == NULL) + goto err; + + s->s3->tmp.key_block_length=num; + s->s3->tmp.key_block=p; + + ssl3_generate_key_block(s,p,num); + + return(1); +err: + SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); + return(0); + } + +void ssl3_cleanup_key_block(s) +SSL *s; + { + if (s->s3->tmp.key_block != NULL) + { + memset(s->s3->tmp.key_block,0, + s->s3->tmp.key_block_length); + Free(s->s3->tmp.key_block); + s->s3->tmp.key_block=NULL; + } + s->s3->tmp.key_block_length=0; + } + +int ssl3_enc(s,send) +SSL *s; +int send; + { + SSL3_RECORD *rec; + EVP_CIPHER_CTX *ds; + unsigned long l; + int bs,i; + EVP_CIPHER *enc; + SSL_COMPRESSION *comp; + + if (send) + { + ds=s->enc_write_ctx; + rec= &(s->s3->wrec); + if (s->enc_write_ctx == NULL) + { enc=NULL; comp=NULL; } + else + { + enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); + comp=s->write_compression; + } + } + else + { + ds=s->enc_read_ctx; + rec= &(s->s3->rrec); + if (s->enc_read_ctx == NULL) + { enc=NULL; comp=NULL; } + else + { + enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); + comp=s->read_compression; + } + } + + if ((s->session == NULL) || (ds == NULL) || + ((enc == NULL) && (comp == NULL))) + { + memcpy(rec->data,rec->input,rec->length); + rec->input=rec->data; + } + else + { + l=rec->length; + bs=EVP_CIPHER_block_size(ds->cipher); + + /* This should be using (bs-1) and bs instead of 7 and 8 */ + if ((bs != 1) && send) + { + i=bs-((int)l%bs); + + /* we need to add 'i-1' padding bytes */ + l+=i; + rec->length+=i; + rec->input[l-1]=(i-1); + } + + EVP_Cipher(ds,rec->data,rec->input,l); + + if ((bs != 1) && !send) + { + i=rec->data[l-1]+1; + if (i > bs) + { + SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_BAD_RECORD_MAC); + return(0); + } + rec->length-=i; + } + } + return(1); + } + +void ssl3_init_finished_mac(s) +SSL *s; + { + EVP_DigestInit(&(s->s3->finish_dgst1),EVP_md5()); + EVP_DigestInit(&(s->s3->finish_dgst2),EVP_sha1()); + } + +void ssl3_finish_mac(s,buf,len) +SSL *s; +unsigned char *buf; +int len; + { + EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len); + EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len); + } + +int ssl3_final_finish_mac(s,in_ctx,sender,p) +SSL *s; +EVP_MD_CTX *in_ctx; +unsigned char *sender; +unsigned char *p; + { + unsigned int ret; + int npad,n; + unsigned int i; + unsigned char md_buf[EVP_MAX_MD_SIZE]; + EVP_MD_CTX ctx; + + memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX)); + + n=EVP_MD_CTX_size(&ctx); + npad=(48/n)*n; + + if (sender != NULL) + EVP_DigestUpdate(&ctx,sender,4); + EVP_DigestUpdate(&ctx,s->session->master_key, + s->session->master_key_length); + EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); + EVP_DigestFinal(&ctx,md_buf,&i); + + EVP_DigestInit(&ctx,EVP_MD_CTX_type(&ctx)); + EVP_DigestUpdate(&ctx,s->session->master_key, + s->session->master_key_length); + EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); + EVP_DigestUpdate(&ctx,md_buf,i); + EVP_DigestFinal(&ctx,p,&ret); + + memset(&ctx,0,sizeof(EVP_MD_CTX)); + + return((int)ret); + } + +int ssl3_mac(ssl,md,send) +SSL *ssl; +unsigned char *md; +int send; + { + SSL3_RECORD *rec; + unsigned char *mac_sec,*seq; + EVP_MD_CTX md_ctx; + EVP_MD *hash; + unsigned char *p,rec_char; + unsigned int md_size; + int npad,i; + + if (send) + { + rec= &(ssl->s3->wrec); + mac_sec= &(ssl->s3->write_mac_secret[0]); + seq= &(ssl->s3->write_sequence[0]); + hash=ssl->write_hash; + } + else + { + rec= &(ssl->s3->rrec); + mac_sec= &(ssl->s3->read_mac_secret[0]); + seq= &(ssl->s3->read_sequence[0]); + hash=ssl->read_hash; + } + + md_size=EVP_MD_size(hash); + npad=(48/md_size)*md_size; + +#ifdef MAC_DEBUG +printf("npad=%d md_size=%d",npad,md_size); +printf("\nmsec="); +for (i=0; itype,rec->length); +for (i=0; ilength; i++) printf("%02X",rec->input[i]); +printf("\n"); +#endif + + /* Chop the digest off the end :-) */ + + EVP_DigestInit( &md_ctx,hash); + EVP_DigestUpdate(&md_ctx,mac_sec,md_size); + EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); + EVP_DigestUpdate(&md_ctx,seq,8); + rec_char=rec->type; + EVP_DigestUpdate(&md_ctx,&rec_char,1); + p=md; + s2n(rec->length,p); + EVP_DigestUpdate(&md_ctx,md,2); + EVP_DigestUpdate(&md_ctx,rec->input,rec->length); + EVP_DigestFinal( &md_ctx,md,NULL); + + EVP_DigestInit( &md_ctx,hash); + EVP_DigestUpdate(&md_ctx,mac_sec,md_size); + EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); + EVP_DigestUpdate(&md_ctx,md,md_size); + EVP_DigestFinal( &md_ctx,md,&md_size); + + for (i=7; i>=0; i--) + if (++seq[i]) break; + +#ifdef MAC_DEBUG +printf("md="); +for (i=0; is3->client_random[0]), + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), + SSL3_RANDOM_SIZE); + EVP_DigestFinal(&ctx,buf,&n); + + EVP_DigestInit(&ctx,EVP_md5()); + EVP_DigestUpdate(&ctx,p,len); + EVP_DigestUpdate(&ctx,buf,n); + EVP_DigestFinal(&ctx,out,&n); + out+=n; + ret+=n; + } + return(ret); + } + diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..b7bac8e10f083c934b3cd6046ffd61f6873bc4dd --- /dev/null +++ b/ssl/s3_lib.c @@ -0,0 +1,915 @@ +/* ssl/s3_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "ssl_locl.h" + +char *ssl3_version_str="SSLv3 part of SSLeay 0.8.1b 29-Jun-1998"; + +#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) + +#ifndef NOPROTO +static long ssl3_default_timeout(void ); +#else +static long ssl3_default_timeout(); +#endif + +SSL_CIPHER ssl3_ciphers[]={ +/* The RSA ciphers */ +/* Cipher 01 */ + { + 1, + SSL3_TXT_RSA_NULL_MD5, + SSL3_CK_RSA_NULL_MD5, + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 02 */ + { + 1, + SSL3_TXT_RSA_NULL_SHA, + SSL3_CK_RSA_NULL_SHA, + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, + +/* anon DH */ +/* Cipher 17 */ + { + 1, + SSL3_TXT_ADH_RC4_40_MD5, + SSL3_CK_ADH_RC4_40_MD5, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 18 */ + { + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 19 */ + { + 1, + SSL3_TXT_ADH_DES_40_CBC_SHA, + SSL3_CK_ADH_DES_40_CBC_SHA, + SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 1A */ + { + 1, + SSL3_TXT_ADH_DES_64_CBC_SHA, + SSL3_CK_ADH_DES_64_CBC_SHA, + SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 1B */ + { + 1, + SSL3_TXT_ADH_DES_196_CBC_SHA, + SSL3_CK_ADH_DES_196_CBC_SHA, + SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, + +/* RSA again */ +/* Cipher 03 */ + { + 1, + SSL3_TXT_RSA_RC4_40_MD5, + SSL3_CK_RSA_RC4_40_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 04 */ + { + 1, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 05 */ + { + 1, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 06 */ + { + 1, + SSL3_TXT_RSA_RC2_40_MD5, + SSL3_CK_RSA_RC2_40_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 07 */ + { + 1, + SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_CK_RSA_IDEA_128_SHA, + SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 08 */ + { + 1, + SSL3_TXT_RSA_DES_40_CBC_SHA, + SSL3_CK_RSA_DES_40_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 09 */ + { + 1, + SSL3_TXT_RSA_DES_64_CBC_SHA, + SSL3_CK_RSA_DES_64_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 0A */ + { + 1, + SSL3_TXT_RSA_DES_192_CBC3_SHA, + SSL3_CK_RSA_DES_192_CBC3_SHA, + SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, + +/* The DH ciphers */ +/* Cipher 0B */ + { + 0, + SSL3_TXT_DH_DSS_DES_40_CBC_SHA, + SSL3_CK_DH_DSS_DES_40_CBC_SHA, + SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 0C */ + { + 0, + SSL3_TXT_DH_DSS_DES_64_CBC_SHA, + SSL3_CK_DH_DSS_DES_64_CBC_SHA, + SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 0D */ + { + 0, + SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, + SSL3_CK_DH_DSS_DES_192_CBC3_SHA, + SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 0E */ + { + 0, + SSL3_TXT_DH_RSA_DES_40_CBC_SHA, + SSL3_CK_DH_RSA_DES_40_CBC_SHA, + SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 0F */ + { + 0, + SSL3_TXT_DH_RSA_DES_64_CBC_SHA, + SSL3_CK_DH_RSA_DES_64_CBC_SHA, + SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 10 */ + { + 0, + SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, + SSL3_CK_DH_RSA_DES_192_CBC3_SHA, + SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, + +/* The Ephemeral DH ciphers */ +/* Cipher 11 */ + { + 1, + SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, + SSL3_CK_EDH_DSS_DES_40_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 12 */ + { + 1, + SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, + SSL3_CK_EDH_DSS_DES_64_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 13 */ + { + 1, + SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, + SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, + SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 14 */ + { + 1, + SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, + SSL3_CK_EDH_RSA_DES_40_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 15 */ + { + 1, + SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, + SSL3_CK_EDH_RSA_DES_64_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + 0, + SSL_ALL_CIPHERS, + }, +/* Cipher 16 */ + { + 1, + SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, + SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, + SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + 0, + SSL_ALL_CIPHERS, + }, + +/* Fortezza */ +/* Cipher 1C */ + { + 0, + SSL3_TXT_FZA_DMS_NULL_SHA, + SSL3_CK_FZA_DMS_NULL_SHA, + SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, + +/* Cipher 1D */ + { + 0, + SSL3_TXT_FZA_DMS_FZA_SHA, + SSL3_CK_FZA_DMS_FZA_SHA, + SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, + +/* Cipher 1E */ + { + 0, + SSL3_TXT_FZA_DMS_RC4_SHA, + SSL3_CK_FZA_DMS_RC4_SHA, + SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + 0, + SSL_ALL_CIPHERS, + }, + +/* end of list */ + }; + +static SSL_METHOD SSLv3_data= { + 3, + ssl3_new, + ssl3_clear, + ssl3_free, + ssl_undefined_function, + ssl_undefined_function, + ssl3_read, + ssl3_peek, + ssl3_write, + ssl3_shutdown, + ssl3_renegotiate, + ssl3_ctrl, + ssl3_ctx_ctrl, + ssl3_get_cipher_by_char, + ssl3_put_cipher_by_char, + ssl3_pending, + ssl3_num_ciphers, + ssl3_get_cipher, + ssl_bad_method, + ssl3_default_timeout, + }; + +static long ssl3_default_timeout() + { + /* 2 hours, the 24 hours mentioned in the SSLv3 spec + * is way too long for http, the cache would over fill */ + return(60*60*2); + } + +SSL_METHOD *sslv3_base_method() + { + return(&SSLv3_data); + } + +int ssl3_num_ciphers() + { + return(SSL3_NUM_CIPHERS); + } + +SSL_CIPHER *ssl3_get_cipher(u) +unsigned int u; + { + if (u < SSL3_NUM_CIPHERS) + return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); + else + return(NULL); + } + +/* The problem is that it may not be the correct record type */ +int ssl3_pending(s) +SSL *s; + { + return(s->s3->rrec.length); + } + +int ssl3_new(s) +SSL *s; + { + SSL3_CTX *s3; + + if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; + + s->s3=s3; + s->s3->tmp.ca_names=NULL; + s->s3->tmp.key_block=NULL; + s->s3->rbuf.buf=NULL; + s->s3->wbuf.buf=NULL; + + ssl3_clear(s); + return(1); +err: + return(0); + } + +void ssl3_free(s) +SSL *s; + { + ssl3_cleanup_key_block(s); + if (s->s3->rbuf.buf != NULL) + Free(s->s3->rbuf.buf); + if (s->s3->wbuf.buf != NULL) + Free(s->s3->wbuf.buf); +#ifndef NO_DH + if (s->s3->tmp.dh != NULL) + DH_free(s->s3->tmp.dh); +#endif + if (s->s3->tmp.ca_names != NULL) + sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + memset(s->s3,0,sizeof(SSL3_CTX)); + Free(s->s3); + s->s3=NULL; + } + +void ssl3_clear(s) +SSL *s; + { + unsigned char *rp,*wp; + + ssl3_cleanup_key_block(s); + if (s->s3->tmp.ca_names != NULL) + sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + + rp=s->s3->rbuf.buf; + wp=s->s3->wbuf.buf; + + memset(s->s3,0,sizeof(SSL3_CTX)); + if (rp != NULL) + { + s->packet= &(s->s3->rbuf.buf[0]); + s->s3->rbuf.buf=rp; + s->s3->wbuf.buf=wp; + } + else + s->packet=NULL; + s->packet_length=0; + s->version=3; + } + +long ssl3_ctrl(s,cmd,larg,parg) +SSL *s; +int cmd; +long larg; +char *parg; + { + return(0); + } + +long ssl3_ctx_ctrl(ctx,cmd,larg,parg) +SSL_CTX *ctx; +int cmd; +long larg; +char *parg; + { + CERT *cert; + + cert=ctx->default_cert; + + switch (cmd) + { +#ifndef NO_RSA + case SSL_CTRL_NEED_TMP_RSA: + if ( (cert->rsa_tmp == NULL) && + ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || + (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) + ) + return(1); + else + return(0); + break; + case SSL_CTRL_SET_TMP_RSA: + { + RSA *rsa; + int i; + + rsa=(RSA *)parg; + i=1; + if (rsa == NULL) + i=0; + else + { + if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) + i=0; + } + if (!i) + { + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); + return(0); + } + else + { + if (cert->rsa_tmp != NULL) + RSA_free(cert->rsa_tmp); + cert->rsa_tmp=rsa; + return(1); + } + } + break; + case SSL_CTRL_SET_TMP_RSA_CB: + cert->rsa_tmp_cb=(RSA *(*)())parg; + break; +#endif +#ifndef NO_DH + case SSL_CTRL_SET_TMP_DH: + { + DH *new=NULL,*dh; + + dh=(DH *)parg; + if ( ((new=DHparams_dup(dh)) == NULL) || + (!DH_generate_key(new))) + { + SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); + if (new != NULL) DH_free(new); + return(0); + } + else + { + if (cert->dh_tmp != NULL) + DH_free(cert->dh_tmp); + cert->dh_tmp=new; + return(1); + } + } + break; + case SSL_CTRL_SET_TMP_DH_CB: + cert->dh_tmp_cb=(DH *(*)())parg; + break; +#endif + default: + return(0); + } + return(1); + } + +/* This function needs to check if the ciphers required are actually + * available */ +SSL_CIPHER *ssl3_get_cipher_by_char(p) +unsigned char *p; + { + static int init=1; + static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; + SSL_CIPHER c,*cp= &c,**cpp; + unsigned long id; + int i; + + if (init) + { + init=0; + + for (i=0; ivalid) + return(NULL); + else + return(*cpp); + } + +int ssl3_put_cipher_by_char(c,p) +SSL_CIPHER *c; +unsigned char *p; + { + long l; + + if (p != NULL) + { + l=c->id; + if ((l & 0xff000000) != 0x03000000) return(0); + p[0]=((unsigned char)(l>> 8L))&0xFF; + p[1]=((unsigned char)(l ))&0xFF; + } + return(2); + } + +void ssl3_generate_key_block(s,km,num) +SSL *s; +unsigned char *km; +int num; + { + MD5_CTX m5; + SHA_CTX s1; + unsigned char buf[8],smd[SHA_DIGEST_LENGTH]; + unsigned char c='A'; + int i,j,k; + + k=0; + for (i=0; isession->master_key, + s->session->master_key_length); + SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); + SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); + SHA1_Final( smd,&s1); + + MD5_Init( &m5); + MD5_Update(&m5,s->session->master_key, + s->session->master_key_length); + MD5_Update(&m5,smd,SHA_DIGEST_LENGTH); + if ((i+MD5_DIGEST_LENGTH) > num) + { + MD5_Final(smd,&m5); + memcpy(km,smd,(num-i)); + } + else + MD5_Final(km,&m5); + + km+=MD5_DIGEST_LENGTH; + } + memset(smd,0,SHA_DIGEST_LENGTH); + } + +int ssl3_part_read(s,i) +SSL *s; +int i; + { + s->rwstate=SSL_READING; + + if (i < 0) + { + return(i); + } + else + { + s->init_num+=i; + return(0); + } + } + +SSL_CIPHER *ssl3_choose_cipher(s,have,pref) +SSL *s; +STACK *have,*pref; + { + SSL_CIPHER *c,*ret=NULL; + int i,j,ok; + CERT *cert; + unsigned long alg,mask,emask; + + /* Lets see which ciphers we can supported */ + if (s->cert != NULL) + cert=s->cert; + else + cert=s->ctx->default_cert; + + ssl_set_cert_masks(cert); + mask=cert->mask; + emask=cert->export_mask; + + sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); + + for (i=0; ialgorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); + if (alg & SSL_EXPORT) + { + ok=((alg & emask) == alg)?1:0; +#ifdef CIPHER_DEBUG + printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); +#endif + } + else + { + ok=((alg & mask) == alg)?1:0; +#ifdef CIPHER_DEBUG + printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); +#endif + } + + if (!ok) continue; + + j=sk_find(pref,(char *)c); + if (j >= 0) + { + ret=(SSL_CIPHER *)sk_value(pref,j); + break; + } + } + return(ret); + } + +int ssl3_get_req_cert_type(s,p) +SSL *s; +unsigned char *p; + { + int ret=0; + unsigned long alg; + + alg=s->s3->tmp.new_cipher->algorithms; + +#ifndef NO_DH + if (alg & (SSL_kDHr|SSL_kEDH)) + { +#ifndef NO_RSA + p[ret++]=SSL3_CT_RSA_FIXED_DH; +#endif +#ifndef NO_DSA + p[ret++]=SSL3_CT_DSS_FIXED_DH; +#endif + } + if (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)) + { +#ifndef NO_RSA + p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; +#endif +#ifndef NO_DSA + p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; +#endif + } +#endif /* !NO_DH */ +#ifndef NO_RSA + p[ret++]=SSL3_CT_RSA_SIGN; +#endif +/* p[ret++]=SSL3_CT_DSS_SIGN; */ + return(ret); + } + +int ssl3_shutdown(s) +SSL *s; + { + + /* Don't do anything much if we have not done the handshake or + * we don't want to send messages :-) */ + if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) + { + s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + return(1); + } + + if (!(s->shutdown & SSL_SENT_SHUTDOWN)) + { + s->shutdown|=SSL_SENT_SHUTDOWN; +#if 1 + ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_CLOSE_NOTIFY); +#endif + /* our shutdown alert has been sent now, and if it still needs + * to be written, s->s3->alert_dispatch will be true */ + } + else if (s->s3->alert_dispatch) + { + /* resend it if not sent */ +#if 1 + ssl3_dispatch_alert(s); +#endif + } + else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) + { + /* If we are waiting for a close from our peer, we are closed */ + ssl3_read_bytes(s,0,NULL,0); + } + + if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && + !s->s3->alert_dispatch) + return(1); + else + return(0); + } + +int ssl3_write(s,buf,len) +SSL *s; +const char *buf; +int len; + { + int ret,n; + BIO *under; + +#if 0 + if (s->shutdown & SSL_SEND_SHUTDOWN) + { + s->rwstate=SSL_NOTHING; + return(0); + } +#endif + errno=0; + + /* This is an experimental flag that sends the + * last handshake message in the same packet as the first + * use data - used to see if it helps the TCP protocol during + * session-id reuse */ + /* The second test is because the buffer may have been removed */ + if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) + { + /* First time through, we write into the buffer */ + if (s->s3->delay_buf_pop_ret == 0) + { + ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, + (char *)buf,len); + if (ret <= 0) return(ret); + + s->s3->delay_buf_pop_ret=ret; + } + + s->rwstate=SSL_WRITING; + n=BIO_flush(s->wbio); + if (n <= 0) return(n); + s->rwstate=SSL_NOTHING; + + /* We have flushed the buffer */ + under=BIO_pop(s->wbio); + s->wbio=under; + BIO_free(s->bbio); + s->bbio=NULL; + ret=s->s3->delay_buf_pop_ret; + s->s3->delay_buf_pop_ret=0; + + s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; + } + else + { + ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, + (char *)buf,len); + if (ret <= 0) return(ret); + } + return(ret); + } + +int ssl3_read(s,buf,len) +SSL *s; +char *buf; +int len; + { + errno=0; + return(ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len)); + } + +int ssl3_peek(s,buf,len) +SSL *s; +char *buf; +int len; + { + SSL3_RECORD *rr; + int n; + + rr= &(s->s3->rrec); + if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA)) + return(0); + + if ((unsigned int)len > rr->length) + n=rr->length; + else + n=len; + memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); + return(n); + } + +int ssl3_renegotiate(s) +SSL *s; + { + if (s->handshake_func == NULL) + return(1); + + if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) + return(0); + + if (!SSL_in_init(s)) + s->state=SSL_ST_RENEGOTIATE; + return(1); + } + diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c new file mode 100644 index 0000000000000000000000000000000000000000..4762b214421fa014c22bf4af939b0aacc05e957f --- /dev/null +++ b/ssl/s3_meth.c @@ -0,0 +1,88 @@ +/* ssl/s3_meth.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "ssl_locl.h" + +static SSL_METHOD *ssl3_get_method(ver) +int ver; + { + if (ver == 3) + return(SSLv3_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv3_method() + { + static int init=1; + static SSL_METHOD SSLv3_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(), + sizeof(SSL_METHOD)); + SSLv3_data.ssl_connect=ssl3_connect; + SSLv3_data.ssl_accept=ssl3_accept; + SSLv3_data.get_ssl_method=ssl3_get_method; + } + return(&SSLv3_data); + } + diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c new file mode 100644 index 0000000000000000000000000000000000000000..3be69ef13889c3834bb9a0fcbac291b975c064ba --- /dev/null +++ b/ssl/s3_pkt.c @@ -0,0 +1,963 @@ +/* ssl/s3_pkt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#define USE_SOCKETS +#include "evp.h" +#include "buffer.h" +#include "ssl_locl.h" + +/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN); + * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); + */ + +#ifndef NOPROTO +static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len); +static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len); +static int ssl3_get_record(SSL *s); +static int do_compress(SSL *ssl); +static int do_uncompress(SSL *ssl); +#else +static int do_ssl3_write(); +static int ssl3_write_pending(); +static int ssl3_get_record(); +static int do_compress(); +static int do_uncompress(); +#endif + +static int ssl3_read_n(s,n,max,extend) +SSL *s; +int n; +int max; +int extend; + { + int i,off,newb; + + /* if there is stuff still in the buffer from a previous read, + * and there is more than we want, take some. */ + if (s->s3->rbuf.left >= (int)n) + { + if (extend) + s->packet_length+=n; + else + { + s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]); + s->packet_length=n; + } + s->s3->rbuf.left-=n; + s->s3->rbuf.offset+=n; + return(n); + } + + /* else we need to read more data */ + if (!s->read_ahead) max=n; + if (max > SSL3_RT_MAX_PACKET_SIZE) + max=SSL3_RT_MAX_PACKET_SIZE; + + /* First check if there is some left or we want to extend */ + off=0; + if ( (s->s3->rbuf.left != 0) || + ((s->packet_length != 0) && extend)) + { + newb=s->s3->rbuf.left; + if (extend) + { + /* Copy bytes back to the front of the buffer + * Take the bytes already pointed to by 'packet' + * and take the extra ones on the end. */ + off=s->packet_length; + if (s->packet != s->s3->rbuf.buf) + memcpy(s->s3->rbuf.buf,s->packet,newb+off); + } + else if (s->s3->rbuf.offset != 0) + { /* so the data is not at the start of the buffer */ + memcpy(s->s3->rbuf.buf, + &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb); + s->s3->rbuf.offset=0; + } + + s->s3->rbuf.left=0; + } + else + newb=0; + + /* So we now have 'newb' bytes at the front of + * s->s3->rbuf.buf and need to read some more in on the end + * We start reading into the buffer at 's->s3->rbuf.offset' + */ + s->packet=s->s3->rbuf.buf; + + while (newb < n) + { + errno=0; + if (s->rbio != NULL) + { + s->rwstate=SSL_READING; + i=BIO_read(s->rbio, + (char *)&(s->s3->rbuf.buf[off+newb]), + max-newb); + } + else + { + SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); + i= -1; + } + + if (i <= 0) + { + s->s3->rbuf.left+=newb; + return(i); + } + newb+=i; + } + + /* record used data read */ + if (newb > n) + { + s->s3->rbuf.offset=n+off; + s->s3->rbuf.left=newb-n; + } + else + { + s->s3->rbuf.offset=0; + s->s3->rbuf.left=0; + } + + if (extend) + s->packet_length+=n; + else + s->packet_length+=n; + return(n); + } + +/* Call this to get a new input record. + * It will return <= 0 if more data is needed, normally due to an error + * or non-blocking IO. + * When it finishes, one packet has been decoded and can be found in + * ssl->s3->rrec.type - is the type of record + * ssl->s3->rrec.data, - data + * ssl->s3->rrec.length, - number of bytes + */ +static int ssl3_get_record(s) +SSL *s; + { + int ssl_major,ssl_minor,al; + int n,i,ret= -1; + SSL3_BUFFER *rb; + SSL3_RECORD *rr; + SSL_SESSION *sess; + unsigned char *p; + unsigned char md[EVP_MAX_MD_SIZE]; + short version; + unsigned int mac_size; + int clear=0,extra; + + rr= &(s->s3->rrec); + rb= &(s->s3->rbuf); + sess=s->session; + + if (s->ctx->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + extra=SSL3_RT_MAX_EXTRA; + else + extra=0; + +again: + /* check if we have the header */ + if ( (s->rstate != SSL_ST_READ_BODY) || + (s->packet_length < SSL3_RT_HEADER_LENGTH)) + { + n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, + SSL3_RT_MAX_PACKET_SIZE,0); + if (n <= 0) return(n); /* error or non-blocking */ + s->rstate=SSL_ST_READ_BODY; + + p=s->packet; + + /* Pull apart the header into the SSL3_RECORD */ + rr->type= *(p++); + ssl_major= *(p++); + ssl_minor= *(p++); + version=(ssl_major<<8)|ssl_minor; + n2s(p,rr->length); + + /* Lets check version */ + if (s->first_packet) + { + s->first_packet=0; + } + else + { + if ( (ssl_major != SSL3_VERSION_MAJOR) || + (ssl_minor != SSL3_VERSION_MINOR)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); + goto f_err; + } + } + + if (s->version != SSL3_VERSION_MAJOR) + { + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_INTERNAL_ERROR); + goto err; + } + + if (rr->length > + (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); + goto f_err; + } + + s->rstate=SSL_ST_READ_BODY; + } + + /* get and decode the data */ + if (s->rstate == SSL_ST_READ_BODY) + { + if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) + { + i=rr->length; + /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ + n=ssl3_read_n(s,i,i,1); + if (n <= 0) return(n); /* error or non-blocking io */ + } + s->rstate=SSL_ST_READ_HEADER; + } + + /* At this point, we have the data in s->packet and there should be + * s->packet_length bytes, we must not 'overrun' this buffer :-) + * One of the following functions will copy the data from the + * s->packet buffer */ + + rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); + + /* ok, we can now read from 's->packet' data into 'rr' + * rr->input points at rr->length bytes, which + * need to be copied into rr->data by either + * the decryption or by the decompression + * When the data is 'copied' into the rr->data buffer, + * rr->input will be pointed at the new buffer */ + + /* Set the state for the following operations */ + s->rstate=SSL_ST_READ_HEADER; + + /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] + * rr->length bytes of encrypted compressed stuff. */ + + /* check is not needed I belive */ + if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + goto f_err; + } + + /* decrypt in place in 'rr->input' */ + rr->data=rr->input; + + if (!ssl3_enc(s,0)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + goto f_err; + } + + /* r->length is now the compressed data plus mac */ + if ( (sess == NULL) || + (s->enc_read_ctx == NULL) || + (s->read_hash == NULL)) + clear=1; + + if (!clear) + { + mac_size=EVP_MD_size(s->read_hash); + + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); + goto f_err; + } + /* check MAC for rr->input' */ + if (rr->length < mac_size) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + rr->length-=mac_size; + i=ssl3_mac(s,md,0); + if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + { + al=SSL3_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); + ret=SSL_RWERR_BAD_MAC_DECODE; + goto f_err; + } + } + + /* r->length is now just compressed */ + if ((sess != NULL) && (sess->read_compression != NULL)) + { + if (rr->length > + (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); + goto f_err; + } + if (!do_uncompress(s)) + { + al=SSL3_AD_DECOMPRESSION_FAILURE; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); + goto f_err; + } + } + + if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) + { + al=SSL3_AD_DECOMPRESSION_FAILURE; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); + goto f_err; + } + + rr->off=0; + /* So at this point the following is true + * ssl->s3->rrec.type is the type of record + * ssl->s3->rrec.length == number of bytes in record + * ssl->s3->rrec.off == offset to first valid byte + * ssl->s3->rrec.data == where to take bytes from, increment + * after use :-). + */ + + /* we have pulled in a full packet so zero things */ + s->packet_length=0; + + /* just read a 0 length packet */ + if (rr->length == 0) goto again; + + return(1); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(ret); + } + +static int do_uncompress(ssl) +SSL *ssl; + { + return(1); + } + +static int do_compress(ssl) +SSL *ssl; + { + return(1); + } + +/* Call this write a data + * It will return <= 0 if not all data has been sent or non-blocking IO. + */ +int ssl3_write_bytes(s,type,buf,len) +SSL *s; +int type; +char *buf; +int len; + { + unsigned int tot,n,nw; + int i; + + s->rwstate=SSL_NOTHING; + tot=s->s3->wnum; + s->s3->wnum=0; + + if (SSL_in_init(s) && !s->in_handshake) + { + i=s->handshake_func(s); + if (i < 0) return(i); + if (i == 0) + { + SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + } + + n=(len-tot); + for (;;) + { + if (n > SSL3_RT_MAX_PLAIN_LENGTH) + nw=SSL3_RT_MAX_PLAIN_LENGTH; + else + nw=n; + + i=do_ssl3_write(s,type,&(buf[tot]),nw); + if (i <= 0) + { + s->s3->wnum=tot; + return(i); + } + + if (type == SSL3_RT_HANDSHAKE) + ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i); + + if (i == (int)n) return(tot+i); + + n-=i; + tot+=i; + } + } + +static int do_ssl3_write(s,type,buf,len) +SSL *s; +int type; +char *buf; +unsigned int len; + { + unsigned char *p,*plen; + int i,mac_size,clear=0; + SSL3_RECORD *wr; + SSL3_BUFFER *wb; + SSL_SESSION *sess; + + /* first check is there is a SSL3_RECORD still being written + * out. This will happen with non blocking IO */ + if (s->s3->wbuf.left != 0) + return(ssl3_write_pending(s,type,buf,len)); + + /* If we have an alert to send, lets send it */ + if (s->s3->alert_dispatch) + { + i=ssl3_dispatch_alert(s); + if (i <= 0) + return(i); + /* if it went, fall through and send more stuff */ + } + + if (len <= 0) return(len); + + wr= &(s->s3->wrec); + wb= &(s->s3->wbuf); + sess=s->session; + + if ( (sess == NULL) || + (s->enc_write_ctx == NULL) || + (s->write_hash == NULL)) + clear=1; + + if (clear) + mac_size=0; + else + mac_size=EVP_MD_size(s->write_hash); + + p=wb->buf; + + /* write the header */ + *(p++)=type&0xff; + wr->type=type; + + *(p++)=SSL3_VERSION_MAJOR; + *(p++)=SSL3_VERSION_MINOR; + + /* record where we are to write out packet length */ + plen=p; + p+=2; + + /* lets setup the record stuff. */ + wr->data=p; + wr->length=(int)len; + wr->input=(unsigned char *)buf; + + /* we now 'read' from wr->input, wr->length bytes into + * wr->data */ + + /* first we compress */ + if ((sess != NULL) && (sess->write_compression != NULL)) + { + if (!do_compress(s)) + { + SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); + goto err; + } + } + else + { + memcpy(wr->data,wr->input,wr->length); + wr->input=wr->data; + } + + /* we should still have the output to wr->data and the input + * from wr->input. Length should be wr->length. + * wr->data still points in the wb->buf */ + + if (mac_size != 0) + { + ssl3_mac(s,&(p[wr->length]),1); + wr->length+=mac_size; + wr->input=p; + wr->data=p; + } + + /* ssl3_enc can only have an error on read */ + ssl3_enc(s,1); + + /* record length after mac and block padding */ + s2n(wr->length,plen); + + /* we should now have + * wr->data pointing to the encrypted data, which is + * wr->length long */ + wr->type=type; /* not needed but helps for debugging */ + wr->length+=SSL3_RT_HEADER_LENGTH; + + /* Now lets setup wb */ + wb->left=wr->length; + wb->offset=0; + + s->s3->wpend_tot=len; + s->s3->wpend_buf=buf; + s->s3->wpend_type=type; + s->s3->wpend_ret=len; + + /* we now just need to write the buffer */ + return(ssl3_write_pending(s,type,buf,len)); +err: + return(-1); + } + +/* if s->s3->wbuf.left != 0, we need to call this */ +static int ssl3_write_pending(s,type,buf,len) +SSL *s; +int type; +char *buf; +unsigned int len; + { + int i; + + if ((s->s3->wpend_tot != (int)len) || (s->s3->wpend_buf != buf) + || (s->s3->wpend_type != type)) + { + SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); + return(SSL_RWERR_BAD_WRITE_RETRY); + } + + for (;;) + { + errno=0; + if (s->wbio != NULL) + { + s->rwstate=SSL_WRITING; + i=BIO_write(s->wbio, + (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]), + (unsigned int)s->s3->wbuf.left); + } + else + { + SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); + i= -1; + } + if (i == s->s3->wbuf.left) + { + s->s3->wbuf.left=0; + s->rwstate=SSL_NOTHING; + return(s->s3->wpend_ret); + } + else if (i <= 0) + return(i); + s->s3->wbuf.offset+=i; + s->s3->wbuf.left-=i; + } + } + +int ssl3_read_bytes(s,type,buf,len) +SSL *s; +int type; +char *buf; +int len; + { + int al,i,j,n,ret; + SSL3_RECORD *rr; + unsigned char *sender; + void (*cb)()=NULL; + + if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ + if (!ssl3_setup_buffers(s)) + return(-1); + + if (!s->in_handshake && SSL_in_before(s)) + { + i=s->handshake_func(s); + if (i < 0) return(i); + if (i == 0) + { + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + } +start: + s->rwstate=SSL_NOTHING; + + /* s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - ofset into 'data' for next read + * s->s3->rrec.length, - number of bytes. */ + rr= &(s->s3->rrec); + + /* get new packet */ + if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) + { + ret=ssl3_get_record(s); + if (ret <= 0) return(ret); + } + + /* we now have a packet which can be read and processed */ + + if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); + goto err; + } + + /* If the other end has shutdown, throw anything we read away */ + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) + { + rr->length=0; + s->rwstate=SSL_NOTHING; + return(0); + } + + /* Check for an incoming 'Client Request' message */ + if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && + (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && + (s->session != NULL) && (s->session->cipher != NULL)) + { + if ((rr->data[1] != 0) || (rr->data[2] != 0) || + (rr->data[3] != 0)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); + goto err; + } + + if (SSL_is_init_finished(s) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + { + ssl3_renegotiate(s); + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + } + rr->length=0; +/* ZZZ */ goto start; + } + + /* if it is not the type we want, or we have shutdown and want + * the peer shutdown */ + if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN)) + { + if (rr->type == SSL3_RT_ALERT) + { + if ((rr->length != 2) || (rr->off != 0)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD); + goto f_err; + } + + i=rr->data[0]; + n=rr->data[1]; + + /* clear from buffer */ + rr->length=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + if (cb != NULL) + { + j=(i<<8)|n; + cb(s,SSL_CB_READ_ALERT,j); + } + + if (i == 1) + { + s->s3->warn_alert=n; + if (n == SSL3_AD_CLOSE_NOTIFY) + { + s->shutdown|=SSL_RECEIVED_SHUTDOWN; + return(0); + } + } + else if (i == 2) + { + s->rwstate=SSL_NOTHING; + s->s3->fatal_alert=n; + SSLerr(SSL_F_SSL3_READ_BYTES,1000+n); + s->shutdown|=SSL_RECEIVED_SHUTDOWN; + SSL_CTX_remove_session(s->ctx,s->session); + return(0); + } + else + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); + goto f_err; + } + + rr->length=0; + goto start; + } + + if (s->shutdown & SSL_SENT_SHUTDOWN) + { + s->rwstate=SSL_NOTHING; + rr->length=0; + return(0); + } + + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) + { + if ( (rr->length != 1) || (rr->off != 0) || + (rr->data[0] != SSL3_MT_CCS)) + { + i=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); + goto err; + } + + rr->length=0; + + s->s3->change_cipher_spec=1; + + if (s->state & SSL_ST_ACCEPT) + i=SSL3_CHANGE_CIPHER_SERVER_READ; + else + i=SSL3_CHANGE_CIPHER_CLIENT_READ; + + if (s->s3->tmp.key_block == NULL) + { + s->session->cipher=s->s3->tmp.new_cipher; + if (!ssl3_setup_key_block(s)) + goto err; + } + + if (!ssl3_change_cipher_state(s,i)) + goto err; + + /* we have to record the message digest at + * this point so we can get it before we read + * the finished message */ + sender=(s->state & SSL_ST_CONNECT) + ?&(ssl3_server_finished_const[0]) + :&(ssl3_client_finished_const[0]); + + ssl3_final_finish_mac(s,&(s->s3->finish_dgst1), + sender,&(s->s3->tmp.finish_md1[0])); + ssl3_final_finish_mac(s,&(s->s3->finish_dgst2), + sender,&(s->s3->tmp.finish_md2[0])); + + goto start; + } + + /* else we have a handshake */ + if ((rr->type == SSL3_RT_HANDSHAKE) && + !s->in_handshake) + { + if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + { + s->state=SSL_ST_BEFORE; + s->new_session=1; + } + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + goto start; + } + + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + } + + /* make sure that we are not getting application data when we + * are doing a handshake for the first time */ + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && + (s->enc_read_ctx == NULL)) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); + goto f_err; + } + + if (len <= 0) return(len); + + if ((unsigned int)len > rr->length) + n=rr->length; + else + n=len; + + memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); + rr->length-=n; + rr->off+=n; + if (rr->length <= 0) + s->rstate=SSL_ST_READ_HEADER; + + if (type == SSL3_RT_HANDSHAKE) + ssl3_finish_mac(s,(unsigned char *)buf,n); + return(n); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(-1); + } + +int ssl3_do_write(s,type) +SSL *s; +int type; + { + int ret; + + ret=ssl3_write_bytes(s,type,(char *) + &(s->init_buf->data[s->init_off]),s->init_num); + if (ret == s->init_num) + return(1); + if (ret < 0) return(-1); + s->init_off+=ret; + s->init_num-=ret; + return(0); + } + +void ssl3_send_alert(s,level,desc) +SSL *s; +int level; +int desc; + { + /* If a fatal one, remove from cache */ + if ((level == 2) && (s->session != NULL)) + SSL_CTX_remove_session(s->ctx,s->session); + + s->s3->alert_dispatch=1; + s->s3->send_alert[0]=level; + s->s3->send_alert[1]=desc; + if (s->s3->wbuf.left == 0) /* data still being written out */ + ssl3_dispatch_alert(s); + /* else data is still being written out, we will get written + * some time in the future */ + } + +int ssl3_dispatch_alert(s) +SSL *s; + { + int i,j; + void (*cb)()=NULL; + + s->s3->alert_dispatch=0; + i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2); + if (i <= 0) + { + s->s3->alert_dispatch=1; + } + else + { + /* If it is important, send it now. If the message + * does not get sent due to non-blocking IO, we will + * not worry too much. */ + if (s->s3->send_alert[0] == SSL3_AL_FATAL) + BIO_flush(s->wbio); + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + if (cb != NULL) + { + j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; + cb(s,SSL_CB_WRITE_ALERT,j); + } + } + return(i); + } + diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c new file mode 100644 index 0000000000000000000000000000000000000000..ebff57506ffbde523024b7686b7db10dca506c3e --- /dev/null +++ b/ssl/s3_srvr.c @@ -0,0 +1,1629 @@ +/* ssl/s3_srvr.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define REUSE_CIPHER_BUG + +#include +#include "buffer.h" +#include "rand.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "ssl_locl.h" + +#define BREAK break +/* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE); + * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); + */ + +#ifndef NOPROTO +static int ssl3_get_client_hello(SSL *s); +static int ssl3_send_server_hello(SSL *s); +static int ssl3_send_server_key_exchange(SSL *s); +static int ssl3_send_certificate_request(SSL *s); +static int ssl3_send_server_done(SSL *s); +static int ssl3_get_cert_verify(SSL *s); +static int ssl3_get_client_key_exchange(SSL *s); +static int ssl3_get_client_certificate(SSL *s); +static int ssl3_send_hello_request(SSL *s); + +#else + +static int ssl3_get_client_hello(); +static int ssl3_send_server_hello(); +static int ssl3_send_server_key_exchange(); +static int ssl3_send_certificate_request(); +static int ssl3_send_server_done(); +static int ssl3_get_cert_verify(); +static int ssl3_get_client_key_exchange(); +static int ssl3_get_client_certificate(); +static int ssl3_send_hello_request(); +static SSL_METHOD *ssl3_get_server_method(); + +#endif + +static SSL_METHOD *ssl3_get_server_method(ver) +int ver; + { + if (ver == 3) + return(SSLv3_server_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv3_server_method() + { + static int init=1; + static SSL_METHOD SSLv3_server_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), + sizeof(SSL_METHOD)); + SSLv3_server_data.ssl_accept=ssl3_accept; + SSLv3_server_data.get_ssl_method=ssl3_get_server_method; + } + return(&SSLv3_server_data); + } + +int ssl3_accept(s) +SSL *s; + { + BUF_MEM *buf; + unsigned long l,Time=time(NULL); + void (*cb)()=NULL; + long num1; + int ret= -1; + CERT *ct; + BIO *bbio,*under; + int new_state,state,skip=0; + + RAND_seed((unsigned char *)&Time,sizeof(Time)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + /* init things to blank */ + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + +#ifdef undef + /* FIX THIS EAY EAY EAY */ + /* we don't actually need a cert, we just need a cert or a DH_tmp */ + if (((s->session == NULL) || (s->session->cert == NULL)) && + (s->cert == NULL)) + { + SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); + ret= -1; + goto end; + } +#endif + + for (;;) + { + state=s->state; + + switch (s->state) + { + case SSL_ST_RENEGOTIATE: + s->new_session=1; + /* s->state=SSL_ST_ACCEPT; */ + + case SSL_ST_BEFORE: + case SSL_ST_ACCEPT: + case SSL_ST_BEFORE|SSL_ST_ACCEPT: + case SSL_ST_OK|SSL_ST_ACCEPT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=3; + s->type=SSL_ST_ACCEPT; + + if (s->init_buf == NULL) + { + if ((buf=BUF_MEM_new()) == NULL) + { + ret= -1; + goto end; + } + if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) + { + ret= -1; + goto end; + } + s->init_buf=buf; + } + + if (!ssl3_setup_buffers(s)) + { + ret= -1; + goto end; + } + + /* Ok, we now need to push on a buffering BIO so that + * the output is sent in a way that TCP likes :-) + */ + if (s->bbio == NULL) + { + bbio=BIO_new(BIO_f_buffer()); + if (bbio == NULL) + { + SSLerr(SSL_F_SSL3_ACCEPT,ERR_LIB_BUF); + ret= -1; + goto end; + } + s->bbio=bbio; + } + else + bbio=s->bbio; + BIO_reset(bbio); + if (!BIO_set_write_buffer_size(bbio,16*1024)) + { + SSLerr(SSL_F_SSL3_ACCEPT,ERR_LIB_BUF); + ret= -1; + goto end; + } + + s->wbio=BIO_push(bbio,s->wbio); + + s->ctx->sess_accept++; + s->init_num=0; + + if (s->state != SSL_ST_RENEGOTIATE) + { + s->state=SSL3_ST_SR_CLNT_HELLO_A; + ssl3_init_finished_mac(s); + } + else + { + s->state=SSL3_ST_SW_HELLO_REQ_A; + } + break; + + case SSL3_ST_SW_HELLO_REQ_A: + case SSL3_ST_SW_HELLO_REQ_B: + + s->shutdown=0; + ret=ssl3_send_hello_request(s); + if (ret <= 0) goto end; + s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; + s->state=SSL3_ST_SW_FLUSH; + s->init_num=0; + + ssl3_init_finished_mac(s); + break; + + case SSL3_ST_SW_HELLO_REQ_C: + /* remove buffering on output */ + under=BIO_pop(s->wbio); + if (under != NULL) + s->wbio=under; + else + abort(); /* ok */ + BIO_free(s->bbio); + s->bbio=NULL; + + s->state=SSL_ST_OK; + ret=1; + goto end; + break; + + case SSL3_ST_SR_CLNT_HELLO_A: + case SSL3_ST_SR_CLNT_HELLO_B: + case SSL3_ST_SR_CLNT_HELLO_C: + + s->shutdown=0; + ret=ssl3_get_client_hello(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_SRVR_HELLO_A; + s->init_num=0; + break; + + case SSL3_ST_SW_SRVR_HELLO_A: + case SSL3_ST_SW_SRVR_HELLO_B: + ret=ssl3_send_server_hello(s); + if (ret <= 0) goto end; + + if (s->hit) + s->state=SSL3_ST_SW_CHANGE_A; + else + s->state=SSL3_ST_SW_CERT_A; + s->init_num=0; + break; + + case SSL3_ST_SW_CERT_A: + case SSL3_ST_SW_CERT_B: + /* Check if it is anon DH */ + if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) + { + ret=ssl3_send_server_certificate(s); + if (ret <= 0) goto end; + } + else + skip=1; + s->state=SSL3_ST_SW_KEY_EXCH_A; + s->init_num=0; + break; + + case SSL3_ST_SW_KEY_EXCH_A: + case SSL3_ST_SW_KEY_EXCH_B: + l=s->s3->tmp.new_cipher->algorithms; + if (s->session->cert == NULL) + { + if (s->cert != NULL) + { + CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); + s->session->cert=s->cert; + } + else + { + CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT); + s->session->cert=s->ctx->default_cert; + } + } + ct=s->session->cert; + + /* clear this, it may get reset by + * send_server_key_exchange */ + if (s->ctx->options & SSL_OP_EPHEMERAL_RSA) + s->s3->tmp.use_rsa_tmp=1; + else + s->s3->tmp.use_rsa_tmp=0; + + /* only send if a DH key exchange, fortezza or + * RSA but we have a sign only certificate */ + if ( s->s3->tmp.use_rsa_tmp || + (l & (SSL_DH|SSL_kFZA)) || + ((l & SSL_kRSA) && + ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)|| + ((l & SSL_EXPORT) && + (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512) + ) + ) + ) + ) + { + ret=ssl3_send_server_key_exchange(s); + if (ret <= 0) goto end; + } + else + skip=1; + + s->state=SSL3_ST_SW_CERT_REQ_A; + s->init_num=0; + break; + + case SSL3_ST_SW_CERT_REQ_A: + case SSL3_ST_SW_CERT_REQ_B: + if (!(s->verify_mode & SSL_VERIFY_PEER) || + ((s->session->peer != NULL) && + (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) + { + /* no cert request */ + skip=1; + s->state=SSL3_ST_SW_SRVR_DONE_A; + } + else + { + ret=ssl3_send_certificate_request(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_SRVR_DONE_A; + s->init_num=0; + } + break; + + case SSL3_ST_SW_SRVR_DONE_A: + case SSL3_ST_SW_SRVR_DONE_B: + ret=ssl3_send_server_done(s); + if (ret <= 0) goto end; + s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; + s->state=SSL3_ST_SW_FLUSH; + s->init_num=0; + break; + + case SSL3_ST_SW_FLUSH: + /* number of bytes to be flushed */ + num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); + if (num1 > 0) + { + s->rwstate=SSL_WRITING; + num1=BIO_flush(s->wbio); + if (num1 <= 0) { ret= -1; goto end; } + s->rwstate=SSL_NOTHING; + } + + s->state=s->s3->tmp.next_state; + break; + + case SSL3_ST_SR_CERT_A: + case SSL3_ST_SR_CERT_B: + /* could be sent for a DH cert, even if we + * have not asked for it :-) */ + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; + break; + + case SSL3_ST_SR_KEY_EXCH_A: + case SSL3_ST_SR_KEY_EXCH_B: + ret=ssl3_get_client_key_exchange(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SR_CERT_VRFY_A; + s->init_num=0; + + /* We need to get hashes here so if there is + * a client cert, it can be verified */ + ssl3_final_finish_mac(s,&(s->s3->finish_dgst1), + NULL,&(s->s3->tmp.finish_md1[0])); + ssl3_final_finish_mac(s,&(s->s3->finish_dgst2), + NULL,&(s->s3->tmp.finish_md2[0])); + + break; + + case SSL3_ST_SR_CERT_VRFY_A: + case SSL3_ST_SR_CERT_VRFY_B: + + /* we should decide if we expected this one */ + ret=ssl3_get_cert_verify(s); + if (ret <= 0) goto end; + + s->state=SSL3_ST_SR_FINISHED_A; + s->init_num=0; + break; + + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_SR_FINISHED_B: + ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, + SSL3_ST_SR_FINISHED_B, + &(ssl3_client_finished_const[0])); + if (ret <= 0) goto end; + if (s->hit) + s->state=SSL_ST_OK; + else + s->state=SSL3_ST_SW_CHANGE_A; + s->init_num=0; + break; + + case SSL3_ST_SW_CHANGE_A: + case SSL3_ST_SW_CHANGE_B: + + s->session->cipher=s->s3->tmp.new_cipher; + if (!ssl3_setup_key_block(s)) { ret= -1; goto end; } + + ret=ssl3_send_change_cipher_spec(s, + SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); + + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_FINISHED_A; + s->init_num=0; + + if (!ssl3_change_cipher_state(s, + SSL3_CHANGE_CIPHER_SERVER_WRITE)) + { + ret= -1; + goto end; + } + + break; + + case SSL3_ST_SW_FINISHED_A: + case SSL3_ST_SW_FINISHED_B: + ret=ssl3_send_finished(s, + SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, + &(ssl3_server_finished_const[0])); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_FLUSH; + if (s->hit) + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + else + s->s3->tmp.next_state=SSL_ST_OK; + s->init_num=0; + break; + + case SSL_ST_OK: + /* clean a few things up */ + ssl3_cleanup_key_block(s); + + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; + + /* remove buffering on output */ + under=BIO_pop(s->wbio); + if (under != NULL) + s->wbio=under; + else + abort(); /* ok */ + BIO_free(s->bbio); + s->bbio=NULL; + + s->new_session=0; + s->init_num=0; + + ssl_update_cache(s,SSL_SESS_CACHE_SERVER); + + s->ctx->sess_accept_good++; + /* s->server=1; */ + s->handshake_func=ssl3_accept; + ret=1; + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + + goto end; + break; + + default: + SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); + ret= -1; + goto end; + break; + } + + if (!s->s3->tmp.reuse_message && !skip) + { + if (s->debug) BIO_flush(s->wbio); + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_ACCEPT_LOOP,1); + s->state=new_state; + } + } + skip=0; + } +end: + /* BIO_flush(s->wbio); */ + + if (cb != NULL) + cb(s,SSL_CB_ACCEPT_EXIT,ret); + s->in_handshake--; + return(ret); + } + +static int ssl3_send_hello_request(s) +SSL *s; + { + unsigned char *p; + + if (s->state == SSL3_ST_SW_HELLO_REQ_A) + { + p=(unsigned char *)s->init_buf->data; + *(p++)=SSL3_MT_CLIENT_REQUEST; + *(p++)=0; + *(p++)=0; + *(p++)=0; + + s->state=SSL3_ST_SW_HELLO_REQ_B; + /* number of bytes to write */ + s->init_num=4; + s->init_off=0; + } + + /* SSL3_ST_SW_HELLO_REQ_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + +static int ssl3_get_client_hello(s) +SSL *s; + { + int i,j,ok,al,ret= -1; + long n; + unsigned long id; + unsigned char *p,*d; + SSL_CIPHER *c; + STACK *ciphers=NULL; + + if (s->state == SSL3_ST_SR_CLNT_HELLO_A) + { + s->first_packet=1; + s->state=SSL3_ST_SR_CLNT_HELLO_B; + } + n=ssl3_get_message(s, + SSL3_ST_SR_CLNT_HELLO_B, + SSL3_ST_SR_CLNT_HELLO_C, + SSL3_MT_CLIENT_HELLO, + SSL3_RT_MAX_PLAIN_LENGTH, + &ok); + + if (!ok) return((int)n); + d=p=(unsigned char *)s->init_buf->data; + + if (p[0] != SSL3_VERSION_MAJOR) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_WRONG_SSL_VERSION); + goto err; + } + p+=2; + + /* load the client random */ + memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); + p+=SSL3_RANDOM_SIZE; + + /* get the session-id */ + j= *(p++); + + s->hit=0; + if (j == 0) + { + if (!ssl_get_new_session(s,1)) + goto err; + } + else + { + i=ssl_get_prev_session(s,j,p); + if (i == 1) + { /* previous session */ + s->hit=1; + } + else + { + if (!ssl_get_new_session(s,1)) + goto err; + } + } + + p+=j; + n2s(p,i); + if ((i == 0) && (j != 0)) + { + /* we need a cipher if we are not resuming a session */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); + goto f_err; + } + if ((i+p) > (d+n)) + { + /* not enough data */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers)) + == NULL)) + { + goto err; + } + p+=i; + + /* If it is a hit, check that the cipher is in the list */ + if ((s->hit) && (i > 0)) + { + j=0; + id=s->session->cipher->id; + + for (i=0; iid == id) + { + j=1; + break; + } + } + if (j == 0) + { + if ((s->ctx->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1)) + { + /* Very bad for multi-threading.... */ + s->session->cipher= + (SSL_CIPHER *)sk_value(ciphers,0); + } + else + { + /* we need to have the cipher in the cipher + * list if we are asked to reuse it */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); + goto f_err; + } + } + } + + /* compression */ + i= *(p++); + for (j=0; j= i) + { + /* no compress */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED); + goto f_err; + } + + if (p > (d+n)) + { + /* wrong number of bytes, + * there could be more to follow */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + + /* do nothing with compression */ + + /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must + * pick a cipher */ + + if (!s->hit) + { + if (s->session->ciphers != NULL) + sk_free(s->session->ciphers); + s->session->ciphers=ciphers; + if (ciphers == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); + goto f_err; + } + ciphers=NULL; + c=ssl3_choose_cipher(s,s->session->ciphers, + ssl_get_ciphers_by_id(s)); + + if (c == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); + goto f_err; + } + s->s3->tmp.new_cipher=c; + } + else + { + /* Session-id reuse */ +#ifdef REUSE_CIPHER_BUG + STACK *sk; + SSL_CIPHER *nc=NULL; + SSL_CIPHER *ec=NULL; + + if (s->ctx->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) + { + sk=s->session->ciphers; + for (i=0; ialgorithms & SSL_eNULL) + nc=c; + if (c->algorithms & SSL_EXP) + ec=c; + } + if (nc != NULL) + s->s3->tmp.new_cipher=nc; + else if (ec != NULL) + s->s3->tmp.new_cipher=ec; + else + s->s3->tmp.new_cipher=s->session->cipher; + } + else +#endif + s->s3->tmp.new_cipher=s->session->cipher; + } + + /* we now have the following setup. + * client_random + * cipher_list - our prefered list of ciphers + * ciphers - the clients prefered list of ciphers + * compression - basically ignored right now + * ssl version is set - sslv3 + * s->session - The ssl session has been setup. + * s->hit - sesson reuse flag + * s->tmp.new_cipher - the new cipher to use. + */ + + ret=1; + if (0) + { +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + } +err: + if (ciphers != NULL) sk_free(ciphers); + return(ret); + } + +static int ssl3_send_server_hello(s) +SSL *s; + { + unsigned char *buf; + unsigned char *p,*d; + int i,sl; + unsigned long l,Time; + + if (s->state == SSL3_ST_SW_SRVR_HELLO_A) + { + buf=(unsigned char *)s->init_buf->data; + p=s->s3->server_random; + Time=time(NULL); /* Time */ + l2n(Time,p); + RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + /* Do the message type and length last */ + d=p= &(buf[4]); + + *(p++)=SSL3_VERSION_MAJOR; + *(p++)=SSL3_VERSION_MINOR; + + /* Random stuff */ + memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); + p+=SSL3_RANDOM_SIZE; + + /* now in theory we have 3 options to sending back the + * session id. If it is a re-use, we send back the + * old session-id, if it is a new session, we send + * back the new session-id or we send back a 0 length + * session-id if we want it to be single use. + * Currently I will not implement the '0' length session-id + */ + + sl=s->session->session_id_length; + *(p++)=sl; + memcpy(p,s->session->session_id,sl); + p+=sl; + + /* put the cipher */ + i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); + p+=i; + + /* put the compression method */ + *(p++)=0; + + /* do the header */ + l=(p-d); + d=buf; + *(d++)=SSL3_MT_SERVER_HELLO; + l2n3(l,d); + + s->state=SSL3_ST_CW_CLNT_HELLO_B; + /* number of bytes to write */ + s->init_num=p-buf; + s->init_off=0; + } + + /* SSL3_ST_CW_CLNT_HELLO_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + +static int ssl3_send_server_done(s) +SSL *s; + { + unsigned char *p; + + if (s->state == SSL3_ST_SW_SRVR_DONE_A) + { + p=(unsigned char *)s->init_buf->data; + + /* do the header */ + *(p++)=SSL3_MT_SERVER_DONE; + *(p++)=0; + *(p++)=0; + *(p++)=0; + + s->state=SSL3_ST_SW_SRVR_DONE_B; + /* number of bytes to write */ + s->init_num=4; + s->init_off=0; + } + + /* SSL3_ST_CW_CLNT_HELLO_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + +static int ssl3_send_server_key_exchange(s) +SSL *s; + { +#ifndef NO_RSA + unsigned char *q; + int j,num; + RSA *rsa; + unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; +#endif +#ifndef NO_DH + DH *dh,*dhp; +#endif + EVP_PKEY *pkey; + unsigned char *p,*d; + int al,i; + unsigned long type; + int n; + CERT *cert; + BIGNUM *r[4]; + int nr[4],kn; + BUF_MEM *buf; + EVP_MD_CTX md_ctx; + + if (s->state == SSL3_ST_SW_KEY_EXCH_A) + { + type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; + cert=s->session->cert; + + buf=s->init_buf; + + r[0]=r[1]=r[2]=r[3]=NULL; + n=0; +#ifndef NO_RSA + if (type & SSL_kRSA) + { + rsa=cert->rsa_tmp; + if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) + { + rsa=s->ctx->default_cert->rsa_tmp_cb(s, + (s->s3->tmp.new_cipher->algorithms| + SSL_NOT_EXP)?0:1); + CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); + cert->rsa_tmp=rsa; + } + if (rsa == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY); + goto f_err; + } + r[0]=rsa->n; + r[1]=rsa->e; + s->s3->tmp.use_rsa_tmp=1; + } + else +#endif +#ifndef NO_DH + if (type & SSL_kEDH) + { + dhp=cert->dh_tmp; + if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) + dhp=cert->dh_tmp_cb(s, + (s->s3->tmp.new_cipher->algorithms| + SSL_NOT_EXP)?0:1); + if (dhp == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); + goto f_err; + } + if ((dh=DHparams_dup(dhp)) == NULL) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + + s->s3->tmp.dh=dh; + if (((dhp->pub_key == NULL) || + (dhp->priv_key == NULL) || + (s->ctx->options & SSL_OP_SINGLE_DH_USE)) && + (!DH_generate_key(dh))) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + else + { + dh->pub_key=BN_dup(dhp->pub_key); + dh->priv_key=BN_dup(dhp->priv_key); + if ((dh->pub_key == NULL) || + (dh->priv_key == NULL)) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + } + r[0]=dh->p; + r[1]=dh->g; + r[2]=dh->pub_key; + } + else +#endif + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + goto f_err; + } + for (i=0; r[i] != NULL; i++) + { + nr[i]=BN_num_bytes(r[i]); + n+=2+nr[i]; + } + + if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) + { + if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) + == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + goto f_err; + } + kn=EVP_PKEY_size(pkey); + } + else + { + pkey=NULL; + kn=0; + } + + if (!BUF_MEM_grow(buf,n+4+kn)) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); + goto err; + } + d=(unsigned char *)s->init_buf->data; + p= &(d[4]); + + for (i=0; r[i] != NULL; i++) + { + s2n(nr[i],p); + BN_bn2bin(r[i],p); + p+=nr[i]; + } + + /* not anonymous */ + if (pkey != NULL) + { + /* n is the length of the params, they start at &(d[4]) + * and p points to the space at the end. */ +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + q=md_buf; + j=0; + for (num=2; num > 0; num--) + { + EVP_DigestInit(&md_ctx,(num == 2)?EVP_md5():EVP_sha1()); + EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx,&(d[4]),n); + EVP_DigestFinal(&md_ctx,q, + (unsigned int *)&i); + q+=i; + j+=i; + } + i=RSA_private_encrypt(j,md_buf,&(p[2]), + pkey->pkey.rsa,RSA_PKCS1_PADDING); + if (i <= 0) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); + goto err; + } + s2n(i,p); + n+=i+2; + } + else +#endif +#if !defined(NO_DSA) + if (pkey->type == EVP_PKEY_DSA) + { + /* lets do DSS */ + EVP_SignInit(&md_ctx,EVP_dss1()); + EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_SignUpdate(&md_ctx,&(d[4]),n); + if (!EVP_SignFinal(&md_ctx,&(p[2]), + (unsigned int *)&i,pkey)) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); + goto err; + } + s2n(i,p); + n+=i+2; + } + else +#endif + { + /* Is this error check actually needed? */ + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); + goto f_err; + } + } + + *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE; + l2n3(n,d); + + /* we should now have things packed up, so lets send + * it off */ + s->init_num=n+4; + s->init_off=0; + } + + /* SSL3_ST_SW_KEY_EXCH_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(-1); + } + +static int ssl3_send_certificate_request(s) +SSL *s; + { + unsigned char *p,*d; + int i,j,nl,off,n; + STACK *sk=NULL; + X509_NAME *name; + BUF_MEM *buf; + + if (s->state == SSL3_ST_SW_CERT_REQ_A) + { + buf=s->init_buf; + + d=p=(unsigned char *)&(buf->data[4]); + + /* get the list of acceptable cert types */ + p++; + n=ssl3_get_req_cert_type(s,p); + d[0]=n; + p+=n; + n++; + + off=n; + p+=2; + n+=2; + + sk=SSL_get_client_CA_list(s); + nl=0; + if (sk != NULL) + { + for (i=0; idata[4+n]); + if (!(s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG)) + { + s2n(j,p); + i2d_X509_NAME(name,&p); + n+=2+j; + nl+=2+j; + } + else + { + d=p; + i2d_X509_NAME(name,&p); + j-=2; s2n(j,d); j+=2; + n+=j; + nl+=j; + } + } + } + /* else no CA names */ + p=(unsigned char *)&(buf->data[4+off]); + s2n(nl,p); + + d=(unsigned char *)buf->data; + *(d++)=SSL3_MT_CERTIFICATE_REQUEST; + l2n3(n,d); + + /* we should now have things packed up, so lets send + * it off */ + + s->init_num=n+4; + s->init_off=0; + } + + /* SSL3_ST_SW_CERT_REQ_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); +err: + return(-1); + } + +static int ssl3_get_client_key_exchange(s) +SSL *s; + { + int i,al,ok; + long n; + unsigned long l; + unsigned char *p; + RSA *rsa=NULL; + BIGNUM *pub=NULL; + EVP_PKEY *pkey=NULL; + DH *dh_srvr; + + n=ssl3_get_message(s, + SSL3_ST_SR_KEY_EXCH_A, + SSL3_ST_SR_KEY_EXCH_B, + SSL3_MT_CLIENT_KEY_EXCHANGE, + 400, /* ???? */ + &ok); + + if (!ok) return((int)n); + p=(unsigned char *)s->init_buf->data; + + l=s->s3->tmp.new_cipher->algorithms; + +#ifndef NO_RSA + if (l & SSL_kRSA) + { + /* FIX THIS UP EAY EAY EAY EAY */ + if (s->s3->tmp.use_rsa_tmp) + { + if ((s->session->cert != NULL) && + (s->session->cert->rsa_tmp != NULL)) + rsa=s->session->cert->rsa_tmp; + else if ((s->ctx->default_cert != NULL) && + (s->ctx->default_cert->rsa_tmp != NULL)) + rsa=s->ctx->default_cert->rsa_tmp; + /* Don't do a callback because rsa_tmp should + * be sent already */ + if (rsa == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY); + goto f_err; + + } + } + else + { + pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; + if ( (pkey == NULL) || + (pkey->type != EVP_PKEY_RSA) || + (pkey->pkey.rsa == NULL)) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE); + goto f_err; + } + rsa=pkey->pkey.rsa; + } + + i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); +#if 1 + /* If a bad decrypt, use a dud master key */ + if ((i != SSL_MAX_MASTER_KEY_LENGTH) || + (p[0] != 3) || + (p[1] != 0)) + { + p[0]=3; + p[1]=0; + RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); + i=SSL_MAX_MASTER_KEY_LENGTH; + } +#else + if (i != SSL_MAX_MASTER_KEY_LENGTH) + { + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + goto f_err; + } + + if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff))) + { + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + goto f_err; + } +#endif + + s->session->master_key_length= + ssl3_generate_master_secret(s, + s->session->master_key, + p,i); + memset(p,0,i); + } + else +#endif +#ifndef NO_DH + if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) + { + + n2s(p,i); + if (n != i+2) + { + if (!(s->ctx->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto err; + } + else + { + p-=2; + i=(int)n; + } + } + + if (n == 0L) /* the parameters are in the cert */ + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS); + goto f_err; + } + else + { + if (s->s3->tmp.dh == NULL) + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); + goto f_err; + } + else + dh_srvr=s->s3->tmp.dh; + } + + pub=BN_bin2bn(p,i,NULL); + if (pub == NULL) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB); + goto err; + } + i=DH_compute_key(p,pub,dh_srvr); + + if (i <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); + goto err; + } + + DH_free(s->s3->tmp.dh); + s->s3->tmp.dh=NULL; + + BN_clear_free(pub); + pub=NULL; + s->session->master_key_length= + ssl3_generate_master_secret(s, + s->session->master_key,p,i); + } + else +#endif + { + al=SSL3_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE); + goto f_err; + } + + return(1); +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +err: + return(-1); + } + +static int ssl3_get_cert_verify(s) +SSL *s; + { + EVP_PKEY *pkey=NULL; + unsigned char *p; + int al,ok,ret=0; + long n; + int type=0,i,j; + X509 *peer; + + n=ssl3_get_message(s, + SSL3_ST_SR_CERT_VRFY_A, + SSL3_ST_SR_CERT_VRFY_B, + -1, + 512, /* 512? */ + &ok); + + if (!ok) return((int)n); + + if (s->session->peer != NULL) + { + peer=s->session->peer; + pkey=X509_get_pubkey(peer); + type=X509_certificate_type(peer,pkey); + } + else + { + peer=NULL; + pkey=NULL; + } + + if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) + { + s->s3->tmp.reuse_message=1; + if ((peer != NULL) && (type | EVP_PKT_SIGN)) + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); + al=SSL3_AD_UNEXPECTED_MESSAGE; + goto f_err; + } + ret=1; + goto end; + } + + if (peer == NULL) + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED); + al=SSL3_AD_UNEXPECTED_MESSAGE; + goto f_err; + } + + if (!(type & EVP_PKT_SIGN)) + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); + al=SSL3_AD_ILLEGAL_PARAMETER; + goto f_err; + } + + if (s->s3->change_cipher_spec) + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); + al=SSL3_AD_UNEXPECTED_MESSAGE; + goto f_err; + } + + /* we now have a signature that we need to verify */ + p=(unsigned char *)s->init_buf->data; + n2s(p,i); + n-=2; + if (i > n) + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH); + al=SSL3_AD_ILLEGAL_PARAMETER; + goto f_err; + } + + j=EVP_PKEY_size(pkey); + if ((i > j) || (n > j) || (n <= 0)) + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE); + al=SSL3_AD_ILLEGAL_PARAMETER; + goto f_err; + } + +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { + i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING); + if (i < 0) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); + goto f_err; + } + if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) || + memcmp(&(s->s3->tmp.finish_md1[0]), + p,MD5_DIGEST_LENGTH) || + memcmp(&(s->s3->tmp.finish_md2[0]), + &(p[MD5_DIGEST_LENGTH]),SHA_DIGEST_LENGTH)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); + goto f_err; + } + } + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + { + j=DSA_verify(pkey->save_type,s->s3->tmp.finish_md2, + SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); + if (j <= 0) + { + /* bad signature */ + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE); + goto f_err; + } + } + else +#endif + { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR); + al=SSL3_AD_UNSUPPORTED_CERTIFICATE; + goto f_err; + } + + + ret=1; + if (0) + { +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + } +end: + return(ret); + } + +static int ssl3_get_client_certificate(s) +SSL *s; + { + int i,ok,al,ret= -1; + X509 *x=NULL; + unsigned long l,nc,llen,n; + unsigned char *p,*d,*q; + STACK *sk=NULL; + + n=ssl3_get_message(s, + SSL3_ST_SR_CERT_A, + SSL3_ST_SR_CERT_B, + -1, +#if defined(MSDOS) && !defined(WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif + &ok); + + if (!ok) return((int)n); + + if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) + { + if ( (s->verify_mode & SSL_VERIFY_PEER) && + (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + al=SSL3_AD_NO_CERTIFICATE; + goto f_err; + } + s->s3->tmp.reuse_message=1; + return(1); + } + + if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) + { + al=SSL3_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); + goto f_err; + } + d=p=(unsigned char *)s->init_buf->data; + + if ((sk=sk_new_null()) == NULL) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto err; + } + + n2l3(p,llen); + if (llen+3 != n) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH); + goto f_err; + } + for (nc=0; nc llen) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } + + q=p; + x=d2i_X509(NULL,&p,l); + if (x == NULL) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB); + goto err; + } + if (p != (q+l)) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } + if (!sk_push(sk,(char *)x)) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); + goto err; + } + x=NULL; + nc+=l+3; + } + + if (sk_num(sk) <= 0) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_PASSED); + goto f_err; + } + i=ssl_verify_cert_chain(s,sk); + if (!i) + { + al=ssl_verify_alarm_type(s->verify_result); + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); + goto f_err; + } + + /* This should not be needed */ + if (s->session->peer != NULL) + X509_free(s->session->peer); + + s->session->peer=(X509 *)sk_shift(sk); + + ret=1; + if (0) + { +f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + } +err: + if (x != NULL) X509_free(x); + if (sk != NULL) sk_pop_free(sk,X509_free); + return(ret); + } + +int ssl3_send_server_certificate(s) +SSL *s; + { + unsigned long l; + X509 *x; + + if (s->state == SSL3_ST_SW_CERT_A) + { + x=ssl_get_server_send_cert(s); + if (x == NULL) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR); + return(0); + } + + l=ssl3_output_cert_chain(s,x); + s->state=SSL3_ST_SW_CERT_B; + s->init_num=(int)l; + s->init_off=0; + } + + /* SSL3_ST_SW_CERT_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } diff --git a/ssl/ssl.c b/ssl/ssl.c new file mode 100644 index 0000000000000000000000000000000000000000..fcc29b0e45a1168a4dc012d88ec30f80cd89bf84 --- /dev/null +++ b/ssl/ssl.c @@ -0,0 +1,162 @@ +/* ssl/ssl.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#define USE_SOCKETS +#include "../e_os.h" + +#include "buffer.h" +#include "stack.h" +#include "lhash.h" + +#include "bio.h" +#include "err.h" + +#include "bn.h" + +#include "rand.h" +#include "conf.h" +#include "txt_db.h" + +#include "err.h" +#include "evp.h" + +#include "x509.h" +#include "pkcs7.h" +#include "pem.h" +#include "asn1.h" +#include "objects.h" + +#include "ssl_locl.h" + +#if !(BUILD_SSLV23) && !defined(BUILD_SSLV2) && !defined(BUILD_SSLV3) && !defined(BUILD_SSL_COMMON) && !defined(BUILD_SSL_BIO) && !defined(BUILD_SSL_OPTIONAL) +#define BUILD_SSLV23 +#define BUILD_SSLV2 +#define BUILD_SSLV3 +#define BUILD_SSL_COMMON +#define BUILD_SSL_BIO +#define BUILD_SSL_OPTIONAL +#endif + +#ifdef NO_RSA +#undef BUILD_SSLV2 +#undef BUILD_SSLV23 +#endif + +#ifdef NO_SSL2 +#undef BUILD_SSLV2 +#undef BUILD_SSLV23 +#endif + +#ifdef NO_SSL3 +#undef BUILD_SSL3 +#undef BUILD_SSLV23 +#endif + +#ifdef BUILD_SSLV23 +#include "s23_clnt.c" +#include "s23_srvr.c" +#include "s23_pkt.c" +#include "s23_lib.c" +#include "s23_meth.c" +#endif + +#ifdef BUILD_SSLV2 +#include "s2_clnt.c" +#include "s2_srvr.c" +#include "s2_pkt.c" +#include "s2_enc.c" +#include "s2_lib.c" +#include "s2_meth.c" +#endif + +#ifdef BUILD_SSLV3 +#include "s3_clnt.c" +#include "s3_both.c" +#include "s3_srvr.c" +#include "s3_pkt.c" +#include "s3_enc.c" +#include "s3_lib.c" +#include "s3_meth.c" +#endif + +#ifdef BUILD_SSL_COMMON +#include "ssl_lib.c" +#include "ssl_algs.c" +#include "ssl_cert.c" +#include "ssl_ciph.c" +#include "ssl_sess.c" +#include "ssl_rsa.c" +#endif + +/* Extra things */ +#ifdef BUILD_SSL_BIO +#include "bio_ssl.c" +#endif + +#ifdef BUILD_SSL_OPTIONAL +#include "ssl_asn1.c" +#include "ssl_txt.c" +#include "ssl_stat.c" +#include "ssl_err.c" +#include "ssl_err2.c" +#endif + diff --git a/ssl/ssl.err b/ssl/ssl.err new file mode 100644 index 0000000000000000000000000000000000000000..f3bc5d37ab9b6f83dd77a3f085633d4848defbba --- /dev/null +++ b/ssl/ssl.err @@ -0,0 +1,272 @@ +/* Error codes for the SSL functions. */ + +/* Function codes. */ +#define SSL_F_CLIENT_CERTIFICATE 100 +#define SSL_F_CLIENT_HELLO 101 +#define SSL_F_CLIENT_MASTER_KEY 102 +#define SSL_F_D2I_SSL_SESSION 103 +#define SSL_F_DO_SSL3_WRITE 104 +#define SSL_F_GET_CLIENT_FINISHED 105 +#define SSL_F_GET_CLIENT_HELLO 106 +#define SSL_F_GET_CLIENT_MASTER_KEY 107 +#define SSL_F_GET_SERVER_FINISHED 108 +#define SSL_F_GET_SERVER_HELLO 109 +#define SSL_F_GET_SERVER_VERIFY 110 +#define SSL_F_I2D_SSL_SESSION 111 +#define SSL_F_READ_N 112 +#define SSL_F_REQUEST_CERTIFICATE 113 +#define SSL_F_SERVER_HELLO 114 +#define SSL_F_SSL23_ACCEPT 115 +#define SSL_F_SSL23_CLIENT_HELLO 116 +#define SSL_F_SSL23_CONNECT 117 +#define SSL_F_SSL23_GET_CLIENT_HELLO 118 +#define SSL_F_SSL23_GET_SERVER_HELLO 119 +#define SSL_F_SSL23_READ 120 +#define SSL_F_SSL23_WRITE 121 +#define SSL_F_SSL2_ACCEPT 122 +#define SSL_F_SSL2_CONNECT 123 +#define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_READ 125 +#define SSL_F_SSL2_SET_CERTIFICATE 126 +#define SSL_F_SSL2_WRITE 127 +#define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +#define SSL_F_SSL3_CLIENT_HELLO 131 +#define SSL_F_SSL3_CONNECT 132 +#define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_ENC 134 +#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_VERIFY 136 +#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +#define SSL_F_SSL3_GET_CLIENT_HELLO 138 +#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +#define SSL_F_SSL3_GET_FINISHED 140 +#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +#define SSL_F_SSL3_GET_MESSAGE 142 +#define SSL_F_SSL3_GET_RECORD 143 +#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +#define SSL_F_SSL3_GET_SERVER_DONE 145 +#define SSL_F_SSL3_GET_SERVER_HELLO 146 +#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_READ_BYTES 148 +#define SSL_F_SSL3_READ_N 149 +#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +#define SSL_F_SSL3_SETUP_BUFFERS 156 +#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +#define SSL_F_SSL3_WRITE_BYTES 158 +#define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_BAD_METHOD 160 +#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_NEW 162 +#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CREATE_CIPHER_LIST 164 +#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165 +#define SSL_F_SSL_CTX_NEW 166 +#define SSL_F_SSL_CTX_SET_SSL_VERSION 167 +#define SSL_F_SSL_CTX_USE_CERTIFICATE 168 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY 171 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176 +#define SSL_F_SSL_DO_HANDSHAKE 177 +#define SSL_F_SSL_GET_NEW_SESSION 178 +#define SSL_F_SSL_GET_SERVER_SEND_CERT 179 +#define SSL_F_SSL_GET_SIGN_PKEY 180 +#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 181 +#define SSL_F_SSL_NEW 182 +#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 183 +#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 184 +#define SSL_F_SSL_SESSION_NEW 185 +#define SSL_F_SSL_SESSION_PRINT_FP 186 +#define SSL_F_SSL_SET_FD 187 +#define SSL_F_SSL_SET_PKEY 188 +#define SSL_F_SSL_SET_RFD 189 +#define SSL_F_SSL_SET_SESSION 190 +#define SSL_F_SSL_SET_WFD 191 +#define SSL_F_SSL_UNDEFINED_FUNCTION 192 +#define SSL_F_SSL_USE_CERTIFICATE 193 +#define SSL_F_SSL_USE_CERTIFICATE_ASN1 194 +#define SSL_F_SSL_USE_CERTIFICATE_FILE 195 +#define SSL_F_SSL_USE_PRIVATEKEY 196 +#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 197 +#define SSL_F_SSL_USE_PRIVATEKEY_FILE 198 +#define SSL_F_SSL_USE_RSAPRIVATEKEY 199 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 200 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 201 +#define SSL_F_SSL_WRITE 202 +#define SSL_F_WRITE_PENDING 203 + +/* Reason codes. */ +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_BAD_ALERT_RECORD 101 +#define SSL_R_BAD_AUTHENTICATION_TYPE 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_CHECKSUM 104 +#define SSL_R_BAD_CLIENT_REQUEST 105 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +#define SSL_R_BAD_DECOMPRESSION 107 +#define SSL_R_BAD_DH_G_LENGTH 108 +#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +#define SSL_R_BAD_DH_P_LENGTH 110 +#define SSL_R_BAD_DIGEST_LENGTH 111 +#define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_MAC_DECODE 113 +#define SSL_R_BAD_MESSAGE_TYPE 114 +#define SSL_R_BAD_PACKET_LENGTH 115 +#define SSL_R_BAD_RESPONSE_ARGUMENT 116 +#define SSL_R_BAD_RSA_DECRYPT 117 +#define SSL_R_BAD_RSA_ENCRYPT 118 +#define SSL_R_BAD_RSA_E_LENGTH 119 +#define SSL_R_BAD_RSA_MODULUS_LENGTH 120 +#define SSL_R_BAD_RSA_SIGNATURE 121 +#define SSL_R_BAD_SIGNATURE 122 +#define SSL_R_BAD_SSL_FILETYPE 123 +#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 124 +#define SSL_R_BAD_STATE 125 +#define SSL_R_BAD_WRITE_RETRY 126 +#define SSL_R_BIO_NOT_SET 127 +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 128 +#define SSL_R_BN_LIB 129 +#define SSL_R_CA_DN_LENGTH_MISMATCH 130 +#define SSL_R_CA_DN_TOO_LONG 131 +#define SSL_R_CCS_RECEIVED_EARLY 132 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 133 +#define SSL_R_CERT_LENGTH_MISMATCH 134 +#define SSL_R_CHALLENGE_IS_DIFFERENT 135 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 136 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 137 +#define SSL_R_CIPHER_TABLE_SRC_ERROR 138 +#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 139 +#define SSL_R_COMPRESSION_FAILURE 140 +#define SSL_R_CONNECTION_ID_IS_DIFFERENT 141 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 142 +#define SSL_R_DATA_LENGTH_TOO_LONG 143 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144 +#define SSL_R_DIGEST_CHECK_FAILED 145 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 146 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 147 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 148 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 149 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 150 +#define SSL_R_INTERNAL_ERROR 151 +#define SSL_R_INVALID_CHALLENGE_LENGTH 152 +#define SSL_R_LENGTH_MISMATCH 153 +#define SSL_R_LENGTH_TOO_SHORT 154 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 155 +#define SSL_R_MISSING_DH_DSA_CERT 156 +#define SSL_R_MISSING_DH_KEY 157 +#define SSL_R_MISSING_DH_RSA_CERT 158 +#define SSL_R_MISSING_DSA_SIGNING_CERT 159 +#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 160 +#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 161 +#define SSL_R_MISSING_RSA_CERTIFICATE 162 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 163 +#define SSL_R_MISSING_RSA_SIGNING_CERT 164 +#define SSL_R_MISSING_TMP_DH_KEY 165 +#define SSL_R_MISSING_TMP_RSA_KEY 166 +#define SSL_R_MISSING_TMP_RSA_PKEY 167 +#define SSL_R_MISSING_VERIFY_MESSAGE 168 +#define SSL_R_NON_SSLV2_INITIAL_PACKET 169 +#define SSL_R_NO_CERTIFICATES_PASSED 170 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 171 +#define SSL_R_NO_CERTIFICATE_RETURNED 172 +#define SSL_R_NO_CERTIFICATE_SET 173 +#define SSL_R_NO_CERTIFICATE_SPECIFIED 174 +#define SSL_R_NO_CIPHERS_AVAILABLE 175 +#define SSL_R_NO_CIPHERS_PASSED 176 +#define SSL_R_NO_CIPHERS_SPECIFIED 177 +#define SSL_R_NO_CIPHER_LIST 178 +#define SSL_R_NO_CIPHER_MATCH 179 +#define SSL_R_NO_CLIENT_CERT_RECEIVED 180 +#define SSL_R_NO_COMPRESSION_SPECIFIED 181 +#define SSL_R_NO_PRIVATEKEY 182 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 183 +#define SSL_R_NO_PUBLICKEY 184 +#define SSL_R_NO_SHARED_CIPHER 185 +#define SSL_R_NULL_SSL_CTX 186 +#define SSL_R_NULL_SSL_METHOD_PASSED 187 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 188 +#define SSL_R_PACKET_LENGTH_TOO_LONG 189 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 190 +#define SSL_R_PEER_ERROR 191 +#define SSL_R_PEER_ERROR_CERTIFICATE 192 +#define SSL_R_PEER_ERROR_NO_CERTIFICATE 193 +#define SSL_R_PEER_ERROR_NO_CIPHER 194 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 195 +#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 196 +#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 197 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 198 +#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 199 +#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 200 +#define SSL_R_PUBLIC_KEY_NOT_RSA 201 +#define SSL_R_READ_BIO_NOT_SET 202 +#define SSL_R_READ_WRONG_PACKET_TYPE 203 +#define SSL_R_RECORD_LENGTH_MISMATCH 204 +#define SSL_R_RECORD_TOO_LARGE 205 +#define SSL_R_REQUIRED_CIPHER_MISSING 206 +#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 207 +#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 208 +#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 209 +#define SSL_R_SHORT_READ 210 +#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 211 +#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 212 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 213 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 214 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 215 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 216 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 217 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 218 +#define SSL_R_SSL_HANDSHAKE_FAILURE 219 +#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 220 +#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 221 +#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 222 +#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 223 +#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 224 +#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 225 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 226 +#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 227 +#define SSL_R_UNEXPECTED_MESSAGE 228 +#define SSL_R_UNEXPECTED_RECORD 229 +#define SSL_R_UNKNOWN_ALERT_TYPE 230 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 231 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 232 +#define SSL_R_UNKNOWN_CIPHER_TYPE 233 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 234 +#define SSL_R_UNKNOWN_PKEY_TYPE 235 +#define SSL_R_UNKNOWN_PROTOCOL 236 +#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 237 +#define SSL_R_UNKNOWN_SSL_VERSION 238 +#define SSL_R_UNKNOWN_STATE 239 +#define SSL_R_UNSUPPORTED_CIPHER 240 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 241 +#define SSL_R_UNSUPPORTED_SSL_VERSION 242 +#define SSL_R_WRITE_BIO_NOT_SET 243 +#define SSL_R_WRONG_CIPHER_RETURNED 244 +#define SSL_R_WRONG_MESSAGE_TYPE 245 +#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 246 +#define SSL_R_WRONG_SIGNATURE_LENGTH 247 +#define SSL_R_WRONG_SIGNATURE_SIZE 248 +#define SSL_R_WRONG_SSL_VERSION 249 +#define SSL_R_WRONG_VERSION_NUMBER 250 +#define SSL_R_X509_LIB 251 diff --git a/ssl/ssl.h b/ssl/ssl.h new file mode 100644 index 0000000000000000000000000000000000000000..594295d5e065ea09233f9fb97a5f902fad2d2d06 --- /dev/null +++ b/ssl/ssl.h @@ -0,0 +1,1290 @@ +/* ssl/ssl.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL_H +#define HEADER_SSL_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* SSLeay version number for ASN.1 encoding of the session information */ +/* Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +#define SSL_SESSION_ASN1_VERSION 0x0001 + +/* text strings for the ciphers */ +#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 +#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 +#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 +#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA +#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 +#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA + +#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 + +#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +#define SSL_MAX_KEY_ARG_LENGTH 8 +#define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* These are used to specify which ciphers to use and not to use */ +#define SSL_TXT_LOW "LOW" +#define SSL_TXT_MEDIUM "MEDIUM" +#define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_kFZA "kFZA" +#define SSL_TXT_aFZA "aFZA" +#define SSL_TXT_eFZA "eFZA" +#define SSL_TXT_FZA "FZA" + +#define SSL_TXT_aNULL "aNULL" +#define SSL_TXT_eNULL "eNULL" +#define SSL_TXT_NULL "NULL" + +#define SSL_TXT_kRSA "kRSA" +#define SSL_TXT_kDHr "kDHr" +#define SSL_TXT_kDHd "kDHd" +#define SSL_TXT_kEDH "kEDH" +#define SSL_TXT_aRSA "aRSA" +#define SSL_TXT_aDSS "aDSS" +#define SSL_TXT_aDH "aDH" +#define SSL_TXT_DSS "DSS" +#define SSL_TXT_DH "DH" +#define SSL_TXT_EDH "EDH" +#define SSL_TXT_ADH "ADH" +#define SSL_TXT_RSA "RSA" +#define SSL_TXT_DES "DES" +#define SSL_TXT_3DES "3DES" +#define SSL_TXT_RC4 "RC4" +#define SSL_TXT_RC2 "RC2" +#define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_MD5 "MD5" +#define SSL_TXT_SHA0 "SHA0" +#define SSL_TXT_SHA1 "SHA1" +#define SSL_TXT_SHA "SHA" +#define SSL_TXT_EXP "EXP" +#define SSL_TXT_EXPORT "EXPORT" +#define SSL_TXT_SSLV2 "SSLv2" +#define SSL_TXT_SSLV3 "SSLv3" +#define SSL_TXT_ALL "ALL" + +/* 'DEFAULT' at the start of the cipher list insert the following string + * in addition to this being the default cipher string */ +#ifndef NO_RSA +#define SSL_DEFAULT_CIPHER_LIST "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP" +#else +#define SSL_ALLOW_ADH +#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP" +#endif + +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 +#define SSL_CTX_set_quiet_shutdown(ctx,y) ((ctx)->quiet_shutdown=(y)); +#define SSL_CTX_get_quiet_shutdown(ctx) ((ctx)->quiet_shutdown); +#define SSL_set_quiet_shutdown(s,y) ((s)->quiet_shutdown=(y)); +#define SSL_get_quiet_shutdown(s) ((s)->quiet_shutdown); +#define SSL_set_shutdown(s,mode) ((s)->shutdown=(mode)) +#define SSL_get_shutdown(s) ((s)->shutdown) +#define SSL_version(s) ((s)->version) + +#include "buffer.h" +#include "bio.h" +#include "x509.h" + +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +typedef struct ssl_st *ssl_crock_st; + +/* used to hold info on the particular ciphers used */ +typedef struct ssl_cipher_st + { + int valid; + char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ + unsigned long algorithms; /* what ciphers are used */ + unsigned long algorithm2; /* Extra flags */ + unsigned long mask; /* used for matching */ + } SSL_CIPHER; + +/* Used to hold functions for SSLv2 or SSLv3 functions */ +typedef struct ssl_method_st + { + int version; + int (*ssl_new)(); + void (*ssl_clear)(); + void (*ssl_free)(); + int (*ssl_accept)(); + int (*ssl_connect)(); + int (*ssl_read)(); + int (*ssl_peek)(); + int (*ssl_write)(); + int (*ssl_shutdown)(); + int (*ssl_renegotiate)(); + long (*ssl_ctrl)(); + long (*ssl_ctx_ctrl)(); + SSL_CIPHER *(*get_cipher_by_char)(); + int (*put_cipher_by_char)(); + int (*ssl_pending)(); + int (*num_ciphers)(); + SSL_CIPHER *(*get_cipher)(); + struct ssl_method_st *(*get_ssl_method)(); + long (*get_timeout)(); + } SSL_METHOD; + +typedef struct ssl_compression_st + { + char *stuff; + } SSL_COMPRESSION; + +/* Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET_STRING, -- the 3 byte cipher ID + * Session_ID OCTET_STRING, -- the Session ID + * Master_key OCTET_STRING, -- the master key + * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +typedef struct ssl_session_st + { + int ssl_version; /* what ssl version session info is + * being kept in here? */ + + /* only really used in SSLv2 */ + unsigned int key_arg_length; + unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + /* session_id - valid? */ + unsigned int session_id_length; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + + int not_resumable; + + /* The cert is the certificate used to establish this connection */ + struct cert_st /* CERT */ *cert; + + /* This is the cert for the other end. On servers, it will be + * the same as cert->x509 */ + X509 *peer; + + int references; + long timeout; + long time; + + SSL_COMPRESSION *read_compression; + SSL_COMPRESSION *write_compression; + + SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this + * needs to be used to load + * the 'cipher' structure */ + + STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */ + + char *app_data; /* application specific data */ + } SSL_SESSION; + +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L +#define SSL_OP_NETSCAPE_CA_DN_BUG 0x00000004L +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + +/* If set, only use tmp_dh parameters once */ +#define SSL_OP_SINGLE_DH_USE 0x00100000L +/* Set to also use the tmp_rsa key when doing RSA operations. */ +#define SSL_OP_EPHEMERAL_RSA 0x00200000L + +#define SSL_OP_NON_EXPORT_FIRST 0x40000000L +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L +#define SSL_OP_ALL 0x000FFFFFL + +#define SSL_CTX_set_options(ctx,op) ((ctx)->options|=(op)) + +/* Normally you will only use these if your application wants to use + * the certificate store in other places, perhaps PKCS7 */ +#define SSL_CTX_get_cert_store(ctx) ((ctx)->cert_store) +#define SSL_CTX_set_cert_store(ctx,cs) \ + (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs)) + + +typedef struct ssl_ctx_st + { + SSL_METHOD *method; + unsigned long options; + + STACK /* SSL_CIPHER */ *cipher_list; + /* same as above but sorted for lookup */ + STACK /* SSL_CIPHER */ *cipher_list_by_id; + + struct x509_store_st /* X509_STORE */ *cert_store; + struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */ + + /* This can have one of 2 values, ored together, + * SSL_SESS_CACHE_CLIENT, + * SSL_SESS_CACHE_SERVER, + * Default is SSL_SESSION_CACHE_SERVER, which means only + * SSL_accept which cache SSL_SESSIONS. */ + int session_cache_mode; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + /* If this callback is not null, it will be called each + * time a session id is added to the cache. If this function + * returns 1, it means that the callback will do a + * SSL_SESSION_free() when it has finished using it. Otherwise, + * on 0, it means the callback has finished with it. + * If remove_session_cb is not null, it will be called when + * a session-id is removed from the cache. Again, a return + * of 0 mens that SSLeay should not SSL_SESSION_free() since + * the application is doing something with it. */ +#ifndef NOPROTO + int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, + unsigned char *data,int len,int *copy); +#else + int (*new_session_cb)(); + void (*remove_session_cb)(); + SSL_SESSION *(*get_session_cb)(); +#endif + + int sess_connect; /* SSL new (expensive) connection - started */ + int sess_connect_good; /* SSL new (expensive) connection - finished */ + int sess_accept; /* SSL new (expensive) accept - started */ + int sess_accept_good; /* SSL new (expensive) accept - finished */ + int sess_miss; /* session lookup misses */ + int sess_timeout; /* session reuse attempt on timeouted session */ + int sess_hit; /* session reuse actually done */ + int sess_cb_hit; /* session-id that was not in the cache was + * passed back via the callback. This + * indicates that the application is supplying + * session-id's from other processes - + * spooky :-) */ + + int references; + + void (*info_callback)(); + + /* if defined, these override the X509_verify_cert() calls */ + int (*app_verify_callback)(); + char *app_verify_arg; + + /* default values to use in SSL structures */ + struct cert_st /* CERT */ *default_cert; + int default_read_ahead; + int default_verify_mode; + int (*default_verify_callback)(); + + /* Default password callback. */ + int (*default_passwd_callback)(); + + /* get client cert callback */ + int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */); + + /* what we put in client requests */ + STACK *client_CA; + + int quiet_shutdown; + + char *app_data; + } SSL_CTX; + +#define SSL_SESS_CACHE_OFF 0x00 +#define SSL_SESS_CACHE_CLIENT 0x01 +#define SSL_SESS_CACHE_SERVER 0x02 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x80 + +#define SSL_session_reused(s) ((s)->hit) + +#define SSL_CTX_sessions(ctx) ((ctx)->sessions) +/* You will need to include lhash.h to access the following #define */ +#define SSL_CTX_sess_number(ctx) ((ctx)->sessions->num_items) +#define SSL_CTX_sess_connect(ctx) ((ctx)->sess_connect) +#define SSL_CTX_sess_connect_good(ctx) ((ctx)->sess_connect_good) +#define SSL_CTX_sess_accept(ctx) ((ctx)->sess_accept) +#define SSL_CTX_sess_accept_good(ctx) ((ctx)->sess_accept_good) +#define SSL_CTX_sess_hits(ctx) ((ctx)->sess_hit) +#define SSL_CTX_sess_cb_hits(ctx) ((ctx)->sess_cb_hit) +#define SSL_CTX_sess_misses(ctx) ((ctx)->sess_miss) +#define SSL_CTX_sess_timeouts(ctx) ((ctx)->sess_timeout) + +#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb)) +#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb) +#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb)) +#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb) +#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb)) +#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb) +#define SSL_CTX_set_session_cache_mode(ctx,m) ((ctx)->session_cache_mode=(m)) +#define SSL_CTX_get_session_cache_mode(ctx) ((ctx)->session_cache_mode) +#define SSL_CTX_set_timeout(ctx,t) ((ctx)->session_timeout=(t)) +#define SSL_CTX_get_timeout(ctx) ((ctx)->session_timeout) + +#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb)) +#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback) +#define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m)) + +#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb)) +#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb) + +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 +#define SSL_X509_LOOKUP 4 + +/* These will only be used when doing non-blocking IO */ +#define SSL_want(s) ((s)->rwstate) +#define SSL_want_nothing(s) ((s)->rwstate == SSL_NOTHING) +#define SSL_want_read(s) ((s)->rwstate == SSL_READING) +#define SSL_want_write(s) ((s)->rwstate == SSL_WRITING) +#define SSL_want_x509_lookup(s) ((s)->rwstate == SSL_X509_LOOKUP) + +typedef struct ssl_st + { + /* procol version + * 2 for SSLv2 + * 3 for SSLv3 + * -3 for SSLv3 but accept SSLv2 */ + int version; + int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + + SSL_METHOD *method; /* SSLv3 */ + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + +#ifdef HEADER_BIO_H + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatinate + * messages */ +#else + char *rbio; /* used by SSL_read */ + char *wbio; /* used by SSL_write */ + char *bbio; +#endif + /* This holds a variable that indicates what we were doing + * when a 0 or -1 is returned. This is needed for + * non-blocking IO so we know what request needs re-doing when + * in SSL_accept or SSL_connect */ + int rwstate; + + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + int (*handshake_func)(); + +/* int server;*/ /* are we the server side? */ + + int new_session;/* 1 if we are to use a new session */ + int quiet_shutdown;/* don't send shutdown packets */ + int shutdown; /* we have shut things down, 0x01 sent, 0x02 + * for received */ + int state; /* where we are */ + int rstate; /* where we are when reading */ + + BUF_MEM *init_buf; /* buffer used during init */ + int init_num; /* amount read/written */ + int init_off; /* amount read/written */ + + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + + struct ssl2_ctx_st *s2; /* SSLv2 variables */ + struct ssl3_ctx_st *s3; /* SSLv3 variables */ + + int read_ahead; /* Read as many input bytes as possible */ + int hit; /* reusing a previous session */ + + /* crypto */ + STACK /* SSL_CIPHER */ *cipher_list; + STACK /* SSL_CIPHER */ *cipher_list_by_id; + + /* These are the ones being used, the ones is SSL_SESSION are + * the ones to be 'copied' into these ones */ + + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD *read_hash; /* used for mac generation */ + SSL_COMPRESSION *read_compression; /* compression */ + + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD *write_hash; /* used for mac generation */ + SSL_COMPRESSION *write_compression; /* compression */ + + /* session info */ + + /* client cert? */ + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int (*verify_callback)(); /* fail if callback returns 0 */ + void (*info_callback)(); /* optional informational callback */ + + int error; /* error bytes to be written */ + int error_code; /* actual code */ + + SSL_CTX *ctx; + /* set this flag to 1 and a sleep(1) is put into all SSL_read() + * and SSL_write() calls, good for nbio debuging :-) */ + int debug; + + /* extra application data */ + int verify_result; + char *app_data; + + /* for server side, keep the list of CA_dn we can use */ + STACK /* X509_NAME */ *client_CA; + + int first_packet; + } SSL; + +#include "ssl2.h" +#include "ssl3.h" +#include "ssl23.h" + +/* application stuff */ +#define SSL_set_verify_result(s,arg) ((s)->verify_result=(long)arg) +#define SSL_get_verify_result(s) ((s)->verify_result) +#define SSL_set_app_data(s,arg) ((s)->app_data=(char *)arg) +#define SSL_get_app_data(s) ((s)->app_data) + +#define SSL_SESSION_set_app_data(s,arg) ((s)->app_data=(char *)arg) +#define SSL_SESSION_get_app_data(s) ((s)->app_data) + +#define SSL_CTX_set_app_data(ctx,arg) ((ctx)->app_data=(char *)arg) +#define SSL_CTX_get_app_data(ctx) ((ctx)->app_data) + +/* The following are the possible values for ssl->state are are + * used to indicate where we are upto in the SSL connection establishment. + * The macros that follow are about the only things you should need to use + * and even then, only when using non-blocking IO. + * It can also be useful to work out where you were when the connection + * failed */ + +#define SSL_state(a) ((a)->state) +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 +#define SSL_ST_MASK 0x0FFF +#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) +#define SSL_ST_BEFORE 0x4000 +#define SSL_ST_OK 0x03 +#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) + +/* SSL info callback functions */ +#define SSL_set_info_callback(ssl,cb) ((ssl)->info_callback=(cb)) +#define SSL_get_info_callback(ssl) ((ssl)->info_callback) + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +#define SSL_is_init_finished(a) ((a)->state == SSL_ST_OK) +#define SSL_in_init(a) ((a)->state&SSL_ST_INIT) +#define SSL_in_before(a) ((a)->state&SSL_ST_BEFORE) +#define SSL_in_connect_init(a) ((a)->state&SSL_ST_CONNECT) +#define SSL_in_accept_init(a) ((a)->state&SSL_ST_ACCEPT) + +/* The following 2 states are kept in ssl->rstate when reads fail, + * you should not need these */ +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 + +/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options + * are 'ored' with SSL_VERIFY_PEER if they are desired */ +#define SSL_VERIFY_NONE 0x00 +#define SSL_VERIFY_PEER 0x01 +#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define SSL_VERIFY_CLIENT_ONCE 0x04 + +#define SSL_RWERR_BAD_WRITE_RETRY (-2) +#define SSL_RWERR_BAD_MAC_DECODE (-3) +#define SSL_RWERR_INTERNAL_ERROR (-4) /* should not get this one */ +#define SSL_RWERR_WRONG_RECORD_TYPE (-5) /* used internally */ + +#define SSL_CTX_set_default_verify_paths(ctx) \ + X509_STORE_set_default_paths((ctx)->cert_store) +#define SSL_CTX_load_verify_locations(ctx,CAfile,CApath) \ + X509_STORE_load_locations((ctx)->cert_store,\ + (CAfile),(CApath)) + +#define SSL_get_session(s) ((s)->session) +#define SSL_get_SSL_CTX(s) ((s)->ctx) + +/* this is for backward compatablility */ +#if 0 /* NEW_SSLEAY */ +#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) +#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) +#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) +#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) +#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) +#endif +/* More backward compatablity */ +#define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +#define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) + +/* VMS linker has a 31 char name limit */ +#define SSL_CTX_set_cert_verify_callback(a,b,c) \ + SSL_CTX_set_cert_verify_cb((a),(b),(c)) + +#if 1 /*SSLEAY_MACROS*/ +#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \ + (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \ + (bp),(unsigned char **)(s_id)) +#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \ + bp,(unsigned char *)s_id) +#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb) +#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb) +#define PEM_write_SSL_SESSION(fp,x) \ + PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL) +#define PEM_write_bio_SSL_SESSION(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ + PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL) +#endif + +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 /* look at errno */ +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 + +#define SSL_CTRL_NEED_TMP_RSA 1 +#define SSL_CTRL_SET_TMP_RSA 2 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_RSA_CB 4 +#define SSL_CTRL_SET_TMP_DH_CB 5 + +#define SSL_CTX_need_tmp_RSA(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + +/* For the next 2, the callbacks are + * RSA *tmp_rsa_cb(int export) + * DH *tmp_dh_cb(int export) + */ +#define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb) +#define SSL_CTX_set_tmp_dh_callback(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)cb) + +#ifndef NOPROTO + +#ifdef HEADER_BIO_H +BIO_METHOD *BIO_f_ssl(void); +BIO *BIO_new_ssl(SSL_CTX *ctx,int client); +int BIO_ssl_copy_session_id(BIO *to,BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +#endif + +int SSL_CTX_set_cipher_list(SSL_CTX *,char *str); +SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); +void SSL_CTX_free(SSL_CTX *); +void SSL_clear(SSL *s); +void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); + +SSL_CIPHER *SSL_get_current_cipher(SSL *s); +int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); +char * SSL_CIPHER_get_version(SSL_CIPHER *c); +char * SSL_CIPHER_get_name(SSL_CIPHER *c); + +int SSL_get_fd(SSL *s); +char * SSL_get_cipher_list(SSL *s,int n); +char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); +int SSL_get_read_ahead(SSL * s); +int SSL_pending(SSL *s); +#ifndef NO_SOCK +int SSL_set_fd(SSL *s, int fd); +int SSL_set_rfd(SSL *s, int fd); +int SSL_set_wfd(SSL *s, int fd); +#endif +#ifdef HEADER_BIO_H +void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); +BIO * SSL_get_rbio(SSL *s); +BIO * SSL_get_wbio(SSL *s); +#endif +int SSL_set_cipher_list(SSL *s, char *str); +void SSL_set_read_ahead(SSL *s, int yes); +int SSL_get_verify_mode(SSL *s); +int (*SSL_get_verify_callback(SSL *s))(); +void SSL_set_verify(SSL *s, int mode, int (*callback) ()); +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type); +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); +int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type); +int SSL_use_certificate(SSL *ssl, X509 *x); +int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d); +int SSL_use_certificate_file(SSL *ssl, char *file, int type); +void ERR_load_SSL_strings(void ); +void SSL_load_error_strings(void ); +char * SSL_state_string(SSL *s); +char * SSL_rstate_string(SSL *s); +char * SSL_state_string_long(SSL *s); +char * SSL_rstate_string_long(SSL *s); +long SSL_get_time(SSL_SESSION *s); +long SSL_set_time(SSL_SESSION *s, long t); +long SSL_get_timeout(SSL_SESSION *s); +long SSL_set_timeout(SSL_SESSION *s, long t); +void SSL_copy_session_id(SSL *to,SSL *from); + +SSL_SESSION *SSL_SESSION_new(void); +#ifndef WIN16 +int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); +#endif +#ifdef HEADER_BIO_H +int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); +#endif +void SSL_SESSION_free(SSL_SESSION *ses); +int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); +int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); + +#ifdef HEADER_X509_H +X509 * SSL_get_peer_certificate(SSL *s); +#endif + +STACK * SSL_get_peer_cert_chain(SSL *s); + +int SSL_CTX_get_verify_mode(SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(); +void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)()); +void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type); +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, + unsigned char *d, long len); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type); +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)()); + +int SSL_CTX_check_private_key(SSL_CTX *ctx); +int SSL_check_private_key(SSL *ctx); + +SSL * SSL_new(SSL_CTX *ctx); +void SSL_clear(SSL *s); +void SSL_free(SSL *ssl); +int SSL_accept(SSL *ssl); +int SSL_connect(SSL *ssl); +int SSL_read(SSL *ssl,char *buf,int num); +int SSL_peek(SSL *ssl,char *buf,int num); +int SSL_write(SSL *ssl,char *buf,int num); +long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); +long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); + +int SSL_get_error(SSL *s,int ret_code); +char * SSL_get_version(SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); + +SSL_METHOD *SSLv2_method(void); /* sslv2 */ +SSL_METHOD *SSLv2_server_method(void); /* sslv2 */ +SSL_METHOD *SSLv2_client_method(void); /* sslv2 */ + +SSL_METHOD *SSLv3_method(void); /* sslv3 */ +SSL_METHOD *SSLv3_server_method(void); /* sslv3 */ +SSL_METHOD *SSLv3_client_method(void); /* sslv3 */ + +SSL_METHOD *SSLv23_method(void); /* sslv3 but can rollback to v2 */ +SSL_METHOD *SSLv23_server_method(void); /* sslv3 but can rollback to v2 */ +SSL_METHOD *SSLv23_client_method(void); /* sslv3 but can rollback to v2 */ + +STACK *SSL_get_ciphers(SSL *s); + +int SSL_do_handshake(SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_shutdown(SSL *s); + +SSL_METHOD *SSL_get_ssl_method(SSL *s); +int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); +char *SSL_alert_type_string_long(int value); +char *SSL_alert_type_string(int value); +char *SSL_alert_desc_string_long(int value); +char *SSL_alert_desc_string(int value); + +STACK *SSL_load_client_CA_file(char *file); +void SSL_set_client_CA_list(SSL *s, STACK *list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list); +STACK *SSL_get_client_CA_list(SSL *s); +STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s); +int SSL_add_client_CA(SSL *ssl,X509 *x); +int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +long SSL_get_default_timeout(SSL *s); + +void SSLeay_add_ssl_algorithms(void ); + +char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); +STACK *SSL_dup_CA_list(STACK *sk); + +SSL *SSL_dup(SSL *ssl); + +X509 *SSL_get_certificate(SSL *ssl); +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); + +#else + +BIO_METHOD *BIO_f_ssl(); +BIO *BIO_new_ssl(); +int BIO_ssl_copy_session_id(); +void BIO_ssl_shutdown(); + +int SSL_CTX_set_cipher_list(); +SSL_CTX *SSL_CTX_new(); +void SSL_CTX_free(); +void SSL_clear(); +void SSL_CTX_flush_sessions(); + +SSL_CIPHER *SSL_get_current_cipher(); +int SSL_CIPHER_get_bits(); +char * SSL_CIPHER_get_version(); +char * SSL_CIPHER_get_name(); + +int SSL_get_fd(); +char * SSL_get_cipher_list(); +char * SSL_get_shared_ciphers(); +int SSL_get_read_ahead(); +int SSL_pending(); +#ifndef NO_SOCK +int SSL_set_fd(); +int SSL_set_rfd(); +int SSL_set_wfd(); +#endif +#ifdef HEADER_BIO_H +void SSL_set_bio(); +BIO * SSL_get_rbio(); +BIO * SSL_get_wbio(); +#endif +int SSL_set_cipher_list(); +void SSL_set_read_ahead(); +int SSL_get_verify_mode(); + +void SSL_set_verify(); +int SSL_use_RSAPrivateKey(); +int SSL_use_RSAPrivateKey_ASN1(); +int SSL_use_RSAPrivateKey_file(); +int SSL_use_PrivateKey(); +int SSL_use_PrivateKey_ASN1(); +int SSL_use_PrivateKey_file(); +int SSL_use_certificate(); +int SSL_use_certificate_ASN1(); +int SSL_use_certificate_file(); +void ERR_load_SSL_strings(); +void SSL_load_error_strings(); +char * SSL_state_string(); +char * SSL_rstate_string(); +char * SSL_state_string_long(); +char * SSL_rstate_string_long(); +long SSL_get_time(); +long SSL_set_time(); +long SSL_get_timeout(); +long SSL_set_timeout(); +void SSL_copy_session_id(); + +SSL_SESSION *SSL_SESSION_new(); +#ifndef WIN16 +int SSL_SESSION_print_fp(); +#endif +#ifdef HEADER_BIO_H +int SSL_SESSION_print(); +#endif +void SSL_SESSION_free(); +int i2d_SSL_SESSION(); +int SSL_set_session(); +int SSL_CTX_add_session(); +int SSL_CTX_remove_session(); +SSL_SESSION *d2i_SSL_SESSION(); + +#ifdef HEADER_X509_H +X509 * SSL_get_peer_certificate(); +#endif + +STACK * SSL_get_peer_cert_chain(); + +int SSL_CTX_get_verify_mode(); +int (*SSL_CTX_get_verify_callback())(); +void SSL_CTX_set_verify(); +void SSL_CTX_set_cert_verify_cb(); +int SSL_CTX_use_RSAPrivateKey(); +int SSL_CTX_use_RSAPrivateKey_ASN1(); +int SSL_CTX_use_RSAPrivateKey_file(); +int SSL_CTX_use_PrivateKey(); +int SSL_CTX_use_PrivateKey_ASN1(); +int SSL_CTX_use_PrivateKey_file(); +int SSL_CTX_use_certificate(); +int SSL_CTX_use_certificate_ASN1(); +int SSL_CTX_use_certificate_file(); + +void SSL_CTX_set_default_passwd_cb(); + +int SSL_CTX_check_private_key(); +int SSL_check_private_key(); + +SSL * SSL_new(); +void SSL_clear(); +void SSL_free(); +int SSL_accept(); +int SSL_connect(); +int SSL_read(); +int SSL_peek(); +int SSL_write(); +long SSL_ctrl(); +long SSL_CTX_ctrl(); + +int SSL_get_error(); +char * SSL_get_version(); + +int SSL_CTX_set_ssl_version(); + +SSL_METHOD *SSLv2_method(); +SSL_METHOD *SSLv2_server_method(); +SSL_METHOD *SSLv2_client_method(); + +SSL_METHOD *SSLv3_method(); +SSL_METHOD *SSLv3_server_method(); +SSL_METHOD *SSLv3_client_method(); + +SSL_METHOD *SSLv23_method(); +SSL_METHOD *SSLv23_server_method(); +SSL_METHOD *SSLv23_client_method(); + +STACK *SSL_get_ciphers(); + +int SSL_do_handshake(); +int SSL_renegotiate(); +int SSL_shutdown(); + +SSL_METHOD *SSL_get_ssl_method(); +int SSL_set_ssl_method(); +char *SSL_alert_type_string_long(); +char *SSL_alert_type_string(); +char *SSL_alert_desc_string_long(); +char *SSL_alert_desc_string(); + +STACK *SSL_load_client_CA_file(); +void SSL_set_client_CA_list(); +void SSL_CTX_set_client_CA_list(); +STACK *SSL_get_client_CA_list(); +STACK *SSL_CTX_get_client_CA_list(); +int SSL_add_client_CA(); +int SSL_CTX_add_client_CA(); + +void SSL_set_connect_state(); +void SSL_set_accept_state(); + +long SSL_get_default_timeout(); + +void SSLeay_add_ssl_algorithms(); + +char *SSL_CIPHER_description(); +STACK *SSL_dup_CA_list(); + +SSL *SSL_dup(); + +X509 *SSL_get_certificate(); +/* EVP * */ struct evp_pkey_st *SSL_get_privatekey(); + +#ifdef this_is_for_mk1mf_pl +EVP *SSL_get_privatekey(); +#endif + +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the SSL functions. */ + +/* Function codes. */ +#define SSL_F_CLIENT_CERTIFICATE 100 +#define SSL_F_CLIENT_HELLO 101 +#define SSL_F_CLIENT_MASTER_KEY 102 +#define SSL_F_D2I_SSL_SESSION 103 +#define SSL_F_DO_SSL3_WRITE 104 +#define SSL_F_GET_CLIENT_FINISHED 105 +#define SSL_F_GET_CLIENT_HELLO 106 +#define SSL_F_GET_CLIENT_MASTER_KEY 107 +#define SSL_F_GET_SERVER_FINISHED 108 +#define SSL_F_GET_SERVER_HELLO 109 +#define SSL_F_GET_SERVER_VERIFY 110 +#define SSL_F_I2D_SSL_SESSION 111 +#define SSL_F_READ_N 112 +#define SSL_F_REQUEST_CERTIFICATE 113 +#define SSL_F_SERVER_HELLO 114 +#define SSL_F_SSL23_ACCEPT 115 +#define SSL_F_SSL23_CLIENT_HELLO 116 +#define SSL_F_SSL23_CONNECT 117 +#define SSL_F_SSL23_GET_CLIENT_HELLO 118 +#define SSL_F_SSL23_GET_SERVER_HELLO 119 +#define SSL_F_SSL23_READ 120 +#define SSL_F_SSL23_WRITE 121 +#define SSL_F_SSL2_ACCEPT 122 +#define SSL_F_SSL2_CONNECT 123 +#define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_READ 125 +#define SSL_F_SSL2_SET_CERTIFICATE 126 +#define SSL_F_SSL2_WRITE 127 +#define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +#define SSL_F_SSL3_CLIENT_HELLO 131 +#define SSL_F_SSL3_CONNECT 132 +#define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_ENC 134 +#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_VERIFY 136 +#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +#define SSL_F_SSL3_GET_CLIENT_HELLO 138 +#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +#define SSL_F_SSL3_GET_FINISHED 140 +#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +#define SSL_F_SSL3_GET_MESSAGE 142 +#define SSL_F_SSL3_GET_RECORD 143 +#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +#define SSL_F_SSL3_GET_SERVER_DONE 145 +#define SSL_F_SSL3_GET_SERVER_HELLO 146 +#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_READ_BYTES 148 +#define SSL_F_SSL3_READ_N 149 +#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +#define SSL_F_SSL3_SETUP_BUFFERS 156 +#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +#define SSL_F_SSL3_WRITE_BYTES 158 +#define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_BAD_METHOD 160 +#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_NEW 162 +#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CREATE_CIPHER_LIST 164 +#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165 +#define SSL_F_SSL_CTX_NEW 166 +#define SSL_F_SSL_CTX_SET_SSL_VERSION 167 +#define SSL_F_SSL_CTX_USE_CERTIFICATE 168 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY 171 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176 +#define SSL_F_SSL_DO_HANDSHAKE 177 +#define SSL_F_SSL_GET_NEW_SESSION 178 +#define SSL_F_SSL_GET_SERVER_SEND_CERT 179 +#define SSL_F_SSL_GET_SIGN_PKEY 180 +#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 181 +#define SSL_F_SSL_NEW 182 +#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 183 +#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 184 +#define SSL_F_SSL_SESSION_NEW 185 +#define SSL_F_SSL_SESSION_PRINT_FP 186 +#define SSL_F_SSL_SET_FD 187 +#define SSL_F_SSL_SET_PKEY 188 +#define SSL_F_SSL_SET_RFD 189 +#define SSL_F_SSL_SET_SESSION 190 +#define SSL_F_SSL_SET_WFD 191 +#define SSL_F_SSL_UNDEFINED_FUNCTION 192 +#define SSL_F_SSL_USE_CERTIFICATE 193 +#define SSL_F_SSL_USE_CERTIFICATE_ASN1 194 +#define SSL_F_SSL_USE_CERTIFICATE_FILE 195 +#define SSL_F_SSL_USE_PRIVATEKEY 196 +#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 197 +#define SSL_F_SSL_USE_PRIVATEKEY_FILE 198 +#define SSL_F_SSL_USE_RSAPRIVATEKEY 199 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 200 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 201 +#define SSL_F_SSL_WRITE 202 +#define SSL_F_WRITE_PENDING 203 + +/* Reason codes. */ +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_BAD_ALERT_RECORD 101 +#define SSL_R_BAD_AUTHENTICATION_TYPE 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_CHECKSUM 104 +#define SSL_R_BAD_CLIENT_REQUEST 105 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +#define SSL_R_BAD_DECOMPRESSION 107 +#define SSL_R_BAD_DH_G_LENGTH 108 +#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +#define SSL_R_BAD_DH_P_LENGTH 110 +#define SSL_R_BAD_DIGEST_LENGTH 111 +#define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_MAC_DECODE 113 +#define SSL_R_BAD_MESSAGE_TYPE 114 +#define SSL_R_BAD_PACKET_LENGTH 115 +#define SSL_R_BAD_RESPONSE_ARGUMENT 116 +#define SSL_R_BAD_RSA_DECRYPT 117 +#define SSL_R_BAD_RSA_ENCRYPT 118 +#define SSL_R_BAD_RSA_E_LENGTH 119 +#define SSL_R_BAD_RSA_MODULUS_LENGTH 120 +#define SSL_R_BAD_RSA_SIGNATURE 121 +#define SSL_R_BAD_SIGNATURE 122 +#define SSL_R_BAD_SSL_FILETYPE 123 +#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 124 +#define SSL_R_BAD_STATE 125 +#define SSL_R_BAD_WRITE_RETRY 126 +#define SSL_R_BIO_NOT_SET 127 +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 128 +#define SSL_R_BN_LIB 129 +#define SSL_R_CA_DN_LENGTH_MISMATCH 130 +#define SSL_R_CA_DN_TOO_LONG 131 +#define SSL_R_CCS_RECEIVED_EARLY 132 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 133 +#define SSL_R_CERT_LENGTH_MISMATCH 134 +#define SSL_R_CHALLENGE_IS_DIFFERENT 135 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 136 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 137 +#define SSL_R_CIPHER_TABLE_SRC_ERROR 138 +#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 139 +#define SSL_R_COMPRESSION_FAILURE 140 +#define SSL_R_CONNECTION_ID_IS_DIFFERENT 141 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 142 +#define SSL_R_DATA_LENGTH_TOO_LONG 143 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144 +#define SSL_R_DIGEST_CHECK_FAILED 145 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 146 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 147 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 148 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 149 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 150 +#define SSL_R_INTERNAL_ERROR 151 +#define SSL_R_INVALID_CHALLENGE_LENGTH 152 +#define SSL_R_LENGTH_MISMATCH 153 +#define SSL_R_LENGTH_TOO_SHORT 154 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 155 +#define SSL_R_MISSING_DH_DSA_CERT 156 +#define SSL_R_MISSING_DH_KEY 157 +#define SSL_R_MISSING_DH_RSA_CERT 158 +#define SSL_R_MISSING_DSA_SIGNING_CERT 159 +#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 160 +#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 161 +#define SSL_R_MISSING_RSA_CERTIFICATE 162 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 163 +#define SSL_R_MISSING_RSA_SIGNING_CERT 164 +#define SSL_R_MISSING_TMP_DH_KEY 165 +#define SSL_R_MISSING_TMP_RSA_KEY 166 +#define SSL_R_MISSING_TMP_RSA_PKEY 167 +#define SSL_R_MISSING_VERIFY_MESSAGE 168 +#define SSL_R_NON_SSLV2_INITIAL_PACKET 169 +#define SSL_R_NO_CERTIFICATES_PASSED 170 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 171 +#define SSL_R_NO_CERTIFICATE_RETURNED 172 +#define SSL_R_NO_CERTIFICATE_SET 173 +#define SSL_R_NO_CERTIFICATE_SPECIFIED 174 +#define SSL_R_NO_CIPHERS_AVAILABLE 175 +#define SSL_R_NO_CIPHERS_PASSED 176 +#define SSL_R_NO_CIPHERS_SPECIFIED 177 +#define SSL_R_NO_CIPHER_LIST 178 +#define SSL_R_NO_CIPHER_MATCH 179 +#define SSL_R_NO_CLIENT_CERT_RECEIVED 180 +#define SSL_R_NO_COMPRESSION_SPECIFIED 181 +#define SSL_R_NO_PRIVATEKEY 182 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 183 +#define SSL_R_NO_PUBLICKEY 184 +#define SSL_R_NO_SHARED_CIPHER 185 +#define SSL_R_NULL_SSL_CTX 186 +#define SSL_R_NULL_SSL_METHOD_PASSED 187 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 188 +#define SSL_R_PACKET_LENGTH_TOO_LONG 189 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 190 +#define SSL_R_PEER_ERROR 191 +#define SSL_R_PEER_ERROR_CERTIFICATE 192 +#define SSL_R_PEER_ERROR_NO_CERTIFICATE 193 +#define SSL_R_PEER_ERROR_NO_CIPHER 194 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 195 +#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 196 +#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 197 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 198 +#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 199 +#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 200 +#define SSL_R_PUBLIC_KEY_NOT_RSA 201 +#define SSL_R_READ_BIO_NOT_SET 202 +#define SSL_R_READ_WRONG_PACKET_TYPE 203 +#define SSL_R_RECORD_LENGTH_MISMATCH 204 +#define SSL_R_RECORD_TOO_LARGE 205 +#define SSL_R_REQUIRED_CIPHER_MISSING 206 +#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 207 +#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 208 +#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 209 +#define SSL_R_SHORT_READ 210 +#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 211 +#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 212 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 213 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 214 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 215 +#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 216 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 217 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 218 +#define SSL_R_SSL_HANDSHAKE_FAILURE 219 +#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 220 +#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 221 +#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 222 +#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 223 +#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 224 +#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 225 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 226 +#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 227 +#define SSL_R_UNEXPECTED_MESSAGE 228 +#define SSL_R_UNEXPECTED_RECORD 229 +#define SSL_R_UNKNOWN_ALERT_TYPE 230 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 231 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 232 +#define SSL_R_UNKNOWN_CIPHER_TYPE 233 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 234 +#define SSL_R_UNKNOWN_PKEY_TYPE 235 +#define SSL_R_UNKNOWN_PROTOCOL 236 +#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 237 +#define SSL_R_UNKNOWN_SSL_VERSION 238 +#define SSL_R_UNKNOWN_STATE 239 +#define SSL_R_UNSUPPORTED_CIPHER 240 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 241 +#define SSL_R_UNSUPPORTED_SSL_VERSION 242 +#define SSL_R_WRITE_BIO_NOT_SET 243 +#define SSL_R_WRONG_CIPHER_RETURNED 244 +#define SSL_R_WRONG_MESSAGE_TYPE 245 +#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 246 +#define SSL_R_WRONG_SIGNATURE_LENGTH 247 +#define SSL_R_WRONG_SIGNATURE_SIZE 248 +#define SSL_R_WRONG_SSL_VERSION 249 +#define SSL_R_WRONG_VERSION_NUMBER 250 +#define SSL_R_X509_LIB 251 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/ssl/ssl2.h b/ssl/ssl2.h new file mode 100644 index 0000000000000000000000000000000000000000..db353f5841ab6e1165fe120f82bbe450ff428a4a --- /dev/null +++ b/ssl/ssl2.h @@ -0,0 +1,263 @@ +/* ssl/ssl2.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL2_H +#define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Protocol Version Codes */ +#define SSL2_CLIENT_VERSION 0x0002 +#define SSL2_SERVER_VERSION 0x0002 + +/* Protocol Message Codes */ +#define SSL2_MT_ERROR 0 +#define SSL2_MT_CLIENT_HELLO 1 +#define SSL2_MT_CLIENT_MASTER_KEY 2 +#define SSL2_MT_CLIENT_FINISHED 3 +#define SSL2_MT_SERVER_HELLO 4 +#define SSL2_MT_SERVER_VERIFY 5 +#define SSL2_MT_SERVER_FINISHED 6 +#define SSL2_MT_REQUEST_CERTIFICATE 7 +#define SSL2_MT_CLIENT_CERTIFICATE 8 + +/* Error Message Codes */ +#define SSL2_PE_UNDEFINED_ERROR 0x0000 +#define SSL2_PE_NO_CIPHER 0x0001 +#define SSL2_PE_NO_CERTIFICATE 0x0002 +#define SSL2_PE_BAD_CERTIFICATE 0x0004 +#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 + +/* Cipher Kind Values */ +#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ +#define SSL2_CK_RC4_128_WITH_MD5 0x02010080 +#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 +#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 +#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 +#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 +#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 +#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ +#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 +#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ +#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ + +#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ +#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ + +#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" +#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" +#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" +#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" +#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" +#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" +#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" +#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" +#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" +#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" +#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" +#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" + +#define SSL2_TXT_NULL "NULL" + +/* Flags for the SSL_CIPHER.algorithm2 field */ +#define SSL2_CF_5_BYTE_ENC 0x01 +#define SSL2_CF_8_BYTE_ENC 0x02 + +/* Certificate Type Codes */ +#define SSL2_CT_X509_CERTIFICATE 0x01 + +/* Authentication Type Code */ +#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 + +#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 + +/* Upper/Lower Bounds */ +#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 +#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 +#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ + +#define SSL2_CHALLENGE_LENGTH 16 +/*#define SSL2_CHALLENGE_LENGTH 32 */ +#define SSL2_MIN_CHALLENGE_LENGTH 16 +#define SSL2_MAX_CHALLENGE_LENGTH 32 +#define SSL2_CONNECTION_ID_LENGTH 16 +#define SSL2_MAX_CONNECTION_ID_LENGTH 16 +#define SSL2_SSL_SESSION_ID_LENGTH 16 +#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 +#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 +#define SSL2_MAX_KEY_MATERIAL_LENGTH 24 + +#ifndef HEADER_SSL_LOCL_H +#define CERT char +#endif + +typedef struct ssl2_ctx_st + { + int first_packet; /* enable first packet checking in server */ + int three_byte_header; + int clear_text; /* clear text */ + int escape; /* not used in SSLv2 */ + int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ + + /* non-blocking io info, used to make sure the same + * args were passwd */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; + char *wpend_buf; + + int wpend_off; /* offset to data to write */ + int wpend_len; /* number of bytes passwd to write */ + int wpend_ret; /* number of bytes to return to caller */ + + /* buffer raw data */ + int rbuf_left; + int rbuf_offs; + unsigned char *rbuf; + unsigned char *wbuf; + + unsigned char *write_ptr;/* used to point to the start due to + * 2/3 byte header. */ + + unsigned int padding; + unsigned int rlength; /* passed to ssl2_enc */ + int ract_data_length; /* Set when things are encrypted. */ + unsigned int wlength; /* passed to ssl2_enc */ + int wact_data_length; /* Set when things are decrypted. */ + unsigned char *ract_data; + unsigned char *wact_data; + unsigned char *mac_data; + unsigned char *pad_data; + + unsigned char *read_key; + unsigned char *write_key; + + /* Stuff specifically to do with this SSL session */ + unsigned int challenge_length; + unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; + unsigned int conn_id_length; + unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; + unsigned int key_material_length; + unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2]; + + unsigned long read_sequence; + unsigned long write_sequence; + + struct { + unsigned int conn_id_length; + unsigned int cert_type; + unsigned int cert_length; + int csl; + int clear; + unsigned int enc; + unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; + int cipher_spec_length; + unsigned int session_id_length; + unsigned int clen; + unsigned int rlen; + } tmp; + } SSL2_CTX; + +/* SSLv2 */ +/* client */ +#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) +#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) +#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) +/* server */ +#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) +#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) +#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/ssl/ssl23.h b/ssl/ssl23.h new file mode 100644 index 0000000000000000000000000000000000000000..6e6f26bbb39de77a87bafb67a090c31442664216 --- /dev/null +++ b/ssl/ssl23.h @@ -0,0 +1,83 @@ +/* ssl/ssl23.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL23_H +#define HEADER_SSL23_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*client */ +/* write to server */ +#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) +#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) +/* read from server */ +#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) +#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) + +/* server */ +/* read from client */ +#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) +#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/ssl/ssl3.h b/ssl/ssl3.h new file mode 100644 index 0000000000000000000000000000000000000000..9675ec2d7d1c6a5b12177cd7af66eb124dcdc752 --- /dev/null +++ b/ssl/ssl3.h @@ -0,0 +1,417 @@ +/* ssl/ssl3.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL3_H +#define HEADER_SSL3_H + +#include "buffer.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define SSL3_CK_RSA_NULL_MD5 0x03000001 +#define SSL3_CK_RSA_NULL_SHA 0x03000002 +#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 + +#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +#define SSL3_CK_ADH_DES_196_CBC_SHA 0x0300001B + +#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C +#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E + +#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-MD5" +#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC" +#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_196_CBC_SHA "ADH-DES-CBC3-SHA" + +#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" +#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" +#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" + +#define SSL3_SSL_SESSION_ID_LENGTH 32 +#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +#define SSL3_MASTER_SECRET_SIZE 48 +#define SSL3_RANDOM_SIZE 32 +#define SSL3_SESSION_ID_SIZE 32 +#define SSL3_RT_HEADER_LENGTH 5 + +/* Due to MS stuffing up, this can change.... */ +#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32)) +#define SSL3_RT_MAX_EXTRA (14000) +#else +#define SSL3_RT_MAX_EXTRA (16384) +#endif + +#define SSL3_RT_MAX_PLAIN_LENGTH 16384 +#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) +#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) +#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) +#define SSL3_RT_MAX_DATA_SIZE (1024*1024) + +/* the states that a SSL3_RECORD can be in + * For SSL_read it goes + * rbuf->ENCODED -> read + * ENCODED -> we need to decode everything - call decode_record + */ + +#define SSL3_RS_BLANK 1 +#define SSL3_RS_DATA + +#define SSL3_RS_ENCODED 2 +#define SSL3_RS_READ_MORE 3 +#define SSL3_RS_WRITE_MORE +#define SSL3_RS_PLAIN 3 +#define SSL3_RS_PART_READ 4 +#define SSL3_RS_PART_WRITE 5 + +#define SSL3_MD_CLIENT_FINISHED_CONST 0x43,0x4C,0x4E,0x54 +#define SSL3_MD_SERVER_FINISHED_CONST 0x53,0x52,0x56,0x52 + +#define SSL3_VERSION 0x0300 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 + +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 + +#define SSL3_AL_WARNING 1 +#define SSL3_AL_FATAL 2 + +#define SSL3_AD_CLOSE_NOTIFY 0 +#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ +#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ +#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ +#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ +#define SSL3_AD_NO_CERTIFICATE 41 +#define SSL3_AD_BAD_CERTIFICATE 42 +#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL3_AD_CERTIFICATE_REVOKED 44 +#define SSL3_AD_CERTIFICATE_EXPIRED 45 +#define SSL3_AD_CERTIFICATE_UNKNOWN 46 +#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ + +typedef struct ssl3_record_st + { +/*r */ int type; /* type of record */ +/* */ /*int state;*/ /* any data in it? */ +/*rw*/ unsigned int length; /* How many bytes available */ +/*r */ unsigned int off; /* read/write offset into 'buf' */ +/*rw*/ unsigned char *data; /* pointer to the record data */ +/*rw*/ unsigned char *input; /* where the decode bytes are */ +/*rw*/ unsigned char *comp; /* only used with decompression */ + } SSL3_RECORD; + +typedef struct ssl3_buffer_st + { +/*r */ int total; /* used in non-blocking writes */ +/*r */ int wanted; /* how many more bytes we need */ +/*rw*/ int left; /* how many bytes left */ +/*rw*/ int offset; /* where to 'copy from' */ +/*rw*/ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes */ + } SSL3_BUFFER; + +typedef struct ssl3_compression_st { + int nothing; + } SSL3_COMPRESSION; + +#define SSL3_CT_RSA_SIGN 1 +#define SSL3_CT_DSS_SIGN 2 +#define SSL3_CT_RSA_FIXED_DH 3 +#define SSL3_CT_DSS_FIXED_DH 4 +#define SSL3_CT_RSA_EPHEMERAL_DH 5 +#define SSL3_CT_DSS_EPHEMERAL_DH 6 +#define SSL3_CT_FORTEZZA_DMS 20 +#define SSL3_CT_NUMBER 7 + +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 + +typedef struct ssl3_ctx_st + { + long flags; + int delay_buf_pop_ret; + + unsigned char read_sequence[8]; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char write_sequence[8]; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + + SSL3_BUFFER rbuf; /* read IO goes into here */ + SSL3_BUFFER wbuf; /* write IO goes into here */ + SSL3_RECORD rrec; /* each decoded record goes in here */ + SSL3_RECORD wrec; /* goes out from here */ + /* Used by ssl3_read_n to point + * to input data packet */ + + /* partial write - check the numbers match */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; /* number bytes written */ + int wpend_type; + int wpend_ret; /* number of bytes submitted */ + char *wpend_buf; + + /* used during startup, digest all incoming/outgoing packets */ + EVP_MD_CTX finish_dgst1; + EVP_MD_CTX finish_dgst2; + + /* this is set whenerver we see a change_cipher_spec message + * come in when we are not looking for one */ + int change_cipher_spec; + + int warn_alert; + int fatal_alert; + /* we alow one fatal and one warning alert to be outstanding, + * send close alert via the warning alert */ + int alert_dispatch; + char send_alert[2]; + + struct { + unsigned char finish_md1[EVP_MAX_MD_SIZE]; + unsigned char finish_md2[EVP_MAX_MD_SIZE]; + + unsigned long message_size; + int message_type; + + /* used to hold the new cipher we are going to use */ + SSL_CIPHER *new_cipher; + DH *dh; + + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + + int reuse_message; + + /* used for certificate requests */ + int cert_req; + int ctype_num; + char ctype[SSL3_CT_NUMBER]; + STACK *ca_names; + + int use_rsa_tmp; + + int key_block_length; + unsigned char *key_block; + + EVP_CIPHER *new_sym_enc; + EVP_MD *new_hash; + SSL_COMPRESSION *new_compression; + } tmp; + } SSL3_CTX; + +/* SSLv3 */ +/*client */ +/* extra state */ +#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) +#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) + +/* server */ +/* extra state */ +#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +/* read from client */ +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +/* write to client */ +#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) +/* read from client */ +#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) +/* write to client */ +#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) + +#define SSL3_MT_CLIENT_REQUEST 0 +#define SSL3_MT_CLIENT_HELLO 1 +#define SSL3_MT_SERVER_HELLO 2 +#define SSL3_MT_CERTIFICATE 11 +#define SSL3_MT_SERVER_KEY_EXCHANGE 12 +#define SSL3_MT_CERTIFICATE_REQUEST 13 +#define SSL3_MT_SERVER_DONE 14 +#define SSL3_MT_CERTIFICATE_VERIFY 15 +#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +#define SSL3_MT_FINISHED 20 + +#define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +#define SSL3_CC_READ 0x01 +#define SSL3_CC_WRITE 0x02 +#define SSL3_CC_CLIENT 0x10 +#define SSL3_CC_SERVER 0x20 +#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c new file mode 100644 index 0000000000000000000000000000000000000000..36b03335bb61d69aa7957ceb6d872af766d70240 --- /dev/null +++ b/ssl/ssl_algs.c @@ -0,0 +1,99 @@ +/* ssl/ssl_algs.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "lhash.h" +#include "ssl_locl.h" + +void SSLeay_add_ssl_algorithms() + { +#ifndef NO_DES + EVP_add_cipher(EVP_des_cbc()); + EVP_add_cipher(EVP_des_ede3_cbc()); +#endif +#ifndef NO_IDEA + EVP_add_cipher(EVP_idea_cbc()); +#endif +#ifndef NO_RC4 + EVP_add_cipher(EVP_rc4()); +#endif +#ifndef NO_RC2 + EVP_add_cipher(EVP_rc2_cbc()); +#endif + +#ifndef NO_MD2 + EVP_add_digest(EVP_md2()); +#endif +#ifndef NO_MD5 + EVP_add_digest(EVP_md5()); +#endif +#ifndef NO_SHA1 + EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ +#endif +#if !defined(NO_SHA1) && !defined(NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ +#endif + + /* If you want support for phased out ciphers, add the following */ +#if 0 + EVP_add_digest(EVP_sha()); + EVP_add_digest(EVP_dss()); +#endif + } + diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c new file mode 100644 index 0000000000000000000000000000000000000000..873497a87748120a5c823aa3e26a12e7741da3f4 --- /dev/null +++ b/ssl/ssl_asn1.c @@ -0,0 +1,313 @@ +/* ssl/ssl_asn1.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "asn1_mac.h" +#include "objects.h" +#include "ssl_locl.h" + +typedef struct ssl_session_asn1_st + { + ASN1_INTEGER version; + ASN1_INTEGER ssl_version; + ASN1_OCTET_STRING cipher; + ASN1_OCTET_STRING master_key; + ASN1_OCTET_STRING session_id; + ASN1_OCTET_STRING key_arg; + ASN1_INTEGER time; + ASN1_INTEGER timeout; + } SSL_SESSION_ASN1; + +/* + * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH); + * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER); + */ + +int i2d_SSL_SESSION(in,pp) +SSL_SESSION *in; +unsigned char **pp; + { +#define LSIZE2 (sizeof(long)*2) + int v1=0,v2=0,v3=0; + unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; + unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2]; + long l; + SSL_SESSION_ASN1 a; + M_ASN1_I2D_vars(in); + + if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) + return(0); + + /* Note that I cheat in the following 2 assignments. I know + * that if the ASN1_INTERGER passed to ASN1_INTEGER_set + * is > sizeof(long)+1, the buffer will not be re-Malloc()ed. + * This is a bit evil but makes things simple, no dynamic allocation + * to clean up :-) */ + a.version.length=LSIZE2; + a.version.type=V_ASN1_INTEGER; + a.version.data=ibuf1; + ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); + + a.ssl_version.length=LSIZE2; + a.ssl_version.type=V_ASN1_INTEGER; + a.ssl_version.data=ibuf2; + ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); + + a.cipher.type=V_ASN1_OCTET_STRING; + a.cipher.data=buf; + + if (in->cipher == NULL) + l=in->cipher_id; + else + l=in->cipher->id; + if (in->ssl_version == 2) + { + a.cipher.length=3; + buf[0]=((unsigned char)(l>>16L))&0xff; + buf[1]=((unsigned char)(l>> 8L))&0xff; + buf[2]=((unsigned char)(l ))&0xff; + } + else + { + a.cipher.length=2; + buf[0]=((unsigned char)(l>>8L))&0xff; + buf[1]=((unsigned char)(l ))&0xff; + } + + a.master_key.length=in->master_key_length; + a.master_key.type=V_ASN1_OCTET_STRING; + a.master_key.data=in->master_key; + + a.session_id.length=in->session_id_length; + a.session_id.type=V_ASN1_OCTET_STRING; + a.session_id.data=in->session_id; + + a.key_arg.length=in->key_arg_length; + a.key_arg.type=V_ASN1_OCTET_STRING; + a.key_arg.data=in->key_arg; + + if (in->time != 0L) + { + a.time.length=LSIZE2; + a.time.type=V_ASN1_INTEGER; + a.time.data=ibuf3; + ASN1_INTEGER_set(&(a.time),in->time); + } + + if (in->timeout != 0L) + { + a.timeout.length=LSIZE2; + a.timeout.type=V_ASN1_INTEGER; + a.timeout.data=ibuf4; + ASN1_INTEGER_set(&(a.timeout),in->timeout); + } + + M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); + M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); + M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); + if (in->key_arg_length > 0) + M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); + if (in->time != 0L) + M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); + if (in->timeout != 0L) + M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); + if (in->peer != NULL) + M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); + M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER); + M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); + if (in->key_arg_length > 0) + M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); + if (in->time != 0L) + M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); + if (in->timeout != 0L) + M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); + if (in->peer != NULL) + M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); + + M_ASN1_I2D_finish(); + } + +SSL_SESSION *d2i_SSL_SESSION(a,pp,length) +SSL_SESSION **a; +unsigned char **pp; +long length; + { + int version,ssl_version=0,i; + long id; + ASN1_INTEGER ai,*aip; + ASN1_OCTET_STRING os,*osp; + M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); + + aip= &ai; + osp= &os; + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + + ai.data=NULL; ai.length=0; + M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); + version=(int)ASN1_INTEGER_get(aip); + if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; } + + /* we don't care about the version right now :-) */ + M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); + ssl_version=(int)ASN1_INTEGER_get(aip); + ret->ssl_version=ssl_version; + if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; } + + os.data=NULL; os.length=0; + M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); + if (ssl_version == 2) + { + if (os.length != 3) + { + c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; + goto err; + } + id=0x02000000L| + ((unsigned long)os.data[0]<<16L)| + ((unsigned long)os.data[1]<< 8L)| + (unsigned long)os.data[2]; + } + else if (ssl_version == 3) + { + if (os.length != 2) + { + c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; + goto err; + } + id=0x03000000L| + ((unsigned long)os.data[0]<<8L)| + (unsigned long)os.data[1]; + } + else + { + SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); + return(NULL); + } + + ret->cipher=NULL; + ret->cipher_id=id; + + M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); + if (ssl_version == 3) + i=SSL3_MAX_SSL_SESSION_ID_LENGTH; + else /* if (ssl_version == 2) */ + i=SSL2_MAX_SSL_SESSION_ID_LENGTH; + + if (os.length > i) + os.length=i; + + ret->session_id_length=os.length; + memcpy(ret->session_id,os.data,os.length); + + M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); + if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) + ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + else + ret->master_key_length=os.length; + memcpy(ret->master_key,os.data,ret->master_key_length); + + os.length=0; + M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); + if (os.length > SSL_MAX_KEY_ARG_LENGTH) + ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; + else + ret->key_arg_length=os.length; + memcpy(ret->key_arg,os.data,ret->key_arg_length); + if (os.data != NULL) Free(os.data); + + ai.length=0; + M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); + if (ai.data != NULL) + { + ret->time=ASN1_INTEGER_get(aip); + Free(ai.data); ai.data=NULL; ai.length=0; + } + else + ret->time=time(NULL); + + ai.length=0; + M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); + if (ai.data != NULL) + { + ret->timeout=ASN1_INTEGER_get(aip); + Free(ai.data); ai.data=NULL; ai.length=0; + } + else + ret->timeout=3; + + if (ret->peer != NULL) + { + X509_free(ret->peer); + ret->peer=NULL; + } + M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + + M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); + } + diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c new file mode 100644 index 0000000000000000000000000000000000000000..0c040d9cf392671c5704ead8bc21cb053b8bdda8 --- /dev/null +++ b/ssl/ssl_cert.c @@ -0,0 +1,326 @@ +/* ssl/ssl_cert.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "bio.h" +#include "pem.h" +#include "ssl_locl.h" + +CERT *ssl_cert_new() + { + CERT *ret; + + ret=(CERT *)Malloc(sizeof(CERT)); + if (ret == NULL) + { + SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + memset(ret,0,sizeof(CERT)); +/* + ret->valid=0; + ret->mask=0; + ret->export_mask=0; + ret->cert_type=0; + ret->key->x509=NULL; + ret->key->publickey=NULL; + ret->key->privatekey=NULL; */ + + ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); + ret->references=1; + + return(ret); + } + +void ssl_cert_free(c) +CERT *c; + { + int i; + + i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"ssl_cert_free, bad reference count\n"); + abort(); /* ok */ + } +#endif + +#ifndef NO_RSA + if (c->rsa_tmp) RSA_free(c->rsa_tmp); +#endif +#ifndef NO_DH + if (c->dh_tmp) DH_free(c->dh_tmp); +#endif + + for (i=0; ipkeys[i].x509 != NULL) + X509_free(c->pkeys[i].x509); + if (c->pkeys[i].privatekey != NULL) + EVP_PKEY_free(c->pkeys[i].privatekey); +#if 0 + if (c->pkeys[i].publickey != NULL) + EVP_PKEY_free(c->pkeys[i].publickey); +#endif + } + if (c->cert_chain != NULL) + sk_pop_free(c->cert_chain,X509_free); + Free(c); + } + +int ssl_set_cert_type(c, type) +CERT *c; +int type; + { + c->cert_type=type; + return(1); + } + +int ssl_verify_cert_chain(s,sk) +SSL *s; +STACK *sk; + { + X509 *x; + int i; + X509_STORE_CTX ctx; + + if ((sk == NULL) || (sk_num(sk) == 0)) + return(0); + + x=(X509 *)sk_value(sk,0); + X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk); + X509_STORE_CTX_set_app_data(&ctx,(char *)s); + + if (s->ctx->app_verify_callback != NULL) + i=s->ctx->app_verify_callback(&ctx); + else + i=X509_verify_cert(&ctx); + + X509_STORE_CTX_cleanup(&ctx); + s->verify_result=ctx.error; + + return(i); + } + +static void set_client_CA_list(ca_list,list) +STACK **ca_list; +STACK *list; + { + if (*ca_list != NULL) + sk_pop_free(*ca_list,X509_NAME_free); + + *ca_list=list; + } + +STACK *SSL_dup_CA_list(sk) +STACK *sk; + { + int i; + STACK *ret; + X509_NAME *name; + + ret=sk_new_null(); + for (i=0; iclient_CA),list); + } + +void SSL_CTX_set_client_CA_list(ctx,list) +SSL_CTX *ctx; +STACK *list; + { + set_client_CA_list(&(ctx->client_CA),list); + } + +STACK *SSL_CTX_get_client_CA_list(ctx) +SSL_CTX *ctx; + { + return(ctx->client_CA); + } + +STACK *SSL_get_client_CA_list(s) +SSL *s; + { + if (s->type == SSL_ST_CONNECT) + { /* we are in the client */ + if ((s->version == 3) && (s->s3 != NULL)) + return(s->s3->tmp.ca_names); + else + return(NULL); + } + else + { + if (s->client_CA != NULL) + return(s->client_CA); + else + return(s->ctx->client_CA); + } + } + +static int add_client_CA(sk,x) +STACK **sk; +X509 *x; + { + X509_NAME *name; + + if (x == NULL) return(0); + if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL)) + return(0); + + if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) + return(0); + + if (!sk_push(*sk,(char *)name)) + { + X509_NAME_free(name); + return(0); + } + return(1); + } + +int SSL_add_client_CA(ssl,x) +SSL *ssl; +X509 *x; + { + return(add_client_CA(&(ssl->client_CA),x)); + } + +int SSL_CTX_add_client_CA(ctx,x) +SSL_CTX *ctx; +X509 *x; + { + return(add_client_CA(&(ctx->client_CA),x)); + } + +static int name_cmp(a,b) +X509_NAME **a,**b; + { + return(X509_NAME_cmp(*a,*b)); + } + +STACK *SSL_load_client_CA_file(file) +char *file; + { + BIO *in; + X509 *x=NULL; + X509_NAME *xn=NULL; + STACK *ret,*sk; + + ret=sk_new(NULL); + sk=sk_new(name_cmp); +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if ((ret == NULL) || (sk == NULL) || (in == NULL)) + { + SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!BIO_read_filename(in,file)) + goto err; + + for (;;) + { + if (PEM_read_bio_X509(in,&x,NULL) == NULL) + break; + if ((xn=X509_get_subject_name(x)) == NULL) goto err; + /* check for duplicates */ + xn=X509_NAME_dup(xn); + if (xn == NULL) goto err; + if (sk_find(sk,(char *)xn) >= 0) + X509_NAME_free(xn); + else + { + sk_push(sk,(char *)xn); + sk_push(ret,(char *)xn); + } + } + + if (0) + { +err: + if (ret != NULL) sk_pop_free(ret,X509_NAME_free); + ret=NULL; + } + if (sk != NULL) sk_free(sk); + if (in != NULL) BIO_free(in); + if (x != NULL) X509_free(x); + return(ret); + } + + diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c new file mode 100644 index 0000000000000000000000000000000000000000..9fed3ad59ac0bbabc1d8749803c1850dbc0906f7 --- /dev/null +++ b/ssl/ssl_ciph.c @@ -0,0 +1,721 @@ +/* ssl/ssl_ciph.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "ssl_locl.h" + +#define SSL_ENC_DES_IDX 0 +#define SSL_ENC_3DES_IDX 1 +#define SSL_ENC_RC4_IDX 2 +#define SSL_ENC_RC2_IDX 3 +#define SSL_ENC_IDEA_IDX 4 +#define SSL_ENC_eFZA_IDX 5 +#define SSL_ENC_NULL_IDX 6 +#define SSL_ENC_NUM_IDX 7 + +static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ + NULL,NULL,NULL,NULL,NULL,NULL, + }; + +#define SSL_MD_MD5_IDX 0 +#define SSL_MD_SHA0_IDX 1 +#define SSL_MD_SHA1_IDX 2 +#define SSL_MD_NUM_IDX 3 +static EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ + NULL,NULL,NULL, + }; + +typedef struct cipher_sort_st + { + SSL_CIPHER *cipher; + int pref; + } CIPHER_SORT; + +#define CIPHER_ADD 1 +#define CIPHER_KILL 2 +#define CIPHER_DEL 3 +#define CIPHER_ORDER 4 + +typedef struct cipher_choice_st + { + int type; + unsigned long algorithms; + unsigned long mask; + STACK *order; + } CIPHER_CHOICE; + +static SSL_CIPHER cipher_aliases[]={ + {0,SSL_TXT_ALL, 0,SSL_ALL, 0,SSL_ALL}, /* must be first */ + {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK}, + {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK}, + {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK}, + {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,SSL_MKEY_MASK}, + {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,SSL_MKEY_MASK}, + {0,SSL_TXT_DH, 0,SSL_DH, 0,SSL_MKEY_MASK}, + {0,SSL_TXT_EDH, 0,SSL_EDH, 0,SSL_MKEY_MASK|SSL_AUTH_MASK}, + + {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,SSL_AUTH_MASK}, + {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,SSL_AUTH_MASK}, + {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,SSL_AUTH_MASK}, + {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK}, + {0,SSL_TXT_aDH, 0,SSL_aDH, 0,SSL_AUTH_MASK}, + {0,SSL_TXT_DSS, 0,SSL_DSS, 0,SSL_AUTH_MASK}, + + {0,SSL_TXT_DES, 0,SSL_DES, 0,SSL_ENC_MASK}, + {0,SSL_TXT_3DES,0,SSL_3DES, 0,SSL_ENC_MASK}, + {0,SSL_TXT_RC4, 0,SSL_RC4, 0,SSL_ENC_MASK}, + {0,SSL_TXT_RC2, 0,SSL_RC2, 0,SSL_ENC_MASK}, + {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,SSL_ENC_MASK}, + {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK}, + {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,SSL_ENC_MASK}, + + {0,SSL_TXT_MD5, 0,SSL_MD5, 0,SSL_MAC_MASK}, + {0,SSL_TXT_SHA0,0,SSL_SHA0, 0,SSL_MAC_MASK}, + {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,SSL_MAC_MASK}, + {0,SSL_TXT_SHA, 0,SSL_SHA, 0,SSL_MAC_MASK}, + + {0,SSL_TXT_NULL,0,SSL_NULL, 0,SSL_ENC_MASK}, + {0,SSL_TXT_RSA, 0,SSL_RSA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, + {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, + {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK}, + + {0,SSL_TXT_EXP, 0,SSL_EXP, 0,SSL_EXP_MASK}, + {0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK}, + {0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK}, + {0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK}, + {0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK}, + {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK}, + {0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK}, + }; + +static int init_ciphers=1; +static void load_ciphers(); + +static int cmp_by_name(a,b) +SSL_CIPHER **a,**b; + { + return(strcmp((*a)->name,(*b)->name)); + } + +static void load_ciphers() + { + init_ciphers=0; + ssl_cipher_methods[SSL_ENC_DES_IDX]= + EVP_get_cipherbyname(SN_des_cbc); + ssl_cipher_methods[SSL_ENC_3DES_IDX]= + EVP_get_cipherbyname(SN_des_ede3_cbc); + ssl_cipher_methods[SSL_ENC_RC4_IDX]= + EVP_get_cipherbyname(SN_rc4); + ssl_cipher_methods[SSL_ENC_RC2_IDX]= + EVP_get_cipherbyname(SN_rc2_cbc); + ssl_cipher_methods[SSL_ENC_IDEA_IDX]= + EVP_get_cipherbyname(SN_idea_cbc); + + ssl_digest_methods[SSL_MD_MD5_IDX]= + EVP_get_digestbyname(SN_md5); + ssl_digest_methods[SSL_MD_SHA0_IDX]= + EVP_get_digestbyname(SN_sha); + ssl_digest_methods[SSL_MD_SHA1_IDX]= + EVP_get_digestbyname(SN_sha1); + } + +int ssl_cipher_get_evp(c,enc,md) +SSL_CIPHER *c; +EVP_CIPHER **enc; +EVP_MD **md; + { + int i; + + if (c == NULL) return(0); + + switch (c->algorithms & SSL_ENC_MASK) + { + case SSL_DES: + i=SSL_ENC_DES_IDX; + break; + case SSL_3DES: + i=SSL_ENC_3DES_IDX; + break; + case SSL_RC4: + i=SSL_ENC_RC4_IDX; + break; + case SSL_RC2: + i=SSL_ENC_RC2_IDX; + break; + case SSL_IDEA: + i=SSL_ENC_IDEA_IDX; + break; + case SSL_eNULL: + i=SSL_ENC_NULL_IDX; + break; + break; + default: + i= -1; + break; + } + + if ((i < 0) || (i > SSL_ENC_NUM_IDX)) + *enc=NULL; + else + { + if (i == SSL_ENC_NULL_IDX) + *enc=EVP_enc_null(); + else + *enc=ssl_cipher_methods[i]; + } + + switch (c->algorithms & SSL_MAC_MASK) + { + case SSL_MD5: + i=SSL_MD_MD5_IDX; + break; + case SSL_SHA0: + i=SSL_MD_SHA0_IDX; + break; + case SSL_SHA1: + i=SSL_MD_SHA1_IDX; + break; + default: + i= -1; + break; + } + if ((i < 0) || (i > SSL_MD_NUM_IDX)) + *md=NULL; + else + *md=ssl_digest_methods[i]; + + if ((*enc != NULL) && (*md != NULL)) + return(1); + else + return(0); + } + +STACK *ssl_create_cipher_list(ssl_method,cipher_list,cipher_list_by_id,str) +SSL_METHOD *ssl_method; +STACK **cipher_list,**cipher_list_by_id; +char *str; + { + SSL_CIPHER *c; + char *l; + STACK *ret=NULL,*ok=NULL; +#define CL_BUF 40 + char buf[CL_BUF]; + char *tmp_str=NULL; + unsigned long mask,algorithms,ma; + char *start; + int i,j,k,num=0,ch,multi; + unsigned long al; + STACK *ca_list=NULL; + STACK *c_list=NULL; + int old_x,old_y,current_x,num_x; + CIPHER_CHOICE *ops=NULL; + SSL_CIPHER c_tmp,*cp; + + if (str == NULL) return(NULL); + + if (strncmp(str,"DEFAULT",7) == 0) + { + i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST); + if ((tmp_str=Malloc(i)) == NULL) + { + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + goto err; + } + strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST); + strcat(tmp_str,&(str[7])); + str=tmp_str; + } + if (init_ciphers) load_ciphers(); + + num=ssl_method->num_ciphers(); + + if ((ret=(STACK *)sk_new(NULL)) == NULL) goto err; + if ((c_list=(STACK *)sk_new(NULL)) == NULL) goto err; + if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err; + + mask =SSL_kFZA; +#ifdef NO_RSA + mask|=SSL_aRSA|SSL_kRSA; +#endif +#ifdef NO_DSA + mask|=SSL_aDSS; +#endif +#ifdef NO_DH + mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; +#endif + +#ifndef SSL_ALLOW_ENULL + mask|=SSL_eNULL; +#endif + + mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0; + mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0; + mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0; + mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0; + mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0; + mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0; + + mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0; + mask|=(ssl_digest_methods[SSL_MD_SHA0_IDX] == NULL)?SSL_SHA0:0; + mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0; + + /* Get the initial list of ciphers */ + for (i=0; iget_cipher((unsigned int)i); + /* drop those that use any of that is not available */ + if ((c != NULL) && c->valid && !(c->algorithms & mask)) + { + if (!sk_push(c_list,(char *)c)) goto err; + if (!sk_push(ca_list,(char *)c)) goto err; + } + } + + /* special case */ + cipher_aliases[0].algorithms= ~mask; + + /* get the aliases */ + k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER); + for (j=0; j= 'A') && (ch <= 'Z')) || + ((ch >= '0') && (ch <= '9')) || + ((ch >= 'a') && (ch <= 'z')) || + (ch == '-')) + { + buf[i]=ch; + ch= *(++l); + i++; + if (i >= (CL_BUF-2)) break; + } + buf[i]='\0'; + if (ch != '\0') l++; + + /* check for multi-part specification */ + multi=(ch == '+')?1:0; + + c_tmp.name=buf; + j=sk_find(ca_list,(char *)&c_tmp); + if (j < 0) + { + if (ch == '\0') + break; + else + continue; + } + + cp=(SSL_CIPHER *)sk_value(ca_list,j); + ops[current_x].algorithms|=cp->algorithms; + /* We add the SSL_SSL_MASK so we can match the + * SSLv2 and SSLv3 versions of RC4-MD5 */ + ops[current_x].mask|=cp->mask; + if (!multi) break; + } + current_x++; + if (ch == '\0') break; + } + + num_x=current_x; + current_x=0; + +#ifdef CIPHER_DEBUG + printf("<--->\n"); +#endif + + for (i=0; iname); +#endif + for (j=0; jalgorithms; +#ifdef CIPHER_DEBUG + printf(" %s %08lX&%08lX==0 || %08lX != %08lX \n", + cp->name,ops[j].mask,cp->algorithms,ma,algorithms); +#endif + if ((ma == 0) || ((ma & algorithms) != ma)) + { + continue; + } + k=ops[j].type; +#ifdef CIPHER_DEBUG + printf(">>%s\n",cp->name); +#endif + + /* add the cipher if it has not been added yet. */ + if (k == CIPHER_ADD) + { + if (old_x < 0) + { + old_x=j; + old_y=sk_num(ops[j].order); + sk_push(ops[j].order,(char *)cp); + } + } + /* Move the added cipher to this location */ + else if (k == CIPHER_ORDER) + { + if (old_x >= 0) + { + sk_value(ops[old_x].order,old_y)=NULL; + old_y=sk_num(ops[j].order); + sk_push(ops[j].order,(char *)cp); + old_x=j; + } + } + /* Remove added cipher */ + else if ((k == CIPHER_DEL) || (k == CIPHER_KILL)) + { + if (old_x >= 0) + { + sk_value(ops[old_x].order,old_y)=NULL; + old_x= -1; + } + if (k == CIPHER_KILL) + break; + } + } + } + + for (i=0; i\n",cp->name); +#endif + } + } + } + + if (cipher_list != NULL) + { + if (*cipher_list != NULL) + sk_free(*cipher_list); + *cipher_list=ret; + } + + if (cipher_list_by_id != NULL) + { + if (*cipher_list_by_id != NULL) + sk_free(*cipher_list_by_id); + *cipher_list_by_id=sk_dup(ret); + } + + if ( (cipher_list_by_id == NULL) || + (*cipher_list_by_id == NULL) || + (cipher_list == NULL) || + (*cipher_list == NULL)) + goto err; + sk_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); + + ok=ret; + ret=NULL; +err: + if (tmp_str) Free(tmp_str); + if (ops != NULL) + { + for (i=0; ialgorithms; + alg2=cipher->algorithm2; + + export=(alg&SSL_EXP)?1:0; + exp=(export)?" export":""; + + if (alg & SSL_SSLV2) + ver="SSLv2"; + else if (alg & SSL_SSLV3) + ver="SSLv3"; + else + ver="unknown"; + + switch (alg&SSL_MKEY_MASK) + { + case SSL_kRSA: + kx=(export)?"RSA(512)":"RSA"; + break; + case SSL_kDHr: + kx="DH/RSA"; + break; + case SSL_kDHd: + kx="DH/DSS"; + break; + case SSL_kFZA: + kx="Fortezza"; + break; + case SSL_kEDH: + kx=(export)?"DH(512)":"DH"; + break; + default: + kx="unknown"; + } + + switch (alg&SSL_AUTH_MASK) + { + case SSL_aRSA: + au="RSA"; + break; + case SSL_aDSS: + au="DSS"; + break; + case SSL_aDH: + au="DH"; + break; + case SSL_aFZA: + case SSL_aNULL: + au="None"; + break; + default: + au="unknown"; + break; + } + + switch (alg&SSL_ENC_MASK) + { + case SSL_DES: + enc=export?"DES(40)":"DES(56)"; + break; + case SSL_3DES: + enc="3DES(168)"; + break; + case SSL_RC4: + enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); + break; + case SSL_RC2: + enc=export?"RC2(40)":"RC2(128)"; + break; + case SSL_IDEA: + enc="IDEA(128)"; + break; + case SSL_eFZA: + enc="Fortezza"; + break; + case SSL_eNULL: + enc="None"; + break; + default: + enc="unknown"; + break; + } + + switch (alg&SSL_MAC_MASK) + { + case SSL_MD5: + mac="MD5"; + break; + case SSL_SHA0: + mac="SHA0"; + break; + case SSL_SHA1: + mac="SHA1"; + break; + default: + mac="unknown"; + break; + } + + if (buf == NULL) + { + buf=Malloc(128); + if (buf == NULL) return("Malloc Error"); + } + else if (len < 128) + return("Buffer too small"); + + sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp); + return(buf); + } + +char *SSL_CIPHER_get_version(c) +SSL_CIPHER *c; + { + int i; + + i=(int)(c->id>>24L); + if (i == 3) + return("SSLv3"); + else if (i == 2) + return("SSLv2"); + else + return("unknown"); + } + +/* return the actual cipher being used */ +char *SSL_CIPHER_get_name(c) +SSL_CIPHER *c; + { + if (c != NULL) + return(c->name); + return("(NONE)"); + } + +/* number of bits for symetric cipher */ +int SSL_CIPHER_get_bits(c,alg_bits) +SSL_CIPHER *c; +int *alg_bits; + { + int ret=0,a=0; + EVP_CIPHER *enc; + EVP_MD *md; + + if (c != NULL) + { + if (!ssl_cipher_get_evp(c,&enc,&md)) + return(0); + + a=EVP_CIPHER_key_length(enc)*8; + + if (c->algorithms & SSL_EXP) + { + ret=40; + } + else + { + if (c->algorithm2 & SSL2_CF_8_BYTE_ENC) + ret=64; + else + ret=a; + } + } + + if (alg_bits != NULL) *alg_bits=a; + + return(ret); + } + diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c new file mode 100644 index 0000000000000000000000000000000000000000..18a1a22a821cf91d399c9c8aa83bb8ba83a92f2e --- /dev/null +++ b/ssl/ssl_err.c @@ -0,0 +1,350 @@ +/* lib/ssl/ssl_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "ssl.h" + +/* BEGIN ERROR CODES */ +static ERR_STRING_DATA SSL_str_functs[]= + { +{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, +{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, +{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, +{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"}, +{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"}, +{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"}, +{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"}, +{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"}, +{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"}, +{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"}, +{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, +{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, +{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, +{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, +{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, +{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, +{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, +{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, +{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, +{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, +{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, +{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, +{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, +{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, +{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, +{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, +{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"}, +{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"}, +{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"}, +{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"}, +{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, +{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, +{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, +{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, +{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"}, +{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, +{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"}, +{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"}, +{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"}, +{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"}, +{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, +{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, +{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, +{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, +{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, +{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, +{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, +{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, +{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, +{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, +{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, +{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, +{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, +{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, +{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"}, +{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"}, +{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"}, +{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, +{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, +{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, +{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, +{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, +{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, +{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, +{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, +{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, +{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"}, +{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"}, +{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"}, +{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, +{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, +{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, +{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, +{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, +{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, +{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, +{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"}, +{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"}, +{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"}, +{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"}, +{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"}, +{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"}, +{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"}, +{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"}, +{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"}, +{0,NULL}, + }; + +static ERR_STRING_DATA SSL_str_reasons[]= + { +{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, +{SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, +{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, +{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, +{SSL_R_BAD_CHECKSUM ,"bad checksum"}, +{SSL_R_BAD_CLIENT_REQUEST ,"bad client request"}, +{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"}, +{SSL_R_BAD_DECOMPRESSION ,"bad decompression"}, +{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"}, +{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"}, +{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, +{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, +{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, +{SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, +{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, +{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, +{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"}, +{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"}, +{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"}, +{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"}, +{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"}, +{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"}, +{SSL_R_BAD_SIGNATURE ,"bad signature"}, +{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"}, +{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"}, +{SSL_R_BAD_STATE ,"bad state"}, +{SSL_R_BAD_WRITE_RETRY ,"bad write retry"}, +{SSL_R_BIO_NOT_SET ,"bio not set"}, +{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"}, +{SSL_R_BN_LIB ,"bn lib"}, +{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"}, +{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"}, +{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"}, +{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"}, +{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"}, +{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"}, +{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"}, +{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"}, +{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"}, +{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"}, +{SSL_R_COMPRESSION_FAILURE ,"compression failure"}, +{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"}, +{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, +{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, +{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, +{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, +{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, +{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, +{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, +{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, +{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, +{SSL_R_INTERNAL_ERROR ,"internal error"}, +{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, +{SSL_R_LENGTH_MISMATCH ,"length mismatch"}, +{SSL_R_LENGTH_TOO_SHORT ,"length too short"}, +{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, +{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, +{SSL_R_MISSING_DH_KEY ,"missing dh key"}, +{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, +{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"}, +{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"}, +{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"}, +{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"}, +{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"}, +{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"}, +{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"}, +{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"}, +{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"}, +{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"}, +{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"}, +{SSL_R_NO_CERTIFICATES_PASSED ,"no certificates passed"}, +{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"}, +{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"}, +{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"}, +{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"}, +{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"}, +{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"}, +{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"}, +{SSL_R_NO_CIPHER_LIST ,"no cipher list"}, +{SSL_R_NO_CIPHER_MATCH ,"no cipher match"}, +{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"}, +{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"}, +{SSL_R_NO_PRIVATEKEY ,"no privatekey"}, +{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, +{SSL_R_NO_PUBLICKEY ,"no publickey"}, +{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, +{SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, +{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, +{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, +{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, +{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, +{SSL_R_PEER_ERROR ,"peer error"}, +{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"}, +{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"}, +{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"}, +{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"}, +{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"}, +{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"}, +{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"}, +{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"}, +{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"}, +{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, +{SSL_R_READ_BIO_NOT_SET ,"read bio not set"}, +{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, +{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, +{SSL_R_RECORD_TOO_LARGE ,"record too large"}, +{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, +{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, +{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, +{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, +{SSL_R_SHORT_READ ,"short read"}, +{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, +{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, +{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, +{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, +{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"}, +{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"}, +{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"}, +{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"}, +{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"}, +{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"}, +{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"}, +{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"}, +{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"}, +{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"}, +{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"}, +{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"}, +{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"}, +{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"}, +{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, +{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, +{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, +{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, +{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"}, +{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"}, +{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"}, +{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"}, +{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"}, +{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"}, +{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"}, +{SSL_R_UNEXPECTED_RECORD ,"unexpected record"}, +{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"}, +{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"}, +{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"}, +{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"}, +{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"}, +{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"}, +{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"}, +{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"}, +{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"}, +{SSL_R_UNKNOWN_STATE ,"unknown state"}, +{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, +{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, +{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"}, +{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"}, +{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"}, +{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"}, +{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"}, +{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, +{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"}, +{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"}, +{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"}, +{SSL_R_X509_LIB ,"x509 lib"}, +{0,NULL}, + }; + +void ERR_load_SSL_strings() + { + static int init=1; + + if (init) + { + init=0; + ERR_load_strings(ERR_LIB_SSL,SSL_str_functs); + ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons); + } + } diff --git a/ssl/ssl_err2.c b/ssl/ssl_err2.c new file mode 100644 index 0000000000000000000000000000000000000000..a159fbb7cd8f01d6c299b8a54f78c845d86e693d --- /dev/null +++ b/ssl/ssl_err2.c @@ -0,0 +1,70 @@ +/* ssl/ssl_err2.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "err.h" +#include "ssl.h" + +void SSL_load_error_strings() + { +#ifndef NO_ERR + ERR_load_crypto_strings(); + ERR_load_SSL_strings(); +#endif + } + diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c new file mode 100644 index 0000000000000000000000000000000000000000..be091b1e75284f7f0834d96f56a20ac551ff46fa --- /dev/null +++ b/ssl/ssl_lib.c @@ -0,0 +1,1433 @@ +/* ssl/ssl_lib.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "objects.h" +#include "lhash.h" +#include "ssl_locl.h" + +#ifndef NOPROTO +static unsigned long conn_hash(SSL_SESSION *a); +#else +static unsigned long conn_hash(); +#endif + +char *SSL_version_str="SSLeay 0.8.1b 29-Jun-1998"; + +void SSL_clear(s) +SSL *s; + { + int state; + + if (s->method == NULL) return; + + s->error=0; + s->hit=0; + + /* This is set if we are doing dynamic renegotiation so keep + * the old cipher. It is sort of a SSL_clear_lite :-) */ + if (s->new_session) return; + + state=s->state; /* Keep to check if we throw away the session-id */ + s->type=0; + + s->version=s->method->version; + s->rwstate=SSL_NOTHING; + s->state=SSL_ST_BEFORE; + s->rstate=SSL_ST_READ_HEADER; + s->read_ahead=s->ctx->default_read_ahead; + +/* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */ + + if (s->init_buf != NULL) + { + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; + } + + ssl_clear_cipher_ctx(s); + + if (ssl_clear_bad_session(s)) + { + SSL_SESSION_free(s->session); + s->session=NULL; + } + + s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + s->first_packet=0; + + s->method->ssl_clear(s); + } + +/* Used to change an SSL_CTXs default SSL method type */ +int SSL_CTX_set_ssl_version(ctx,meth) +SSL_CTX *ctx; +SSL_METHOD *meth; + { + STACK *sk; + + ctx->method=meth; + + sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), + &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); + if ((sk == NULL) || (sk_num(sk) <= 0)) + { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return(0); + } + return(1); + } + +SSL *SSL_new(ctx) +SSL_CTX *ctx; + { + SSL *s; + + if (ctx == NULL) + { + SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); + return(NULL); + } + if (ctx->method == NULL) + { + SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); + return(NULL); + } + + s=(SSL *)Malloc(sizeof(SSL)); + if (s == NULL) goto err; + memset(s,0,sizeof(SSL)); + + if (ctx->default_cert != NULL) + { + CRYPTO_add(&ctx->default_cert->references,1, + CRYPTO_LOCK_SSL_CERT); + s->cert=ctx->default_cert; + } + else + s->cert=NULL; + s->verify_mode=ctx->default_verify_mode; + s->verify_callback=ctx->default_verify_callback; + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + s->ctx=ctx; + + s->verify_result=X509_V_OK; + + s->method=ctx->method; + + if (!s->method->ssl_new(s)) + { + SSL_CTX_free(ctx); + Free(s); + goto err; + } + + s->quiet_shutdown=ctx->quiet_shutdown; + SSL_clear(s); + return(s); +err: + SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + +void SSL_free(s) +SSL *s; + { + if (s->bbio != NULL) + { + /* If the buffering BIO is in place, pop it off */ + if (s->bbio == s->wbio) + { + s->wbio=BIO_pop(s->wbio); + } + BIO_free(s->bbio); + } + if (s->rbio != NULL) + BIO_free_all(s->rbio); + if ((s->wbio != NULL) && (s->wbio != s->rbio)) + BIO_free_all(s->wbio); + + if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); + + /* add extra stuff */ + if (s->cipher_list != NULL) sk_free(s->cipher_list); + if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id); + + /* Make the next call work :-) */ + if (s->session != NULL) + { + ssl_clear_bad_session(s); + SSL_SESSION_free(s->session); + } + + ssl_clear_cipher_ctx(s); + + if (s->cert != NULL) ssl_cert_free(s->cert); + /* Free up if allocated */ + + if (s->ctx) SSL_CTX_free(s->ctx); + + if (s->client_CA != NULL) + sk_pop_free(s->client_CA,X509_NAME_free); + + if (s->method != NULL) s->method->ssl_free(s); + + Free((char *)s); + } + +void SSL_set_bio(s, rbio,wbio) +SSL *s; +BIO *rbio; +BIO *wbio; + { + /* If the output buffering BIO is still in place, remove it + */ + if (s->bbio != NULL) + { + if (s->wbio == s->bbio) + { + s->wbio=s->wbio->next_bio; + s->bbio->next_bio=NULL; + } + } + if ((s->rbio != NULL) && (s->rbio != rbio)) + BIO_free_all(s->rbio); + if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) + BIO_free_all(s->wbio); + s->rbio=rbio; + s->wbio=wbio; + } + +BIO *SSL_get_rbio(s) +SSL *s; + { return(s->rbio); } + +BIO *SSL_get_wbio(s) +SSL *s; + { return(s->wbio); } + +int SSL_get_fd(s) +SSL *s; + { + int ret= -1; + BIO *b,*r; + + b=SSL_get_rbio(s); + r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); + if (r != NULL) + BIO_get_fd(r,&ret); + return(ret); + } + +#ifndef NO_SOCK +int SSL_set_fd(s, fd) +SSL *s; +int fd; + { + int ret=0; + BIO *bio=NULL; + + bio=BIO_new(BIO_s_socket()); + + if (bio == NULL) + { + SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); + goto err; + } + BIO_set_fd(bio,fd,BIO_NOCLOSE); + SSL_set_bio(s,bio,bio); + ret=1; +err: + return(ret); + } + +int SSL_set_wfd(s, fd) +SSL *s; +int fd; + { + int ret=0; + BIO *bio=NULL; + + bio=BIO_new(BIO_s_socket()); + + if (bio == NULL) + { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } + BIO_set_fd(bio,fd,BIO_NOCLOSE); + SSL_set_bio(s,SSL_get_rbio(s),bio); + ret=1; +err: + return(ret); + } + +int SSL_set_rfd(s, fd) +SSL *s; +int fd; + { + int ret=0; + BIO *bio=NULL; + + bio=BIO_new(BIO_s_socket()); + + if (bio == NULL) + { + SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); + goto err; + } + BIO_set_fd(bio,fd,BIO_NOCLOSE); + SSL_set_bio(s,bio,SSL_get_wbio(s)); + ret=1; +err: + return(ret); + } +#endif + +int SSL_get_verify_mode(s) +SSL *s; + { + return(s->verify_mode); + } + +int (*SSL_get_verify_callback(s))() +SSL *s; + { + return(s->verify_callback); + } + +int SSL_CTX_get_verify_mode(ctx) +SSL_CTX *ctx; + { + return(ctx->default_verify_mode); + } + +int (*SSL_CTX_get_verify_callback(ctx))() +SSL_CTX *ctx; + { + return(ctx->default_verify_callback); + } + +void SSL_set_verify(s, mode, callback) +SSL *s; +int mode; +int (*callback)(); + { + s->verify_mode=mode; + if (callback != NULL) + s->verify_callback=callback; + } + +void SSL_set_read_ahead(s, yes) +SSL *s; +int yes; + { + s->read_ahead=yes; + } + +int SSL_get_read_ahead(s) +SSL *s; + { + return(s->read_ahead); + } + +int SSL_pending(s) +SSL *s; + { + return(s->method->ssl_pending(s)); + } + +X509 *SSL_get_peer_certificate(s) +SSL *s; + { + X509 *r; + + if ((s == NULL) || (s->session == NULL)) + r=NULL; + else + r=s->session->peer; + + if (r == NULL) return(r); + + CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); + + return(r); + } + +STACK *SSL_get_peer_cert_chain(s) +SSL *s; + { + STACK *r; + + if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL)) + r=NULL; + else + r=s->session->cert->cert_chain; + + return(r); + } + +/* Now in theory, since the calling process own 't' it should be safe to + * modify. We need to be able to read f without being hassled */ +void SSL_copy_session_id(t,f) +SSL *t,*f; + { + CERT *tmp; + + /* Do we need to to SSL locking? */ + SSL_set_session(t,SSL_get_session(f)); + + /* what if we are setup as SSLv2 but want to talk SSLv3 or + * vice-versa */ + if (t->method != f->method) + { + t->method->ssl_free(t); /* cleanup current */ + t->method=f->method; /* change method */ + t->method->ssl_new(t); /* setup new */ + } + + tmp=t->cert; + if (f->cert != NULL) + { + CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); + t->cert=f->cert; + } + else + t->cert=NULL; + if (tmp != NULL) ssl_cert_free(tmp); + } + +int SSL_CTX_check_private_key(ctx) +SSL_CTX *ctx; + { + if ( (ctx == NULL) || + (ctx->default_cert == NULL) || + (ctx->default_cert->key->x509 == NULL)) + { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); + return(0); + } + if (ctx->default_cert->key->privatekey == NULL) + { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); + return(0); + } + return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey)); + } + +int SSL_check_private_key(ssl) +SSL *ssl; + { + if (ssl == NULL) + { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if (ssl->cert == NULL) + return(SSL_CTX_check_private_key(ssl->ctx)); + if (ssl->cert->key->x509 == NULL) + { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); + return(0); + } + if (ssl->cert->key->privatekey == NULL) + { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); + return(0); + } + return(X509_check_private_key(ssl->cert->key->x509, + ssl->cert->key->privatekey)); + } + +int SSL_accept(s) +SSL *s; + { + return(s->method->ssl_accept(s)); + } + +int SSL_connect(s) +SSL *s; + { + return(s->method->ssl_connect(s)); + } + +long SSL_get_default_timeout(s) +SSL *s; + { + return(s->method->get_timeout()); + } + +int SSL_read(s,buf,num) +SSL *s; +char *buf; +int num; + { + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) + { + s->rwstate=SSL_NOTHING; + return(0); + } + return(s->method->ssl_read(s,buf,num)); + } + +int SSL_peek(s,buf,num) +SSL *s; +char *buf; +int num; + { + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) + { + return(0); + } + return(s->method->ssl_peek(s,buf,num)); + } + +int SSL_write(s,buf,num) +SSL *s; +char *buf; +int num; + { + if (s->shutdown & SSL_SENT_SHUTDOWN) + { + s->rwstate=SSL_NOTHING; + SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); + return(-1); + } + return(s->method->ssl_write(s,buf,num)); + } + +int SSL_shutdown(s) +SSL *s; + { + if ((s != NULL) && !SSL_in_init(s)) + return(s->method->ssl_shutdown(s)); + else + return(1); + } + +int SSL_renegotiate(s) +SSL *s; + { + return(s->method->ssl_renegotiate(s)); + } + +long SSL_ctrl(s,cmd,larg,parg) +SSL *s; +int cmd; +long larg; +char *parg; + { + return(s->method->ssl_ctrl(s,cmd,larg,parg)); + } + +long SSL_CTX_ctrl(ctx,cmd,larg,parg) +SSL_CTX *ctx; +int cmd; +long larg; +char *parg; + { + return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); + } + +int ssl_cipher_id_cmp(a,b) +SSL_CIPHER *a,*b; + { + long l; + + l=a->id-b->id; + if (l == 0L) + return(0); + else + return((l > 0)?1:-1); + } + +int ssl_cipher_ptr_id_cmp(ap,bp) +SSL_CIPHER **ap,**bp; + { + long l; + + l=(*ap)->id-(*bp)->id; + if (l == 0L) + return(0); + else + return((l > 0)?1:-1); + } + +/* return a STACK of the ciphers available for the SSL and in order of + * preference */ +STACK *SSL_get_ciphers(s) +SSL *s; + { + if ((s != NULL) && (s->cipher_list != NULL)) + { + return(s->cipher_list); + } + else if ((s != NULL) && (s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) + { + return(s->ctx->cipher_list); + } + return(NULL); + } + +/* return a STACK of the ciphers available for the SSL and in order of + * algorithm id */ +STACK *ssl_get_ciphers_by_id(s) +SSL *s; + { + if ((s != NULL) && (s->cipher_list_by_id != NULL)) + { + return(s->cipher_list_by_id); + } + else if ((s != NULL) && (s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) + { + return(s->ctx->cipher_list_by_id); + } + return(NULL); + } + +/* The old interface to get the same thing as SSL_get_ciphers() */ +char *SSL_get_cipher_list(s,n) +SSL *s; +int n; + { + SSL_CIPHER *c; + STACK *sk; + + if (s == NULL) return(NULL); + sk=SSL_get_ciphers(s); + if ((sk == NULL) || (sk_num(sk) <= n)) + return(NULL); + c=(SSL_CIPHER *)sk_value(sk,n); + if (c == NULL) return(NULL); + return(c->name); + } + +/* specify the ciphers to be used by defaut by the SSL_CTX */ +int SSL_CTX_set_cipher_list(ctx,str) +SSL_CTX *ctx; +char *str; + { + STACK *sk; + + sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, + &ctx->cipher_list_by_id,str); +/* XXXX */ + return((sk == NULL)?0:1); + } + +/* specify the ciphers to be used by the SSL */ +int SSL_set_cipher_list(s, str) +SSL *s; +char *str; + { + STACK *sk; + + sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, + &s->cipher_list_by_id,str); +/* XXXX */ + return((sk == NULL)?0:1); + } + +/* works well for SSLv2, not so good for SSLv3 */ +char *SSL_get_shared_ciphers(s,buf,len) +SSL *s; +char *buf; +int len; + { + char *p,*cp; + STACK *sk; + SSL_CIPHER *c; + int i; + + if ((s->session == NULL) || (s->session->ciphers == NULL) || + (len < 2)) + return(NULL); + + p=buf; + sk=s->session->ciphers; + len--; + for (i=0; iname; *cp; ) + { + if (--len == 0) + { + *p='\0'; + return(buf); + } + else + *(p++)= *(cp++); + } + *(p++)=':'; + } + p[-1]='\0'; + return(buf); + } + +int ssl_cipher_list_to_bytes(s,sk,p) +SSL *s; +STACK *sk; +unsigned char *p; + { + int i,j=0; + SSL_CIPHER *c; + unsigned char *q; + + if (sk == NULL) return(0); + q=p; + + for (i=0; isession_id[0] )|(a->session_id[1]<< 8L)| + (a->session_id[1]<<16L)|(a->session_id[2]<<24L); + return(l); + } + +static int session_cmp(a, b) +SSL_SESSION *a; +SSL_SESSION *b; + { + int i; + + i=a->session_id_length - b->session_id_length; + if (i == 0) + return(memcmp(a->session_id,b->session_id, + a->session_id_length)); + else return(1); + } + +SSL_CTX *SSL_CTX_new(meth) +SSL_METHOD *meth; + { + SSL_CTX *ret; + + if (meth == NULL) + { + SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); + return(NULL); + } + ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX)); + if (ret == NULL) + goto err; + + memset(ret,0,sizeof(SSL_CTX)); + + ret->method=meth; + + ret->cert_store=NULL; + ret->session_cache_mode=SSL_SESS_CACHE_SERVER; + + /* We take the system default */ + ret->session_timeout=meth->get_timeout(); + + ret->new_session_cb=NULL; + ret->remove_session_cb=NULL; + ret->get_session_cb=NULL; + + ret->sess_connect=0; + ret->sess_connect_good=0; + ret->sess_accept=0; + ret->sess_accept_good=0; + ret->sess_miss=0; + ret->sess_timeout=0; + ret->sess_hit=0; + ret->sess_cb_hit=0; + + ret->references=1; + ret->quiet_shutdown=0; + +/* ret->cipher=NULL;*/ +/* ret->s2->challenge=NULL; + ret->master_key=NULL; + ret->key_arg=NULL; + ret->s2->conn_id=NULL; */ + + ret->info_callback=NULL; + + ret->app_verify_callback=NULL; + ret->app_verify_arg=NULL; + + ret->default_read_ahead=0; + ret->default_verify_mode=SSL_VERIFY_NONE; + ret->default_verify_callback=NULL; + if ((ret->default_cert=ssl_cert_new()) == NULL) + goto err; + + ret->default_passwd_callback=NULL; + ret->client_cert_cb=NULL; + + ret->sessions=lh_new(conn_hash,session_cmp); + if (ret->sessions == NULL) goto err; + ret->cert_store=X509_STORE_new(); + if (ret->cert_store == NULL) goto err; + + ssl_create_cipher_list(ret->method, + &ret->cipher_list,&ret->cipher_list_by_id, + SSL_DEFAULT_CIPHER_LIST); + if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0)) + { + SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); + goto err2; + } + + if ((ret->client_CA=sk_new_null()) == NULL) + goto err; + + return(ret); +err: + SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); +err2: + if (ret != NULL) SSL_CTX_free(ret); + return(NULL); + } + +void SSL_CTX_free(a) +SSL_CTX *a; + { + int i; + + if (a == NULL) return; + + i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"SSL_CTX_free, bad reference count\n"); + abort(); /* ok */ + } +#endif + + if (a->sessions != NULL) + { + SSL_CTX_flush_sessions(a,0); + lh_free(a->sessions); + } + if (a->cert_store != NULL) + X509_STORE_free(a->cert_store); + if (a->cipher_list != NULL) + sk_free(a->cipher_list); + if (a->cipher_list_by_id != NULL) + sk_free(a->cipher_list_by_id); + if (a->default_cert != NULL) + ssl_cert_free(a->default_cert); + if (a->client_CA != NULL) + sk_pop_free(a->client_CA,X509_NAME_free); + Free((char *)a); + } + +void SSL_CTX_set_default_passwd_cb(ctx,cb) +SSL_CTX *ctx; +int (*cb)(); + { + ctx->default_passwd_callback=cb; + } + +void SSL_CTX_set_cert_verify_cb(ctx,cb,arg) +SSL_CTX *ctx; +int (*cb)(); +char *arg; + { + ctx->app_verify_callback=cb; + ctx->app_verify_arg=arg; + } + +void SSL_CTX_set_verify(ctx,mode,cb) +SSL_CTX *ctx; +int mode; +int (*cb)(); + { + ctx->default_verify_mode=mode; + ctx->default_verify_callback=cb; + /* This needs cleaning up EAY EAY EAY */ + X509_STORE_set_verify_cb_func(ctx->cert_store,cb); + } + +void ssl_set_cert_masks(c) +CERT *c; + { + CERT_PKEY *cpk; + int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; + int rsa_enc_export,dh_rsa_export,dh_dsa_export; + int rsa_tmp_export,dh_tmp_export; + unsigned long mask,emask; + + if ((c == NULL) || (c->valid)) return; + +#ifndef NO_RSA + rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0; + rsa_tmp_export=((c->rsa_tmp_cb != NULL) || + (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0; +#else + rsa_tmp=rsa_tmp_export=0; +#endif +#ifndef NO_DH + dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0; + dh_tmp_export=((c->dh_tmp_cb != NULL) || + (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0; +#else + dh_tmp=dh_tmp_export=0; +#endif + + cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); + rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; + rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; + cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); + rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; + cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); + dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; + cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); + dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; + dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; + cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); +/* FIX THIS EAY EAY EAY */ + dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; + dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; + + mask=0; + emask=0; + +#ifdef CIPHER_DEBUG + printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n", + rsa_tmp,dh_tmp, + rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa); +#endif + + if (rsa_enc || (rsa_tmp && rsa_sign)) + mask|=SSL_kRSA; + if (rsa_enc_export || (rsa_tmp_export && rsa_sign)) + emask|=SSL_kRSA; + +#if 0 + /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ + if ( (dh_tmp || dh_rsa || dh_dsa) && + (rsa_enc || rsa_sign || dsa_sign)) + mask|=SSL_kEDH; + if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && + (rsa_enc || rsa_sign || dsa_sign)) + emask|=SSL_kEDH; +#endif + + if (dh_tmp_export) + emask|=SSL_kEDH; + + if (dh_tmp) + mask|=SSL_kEDH; + + if (dh_rsa) mask|=SSL_kDHr; + if (dh_rsa_export) emask|=SSL_kDHr; + + if (dh_dsa) mask|=SSL_kDHd; + if (dh_dsa_export) emask|=SSL_kDHd; + + if (rsa_enc || rsa_sign) + { + mask|=SSL_aRSA; + emask|=SSL_aRSA; + } + + if (dsa_sign) + { + mask|=SSL_aDSS; + emask|=SSL_aDSS; + } + +#ifdef SSL_ALLOW_ADH + mask|=SSL_aNULL; + emask|=SSL_aNULL; +#endif + + c->mask=mask; + c->export_mask=emask; + c->valid=1; + } + +/* THIS NEEDS CLEANING UP */ +X509 *ssl_get_server_send_cert(s) +SSL *s; + { + unsigned long alg,mask,kalg; + CERT *c; + int i,export; + + c=s->cert; + ssl_set_cert_masks(c); + alg=s->s3->tmp.new_cipher->algorithms; + export=(alg & SSL_EXPORT)?1:0; + mask=(export)?c->export_mask:c->mask; + kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); + + if (kalg & SSL_kDHr) + i=SSL_PKEY_DH_RSA; + else if (kalg & SSL_kDHd) + i=SSL_PKEY_DH_DSA; + else if (kalg & SSL_aDSS) + i=SSL_PKEY_DSA_SIGN; + else if (kalg & SSL_aRSA) + { + if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) + i=SSL_PKEY_RSA_SIGN; + else + i=SSL_PKEY_RSA_ENC; + } + else /* if (kalg & SSL_aNULL) */ + { + SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR); + return(NULL); + } + if (c->pkeys[i].x509 == NULL) return(NULL); + return(c->pkeys[i].x509); + } + +EVP_PKEY *ssl_get_sign_pkey(s,cipher) +SSL *s; +SSL_CIPHER *cipher; + { + unsigned long alg; + CERT *c; + + alg=cipher->algorithms; + c=s->cert; + + if ((alg & SSL_aDSS) && + (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) + return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey); + else if (alg & SSL_aRSA) + { + if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) + return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey); + else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) + return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey); + else + return(NULL); + } + else /* if (alg & SSL_aNULL) */ + { + SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR); + return(NULL); + } + } + +void ssl_update_cache(s,mode) +SSL *s; +int mode; + { + if ((s->ctx->session_cache_mode & mode) + && (!s->hit) + && SSL_CTX_add_session(s->ctx,s->session) + && (s->ctx->new_session_cb != NULL)) + { + CRYPTO_add(&s->session->references,1, + CRYPTO_LOCK_SSL_SESSION); + if (!s->ctx->new_session_cb(s,s->session)) + SSL_SESSION_free(s->session); + } + + /* auto flush every 255 connections */ + if ((!(s->ctx->session_cache_mode & + SSL_SESS_CACHE_NO_AUTO_CLEAR)) && + ((s->ctx->sess_connect_good & 0xff) == 0)) + SSL_CTX_flush_sessions(s->ctx,time(NULL)); + } + +SSL_METHOD *SSL_get_ssl_method(s) +SSL *s; + { + return(s->method); + } + +int SSL_set_ssl_method(s,meth) +SSL *s; +SSL_METHOD *meth; + { + int conn= -1; + int ret=1; + + if (s->method != meth) + { + if (s->handshake_func != NULL) + conn=(s->handshake_func == s->method->ssl_connect); + + if (s->method->version == meth->version) + s->method=meth; + else + { + s->method->ssl_free(s); + s->method=meth; + ret=s->method->ssl_new(s); + } + + if (conn == 1) + s->handshake_func=meth->ssl_connect; + else if (conn == 0) + s->handshake_func=meth->ssl_accept; + } + return(ret); + } + +int SSL_get_error(s,i) +SSL *s; +int i; + { + int reason; + BIO *bio; + + if (i > 0) return(SSL_ERROR_NONE); + + if (ERR_peek_error() != 0) + return(SSL_ERROR_SSL); + + if ((i < 0) && SSL_want_read(s)) + { + bio=SSL_get_rbio(s); + if (BIO_should_read(bio)) + return(SSL_ERROR_WANT_READ); + else if (BIO_should_write(bio)) + return(SSL_ERROR_WANT_WRITE); + else if (BIO_should_io_special(bio)) + { + reason=BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return(SSL_ERROR_WANT_CONNECT); + else + return(SSL_ERROR_SYSCALL); /* unknown */ + } + } + + if ((i < 0) && SSL_want_write(s)) + { + bio=SSL_get_wbio(s); + if (BIO_should_write(bio)) + return(SSL_ERROR_WANT_WRITE); + else if (BIO_should_read(bio)) + return(SSL_ERROR_WANT_READ); + else if (BIO_should_io_special(bio)) + { + reason=BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return(SSL_ERROR_WANT_CONNECT); + else + return(SSL_ERROR_SYSCALL); + } + } + if ((i < 0) && SSL_want_x509_lookup(s)) + { + return(SSL_ERROR_WANT_X509_LOOKUP); + } + + if (i == 0) + { + if (s->version == 2) + { + /* assume it is the socket being closed */ + return(SSL_ERROR_ZERO_RETURN); + } + else + { + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL3_AD_CLOSE_NOTIFY)) + return(SSL_ERROR_ZERO_RETURN); + } + } + return(SSL_ERROR_SYSCALL); + } + +int SSL_do_handshake(s) +SSL *s; + { + if (s->handshake_func == NULL) + { + SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_INTERNAL_ERROR); + return(-1); + } + if (SSL_in_init(s) || SSL_in_before(s)) + return(s->handshake_func(s)); + else + return(1); + } + +/* For the next 2 functions, SSL_clear() sets shutdown and so + * one of these calls will reset it */ +void SSL_set_accept_state(s) +SSL *s; + { + s->shutdown=0; + s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->handshake_func=s->method->ssl_accept; + /* clear the current cipher */ + ssl_clear_cipher_ctx(s); + } + +void SSL_set_connect_state(s) +SSL *s; + { + s->shutdown=0; + s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; + s->handshake_func=s->method->ssl_connect; + /* clear the current cipher */ + ssl_clear_cipher_ctx(s); + } + +int ssl_undefined_function(s) +SSL *s; + { + SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(0); + } + +SSL_METHOD *ssl_bad_method(ver) +int ver; + { + SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return(NULL); + } + +char *SSL_get_version(s) +SSL *s; + { + if (s->version == 3) + return("SSLv3"); + else if (s->version == 2) + return("SSLv2"); + else + return("unknown"); + } + +SSL *SSL_dup(s) +SSL *s; + { + STACK *sk; + X509_NAME *xn; + SSL *ret; + int i; + + if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL); + + /* This copies version, session-id, SSL_METHOD and 'cert' */ + SSL_copy_session_id(ret,s); + + SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); + SSL_set_verify(ret,SSL_get_verify_mode(s), + SSL_get_verify_callback(s)); + + SSL_set_info_callback(ret,SSL_get_info_callback(s)); + + ret->debug=s->debug; + + /* copy app data, a little dangerous perhaps */ + SSL_set_app_data(ret,SSL_get_app_data(s)); + + /* setup rbio, and wbio */ + if (s->rbio != NULL) + { + if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) + goto err; + } + if (s->wbio != NULL) + { + if (s->wbio != s->rbio) + { + if (!BIO_dup_state(s->wbio,(char *)&ret->rbio)) + goto err; + } + else + ret->wbio=ret->rbio; + } + + /* dup the cipher_list and cipher_list_by_id stacks */ + if (s->cipher_list != NULL) + { + if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL) + goto err; + } + if (s->cipher_list_by_id != NULL) + if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id)) + == NULL) + goto err; + + /* Dup the client_CA list */ + if (s->client_CA != NULL) + { + if ((sk=sk_dup(s->client_CA)) == NULL) goto err; + ret->client_CA=sk; + for (i=0; ishutdown=s->shutdown; + ret->state=s->state; + ret->handshake_func=s->handshake_func; + + if (0) + { +err: + if (ret != NULL) SSL_free(ret); + ret=NULL; + } + return(ret); + } + +void ssl_clear_cipher_ctx(s) +SSL *s; + { + if (s->enc_read_ctx != NULL) + { + EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); + Free(s->enc_read_ctx); + s->enc_read_ctx=NULL; + } + if (s->enc_write_ctx != NULL) + { + EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); + Free(s->enc_write_ctx); + s->enc_write_ctx=NULL; + } + } + +X509 *SSL_get_certificate(s) +SSL *s; + { + if (s->cert != NULL) + return(s->cert->key->x509); + else + return(NULL); + } + +EVP_PKEY *SSL_get_privatekey(s) +SSL *s; + { + if (s->cert != NULL) + return(s->cert->key->privatekey); + else + return(NULL); + } + +SSL_CIPHER *SSL_get_current_cipher(s) +SSL *s; + { + if ((s->session != NULL) && (s->session->cipher != NULL)) + return(s->session->cipher); + return(NULL); + } + diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h new file mode 100644 index 0000000000000000000000000000000000000000..ef3a70e93e2f4f9e225aa464be8b3473d6d6fbd0 --- /dev/null +++ b/ssl/ssl_locl.h @@ -0,0 +1,520 @@ +/* ssl/ssl_locl.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL_LOCL_H +#define HEADER_SSL_LOCL_H +#include +#include +#include +#include + +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif + +#include "buffer.h" +#include "bio.h" +#include "crypto.h" +#include "evp.h" +#include "stack.h" +#include "x509.h" +#include "err.h" +#include "ssl.h" + + +#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24)) + +/* NOTE - c is not incremented as per c2l */ +#define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff)) + +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ + l|=((unsigned long)(*((c)++)))<<16, \ + l|=((unsigned long)(*((c)++)))<< 8, \ + l|=((unsigned long)(*((c)++)))) + +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* NOTE - c is not incremented as per l2c */ +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +#define n2s(c,s) (s =((unsigned int)(*((c)++)))<< 8, \ + s|=((unsigned int)(*((c)++)))) +#define s2n(s,c) (*((c)++)=(unsigned char)(((s)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((s) )&0xff)) + +#define n2l3(c,l) (l =((unsigned long)(*((c)++)))<<16, \ + l|=((unsigned long)(*((c)++)))<< 8, \ + l|=((unsigned long)(*((c)++)))) + +#define l2n3(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* LOCAL STUFF */ + +#define SSL_DECRYPT 0 +#define SSL_ENCRYPT 1 + +#define TWO_BYTE_BIT 0x80 +#define SEC_ESC_BIT 0x40 +#define TWO_BYTE_MASK 0x7fff +#define THREE_BYTE_MASK 0x3fff + +#define INC32(a) ((a)=((a)+1)&0xffffffffL) +#define DEC32(a) ((a)=((a)-1)&0xffffffffL) +#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ + +#define SSL_MKEY_MASK 0x0000001FL +#define SSL_kRSA 0x00000001L /* RSA key exchange */ +#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ +#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ +#define SSL_kFZA 0x00000008L +#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ +#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) + +#define SSL_AUTH_MASK 0x000003e0L +#define SSL_aRSA 0x00000020L /* Authenticate with RSA */ +#define SSL_aDSS 0x00000040L /* Authenticate with DSS */ +#define SSL_DSS SSL_aDSS +#define SSL_aFZA 0x00000080L +#define SSL_aNULL 0x00000100L /* no Authenticate, ADH */ +#define SSL_aDH 0x00000200L /* no Authenticate, ADH */ + +#define SSL_NULL (SSL_eNULL) +#define SSL_ADH (SSL_kEDH|SSL_aNULL) +#define SSL_RSA (SSL_kRSA|SSL_aRSA) +#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) +#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) + +#define SSL_ENC_MASK 0x0001Fc00L +#define SSL_DES 0x00000400L +#define SSL_3DES 0x00000800L +#define SSL_RC4 0x00001000L +#define SSL_RC2 0x00002000L +#define SSL_IDEA 0x00004000L +#define SSL_eFZA 0x00008000L +#define SSL_eNULL 0x00010000L + +#define SSL_MAC_MASK 0x000e0000L +#define SSL_MD5 0x00020000L +#define SSL_SHA0 0x00040000L +#define SSL_SHA1 0x00080000L +#define SSL_SHA (SSL_SHA0|SSL_SHA1) + +#define SSL_EXP_MASK 0x00300000L +#define SSL_EXP 0x00100000L +#define SSL_NOT_EXP 0x00200000L +#define SSL_EXPORT SSL_EXP + +#define SSL_SSL_MASK 0x00c00000L +#define SSL_SSLV2 0x00400000L +#define SSL_SSLV3 0x00800000L + +#define SSL_STRONG_MASK 0x07000000L +#define SSL_LOW 0x01000000L +#define SSL_MEDIUM 0x02000000L +#define SSL_HIGH 0x04000000L + +/* we have used 0fffffff - 4 bits left to go */ +#define SSL_ALL 0xffffffffL +#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ + SSL_MAC_MASK|SSL_EXP_MASK) + +/* Mostly for SSLv3 */ +#define SSL_PKEY_RSA_ENC 0 +#define SSL_PKEY_RSA_SIGN 1 +#define SSL_PKEY_DSA_SIGN 2 +#define SSL_PKEY_DH_RSA 3 +#define SSL_PKEY_DH_DSA 4 +#define SSL_PKEY_NUM 5 + +/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | + * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) + * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) + * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN + * SSL_aRSA <- RSA_ENC | RSA_SIGN + * SSL_aDSS <- DSA_SIGN + */ + +/* +#define CERT_INVALID 0 +#define CERT_PUBLIC_KEY 1 +#define CERT_PRIVATE_KEY 2 +*/ + +typedef struct cert_pkey_st + { + X509 *x509; +/* EVP_PKEY *publickey; *//* when extracted */ + EVP_PKEY *privatekey; + } CERT_PKEY; + +typedef struct cert_st + { + int cert_type; + +#ifdef undef + X509 *x509; + EVP_PKEY *publickey; /* when extracted */ + EVP_PKEY *privatekey; + + pkeys[SSL_PKEY_RSA_ENC].x509 +/* pkeys[SSL_PKEY_RSA_ENC].publickey */ + pkeys[SSL_PKEY_RSA_ENC].privatekey +#endif + + /* Current active set */ + CERT_PKEY *key; + + /* The following masks are for the key and auth + * algorithms that are supported by the certs below */ + int valid; + unsigned long mask; + unsigned long export_mask; + + RSA *rsa_tmp; + DH *dh_tmp; + RSA *(*rsa_tmp_cb)(); + DH *(*dh_tmp_cb)(); + CERT_PKEY pkeys[SSL_PKEY_NUM]; + + STACK *cert_chain; + + int references; + } CERT; + +/*#define MAC_DEBUG */ + +/*#define ERR_DEBUG */ +/*#define ABORT_DEBUG */ +/*#define PKT_DEBUG 1 */ +/*#define DES_DEBUG */ +/*#define DES_OFB_DEBUG */ +/*#define SSL_DEBUG */ +/*#define RSA_DEBUG */ +/*#define IDEA_DEBUG */ + +#ifndef NOPROTO +#define FP_ICC (int (*)(const void *,const void *)) +#else +#define FP_ICC +#endif + +#define ssl_put_cipher_by_char(ssl,ciph,ptr) \ + ((ssl)->method->put_cipher_by_char((ciph),(ptr))) +#define ssl_get_cipher_by_char(ssl,ptr) \ + ((ssl)->method->get_cipher_by_char(ptr)) + +extern unsigned char ssl3_client_finished_const[4]; +extern unsigned char ssl3_server_finished_const[4]; + +extern SSL_CIPHER ssl2_ciphers[]; +extern SSL_CIPHER ssl3_ciphers[]; + +#ifndef NOPROTO + +SSL_METHOD *ssl_bad_method(int ver); +SSL_METHOD *sslv2_base_method(void); +SSL_METHOD *sslv23_base_method(void); +SSL_METHOD *sslv3_base_method(void); + +void ssl_clear_cipher_ctx(SSL *s); +int ssl_clear_bad_session(SSL *s); +CERT *ssl_cert_new(void); +void ssl_cert_free(CERT *c); +int ssl_set_cert_type(CERT *c, int type); +int ssl_get_new_session(SSL *s, int session); +int ssl_get_prev_session(SSL *s, int len, unsigned char *session); +int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b); +int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp); +STACK *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,STACK **skp); +int ssl_cipher_list_to_bytes(SSL *s,STACK *sk,unsigned char *p); +STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref, + STACK **sorted,char *str); +void ssl_update_cache(SSL *s, int mode); +int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md); +int ssl_verify_cert_chain(SSL *s,STACK *sk); +int ssl_undefined_function(SSL *s); +X509 *ssl_get_server_send_cert(SSL *); +EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); +int ssl_cert_type(X509 *x,EVP_PKEY *pkey); +void ssl_set_cert_masks(CERT *c); +STACK *ssl_get_ciphers_by_id(SSL *s); +int ssl_verify_alarm_type(int type); + +int ssl2_enc_init(SSL *s, int client); +void ssl2_generate_key_material(SSL *s); +void ssl2_enc(SSL *s,int send_data); +void ssl2_mac(SSL *s,unsigned char *mac,int send_data); +SSL_CIPHER *ssl2_get_cipher_by_char(unsigned char *p); +int ssl2_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p); +int ssl2_part_read(SSL *s, unsigned long f, int i); +int ssl2_do_write(SSL *s); +int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data); +void ssl2_return_error(SSL *s,int reason); +void ssl2_write_error(SSL *s); +int ssl2_num_ciphers(void); +SSL_CIPHER *ssl2_get_cipher(unsigned int u); +int ssl2_new(SSL *s); +void ssl2_free(SSL *s); +int ssl2_accept(SSL *s); +int ssl2_connect(SSL *s); +int ssl2_read(SSL *s, char *buf, int len); +int ssl2_peek(SSL *s, char *buf, int len); +int ssl2_write(SSL *s, const char *buf, int len); +int ssl2_shutdown(SSL *s); +void ssl2_clear(SSL *s); +long ssl2_ctrl(SSL *s,int cmd, long larg, char *parg); +long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg); +int ssl2_pending(SSL *s); + +SSL_CIPHER *ssl3_get_cipher_by_char(unsigned char *p); +int ssl3_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p); +void ssl3_init_finished_mac(SSL *s); +int ssl3_send_server_certificate(SSL *s); +int ssl3_get_finished(SSL *s,int state_a,int state_b,unsigned char *sender); +int ssl3_setup_key_block(SSL *s); +int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); +int ssl3_change_cipher_state(SSL *s,int which); +void ssl3_cleanup_key_block(SSL *s); +int ssl3_do_write(SSL *s,int type); +void ssl3_send_alert(SSL *s,int level, int desc); +int ssl3_generate_master_secret(SSL *s, unsigned char *out, + unsigned char *p, int len); +int ssl3_get_req_cert_type(SSL *s,unsigned char *p); +long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); +int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender); +int ssl3_num_ciphers(void); +SSL_CIPHER *ssl3_get_cipher(unsigned int u); +int ssl3_renegotiate(SSL *ssl); +int ssl3_dispatch_alert(SSL *s); +int ssl3_read_bytes(SSL *s, int type, char *buf, int len); +void ssl3_generate_key_block(SSL *s, unsigned char *km, int num); +int ssl3_part_read(SSL *s, int i); +int ssl3_write_bytes(SSL *s, int type, char *buf, int len); +int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *in_ctx, + unsigned char *sender, unsigned char *p); +void ssl3_finish_mac(SSL *s, unsigned char *buf, int len); +int ssl3_enc(SSL *s, int send_data); +int ssl3_mac(SSL *ssl, unsigned char *md, int send_data); +unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); +SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK *have,STACK *pref); +int ssl3_setup_buffers(SSL *s); +int ssl3_new(SSL *s); +void ssl3_free(SSL *s); +int ssl3_accept(SSL *s); +int ssl3_connect(SSL *s); +int ssl3_read(SSL *s, char *buf, int len); +int ssl3_peek(SSL *s,char *buf, int len); +int ssl3_write(SSL *s, const char *buf, int len); +int ssl3_shutdown(SSL *s); +void ssl3_clear(SSL *s); +long ssl3_ctrl(SSL *s,int cmd, long larg, char *parg); +long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg); +int ssl3_pending(SSL *s); + +int ssl23_accept(SSL *s); +int ssl23_connect(SSL *s); +int ssl23_read_bytes(SSL *s, int n); +int ssl23_write_bytes(SSL *s); + +#else + +SSL_METHOD *ssl_bad_method(); +SSL_METHOD *sslv2_base_method(); +SSL_METHOD *sslv23_base_method(); +SSL_METHOD *sslv3_base_method(); + +void ssl_clear_cipher_ctx(); +int ssl_clear_bad_session(); +CERT *ssl_cert_new(); +void ssl_cert_free(); +int ssl_set_cert_type(); +int ssl_get_new_session(); +int ssl_get_prev_session(); +int ssl_cipher_id_cmp(); +int ssl_cipher_ptr_id_cmp(); +STACK *ssl_bytes_to_cipher_list(); +int ssl_cipher_list_to_bytes(); +STACK *ssl_create_cipher_list(); +void ssl_update_cache(); +int ssl_session_get_ciphers(); +int ssl_verify_cert_chain(); +int ssl_undefined_function(); +X509 *ssl_get_server_send_cert(); +EVP_PKEY *ssl_get_sign_pkey(); +int ssl_cert_type(); +void ssl_set_cert_masks(); +STACK *ssl_get_ciphers_by_id(); +int ssl_verify_alarm_type(); + +int ssl2_enc_init(); +void ssl2_generate_key_material(); +void ssl2_enc(); +void ssl2_mac(); +SSL_CIPHER *ssl2_get_cipher_by_char(); +int ssl2_put_cipher_by_char(); +int ssl2_part_read(); +int ssl2_do_write(); +int ssl2_set_certificate(); +void ssl2_return_error(); +void ssl2_write_error(); +int ssl2_num_ciphers(); +SSL_CIPHER *ssl2_get_cipher(); +int ssl2_new(); +void ssl2_free(); +int ssl2_accept(); +int ssl2_connect(); +int ssl2_read(); +int ssl2_peek(); +int ssl2_write(); +int ssl2_shutdown(); +void ssl2_clear(); +long ssl2_ctrl(); +long ssl2_ctx_ctrl(); +int ssl2_pending(); + +SSL_CIPHER *ssl3_get_cipher_by_char(); +int ssl3_put_cipher_by_char(); +void ssl3_init_finished_mac(); +int ssl3_send_server_certificate(); +int ssl3_get_finished(); +int ssl3_setup_key_block(); +int ssl3_send_change_cipher_spec(); +int ssl3_change_cipher_state(); +void ssl3_cleanup_key_block(); +int ssl3_do_write(); +void ssl3_send_alert(); +int ssl3_generate_master_secret(); +int ssl3_get_req_cert_type(); +long ssl3_get_message(); +int ssl3_send_finished(); +int ssl3_num_ciphers(); +SSL_CIPHER *ssl3_get_cipher(); +int ssl3_renegotiate(); +int ssl3_dispatch_alert(); +int ssl3_read_bytes(); +void ssl3_generate_key_block(); +int ssl3_part_read(); +int ssl3_write_bytes(); +int ssl3_final_finish_mac(); +void ssl3_finish_mac(); +int ssl3_enc(); +int ssl3_mac(); +unsigned long ssl3_output_cert_chain(); +SSL_CIPHER *ssl3_choose_cipher(); +int ssl3_setup_buffers(); +int ssl3_new(); +void ssl3_free(); +int ssl3_accept(); +int ssl3_connect(); +int ssl3_read(); +int ssl3_peek(); +int ssl3_write(); +int ssl3_shutdown(); +void ssl3_clear(); +long ssl3_ctrl(); +long ssl3_ctx_ctrl(); +int ssl3_pending(); + +int ssl23_accept(); +int ssl23_connect(); +int ssl23_read_bytes(); +int ssl23_write_bytes(); + +#endif + +#endif diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c new file mode 100644 index 0000000000000000000000000000000000000000..3a7b8d3c361cf07b51691e04e69f999adc446b1e --- /dev/null +++ b/ssl/ssl_rsa.c @@ -0,0 +1,840 @@ +/* ssl/ssl_rsa.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "bio.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" +#include "ssl_locl.h" + +#ifndef NOPROTO +static int ssl_set_cert(CERT *c, X509 *x509); +static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); +#else +static int ssl_set_cert(); +static int ssl_set_pkey(); +#endif + +int SSL_use_certificate(ssl, x) +SSL *ssl; +X509 *x; + { + CERT *c; + + if (x == NULL) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) + { + c=ssl_cert_new(); + if (c == NULL) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); + return(0); + } + if (ssl->cert != NULL) ssl_cert_free(ssl->cert); + ssl->cert=c; + } + c=ssl->cert; + + return(ssl_set_cert(c,x)); + } + +int SSL_use_certificate_file(ssl, file, type) +SSL *ssl; +char *file; +int type; + { + int j; + BIO *in; + int ret=0; + X509 *x=NULL; + +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if (in == NULL) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in,file) <= 0) + { + SYSerr(SYS_F_FOPEN,errno); + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_ASN1) + { + j=ERR_R_ASN1_LIB; + x=d2i_X509_bio(in,NULL); + } + else if (type == SSL_FILETYPE_PEM) + { + j=ERR_R_PEM_LIB; + x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback); + } + else + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (x == NULL) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); + goto end; + } + + ret=SSL_use_certificate(ssl,x); +end: + if (x != NULL) X509_free(x); + if (in != NULL) BIO_free(in); + return(ret); + } + +int SSL_use_certificate_ASN1(ssl, len, d) +SSL *ssl; +int len; +unsigned char *d; + { + X509 *x; + int ret; + + x=d2i_X509(NULL,&d,(long)len); + if (x == NULL) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); + return(0); + } + + ret=SSL_use_certificate(ssl,x); + X509_free(x); + return(ret); + } + +#ifndef NO_RSA +int SSL_use_RSAPrivateKey(ssl, rsa) +SSL *ssl; +RSA *rsa; + { + CERT *c; + EVP_PKEY *pkey; + int ret; + + if (rsa == NULL) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + + if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) + { + c=ssl_cert_new(); + if (c == NULL) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); + } + if (ssl->cert != NULL) ssl_cert_free(ssl->cert); + ssl->cert=c; + } + c=ssl->cert; + if ((pkey=EVP_PKEY_new()) == NULL) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); + return(0); + } + + CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); + EVP_PKEY_assign_RSA(pkey,rsa); + + ret=ssl_set_pkey(c,pkey); + EVP_PKEY_free(pkey); + return(ret); + } +#endif + +static int ssl_set_pkey(c,pkey) +CERT *c; +EVP_PKEY *pkey; + { + int i,ok=0,bad=0; + + i=ssl_cert_type(NULL,pkey); + if (i < 0) + { + SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + return(0); + } + + if (c->pkeys[i].x509 != NULL) + { + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + { + if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) + { + i=(i == SSL_PKEY_DH_RSA)? + SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; + + if (c->pkeys[i].x509 == NULL) + ok=1; + else + { + if (!X509_check_private_key( + c->pkeys[i].x509,pkey)) + bad=1; + else + ok=1; + } + } + else + bad=1; + } + else + ok=1; + } + else + ok=1; + + if (bad) + { + X509_free(c->pkeys[i].x509); + c->pkeys[i].x509=NULL; + return(0); + } + + if (c->pkeys[i].privatekey != NULL) + EVP_PKEY_free(c->pkeys[i].privatekey); + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + c->pkeys[i].privatekey=pkey; + c->key= &(c->pkeys[i]); + + c->valid=0; + return(1); + } + +#ifndef NO_RSA +int SSL_use_RSAPrivateKey_file(ssl, file, type) +SSL *ssl; +char *file; +int type; + { + int j,ret=0; + BIO *in; + RSA *rsa=NULL; + +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if (in == NULL) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in,file) <= 0) + { + SYSerr(SYS_F_FOPEN,errno); + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_ASN1) + { + j=ERR_R_ASN1_LIB; + rsa=d2i_RSAPrivateKey_bio(in,NULL); + } + else if (type == SSL_FILETYPE_PEM) + { + j=ERR_R_PEM_LIB; + rsa=PEM_read_bio_RSAPrivateKey(in,NULL, + ssl->ctx->default_passwd_callback); + } + else + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + goto end; + } + if (rsa == NULL) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); + goto end; + } + ret=SSL_use_RSAPrivateKey(ssl,rsa); + RSA_free(rsa); +end: + if (in != NULL) BIO_free(in); + return(ret); + } + +int SSL_use_RSAPrivateKey_ASN1(ssl,d,len) +SSL *ssl; +unsigned char *d; +long len; + { + int ret; + unsigned char *p; + RSA *rsa; + + p=d; + if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) + { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); + return(0); + } + + ret=SSL_use_RSAPrivateKey(ssl,rsa); + RSA_free(rsa); + return(ret); + } +#endif /* !NO_RSA */ + +int SSL_use_PrivateKey(ssl, pkey) +SSL *ssl; +EVP_PKEY *pkey; + { + CERT *c; + int ret; + + if (pkey == NULL) + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + + if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) + { + c=ssl_cert_new(); + if (c == NULL) + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); + } + if (ssl->cert != NULL) ssl_cert_free(ssl->cert); + ssl->cert=c; + } + c=ssl->cert; + + ret=ssl_set_pkey(c,pkey); + return(ret); + } + +int SSL_use_PrivateKey_file(ssl, file, type) +SSL *ssl; +char *file; +int type; + { + int j,ret=0; + BIO *in; + EVP_PKEY *pkey=NULL; + +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if (in == NULL) + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in,file) <= 0) + { + SYSerr(SYS_F_FOPEN,errno); + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_PEM) + { + j=ERR_R_PEM_LIB; + pkey=PEM_read_bio_PrivateKey(in,NULL, + ssl->ctx->default_passwd_callback); + } + else + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + goto end; + } + if (pkey == NULL) + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); + goto end; + } + ret=SSL_use_PrivateKey(ssl,pkey); + EVP_PKEY_free(pkey); +end: + if (in != NULL) BIO_free(in); + return(ret); + } + +int SSL_use_PrivateKey_ASN1(type,ssl,d,len) +int type; +SSL *ssl; +unsigned char *d; +long len; + { + int ret; + unsigned char *p; + EVP_PKEY *pkey; + + p=d; + if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) + { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); + return(0); + } + + ret=SSL_use_PrivateKey(ssl,pkey); + EVP_PKEY_free(pkey); + return(ret); + } + +int SSL_CTX_use_certificate(ctx, x) +SSL_CTX *ctx; +X509 *x; + { + CERT *c; + + if (x == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + + if (ctx->default_cert == NULL) + { + c=ssl_cert_new(); + if (c == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); + return(0); + } + ctx->default_cert=c; + } + c=ctx->default_cert; + + return(ssl_set_cert(c,x)); + } + +static int ssl_set_cert(c,x) +CERT *c; +X509 *x; + { + EVP_PKEY *pkey; + int i,ok=0,bad=0; + + pkey=X509_get_pubkey(x); + if (pkey == NULL) + { + SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_X509_LIB); + return(0); + } + + i=ssl_cert_type(x,pkey); + if (i < 0) + { + SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + return(0); + } + + if (c->pkeys[i].privatekey != NULL) + { + if (!X509_check_private_key(x,c->pkeys[i].privatekey)) + { + if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) + { + i=(i == SSL_PKEY_DH_RSA)? + SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; + + if (c->pkeys[i].privatekey == NULL) + ok=1; + else + { + if (!X509_check_private_key(x, + c->pkeys[i].privatekey)) + bad=1; + else + ok=1; + } + } + else + bad=1; + } + else + ok=1; + } + else + ok=1; + + if (bad) + { + EVP_PKEY_free(c->pkeys[i].privatekey); + c->pkeys[i].privatekey=NULL; + } + + if (c->pkeys[i].x509 != NULL) + X509_free(c->pkeys[i].x509); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + c->pkeys[i].x509=x; + c->key= &(c->pkeys[i]); + + c->valid=0; + return(1); + } + +int SSL_CTX_use_certificate_file(ctx, file, type) +SSL_CTX *ctx; +char *file; +int type; + { + int j; + BIO *in; + int ret=0; + X509 *x=NULL; + +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if (in == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in,file) <= 0) + { + SYSerr(SYS_F_FOPEN,errno); + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_ASN1) + { + j=ERR_R_ASN1_LIB; + x=d2i_X509_bio(in,NULL); + } + else if (type == SSL_FILETYPE_PEM) + { + j=ERR_R_PEM_LIB; + x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback); + } + else + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); + goto end; + } + + if (x == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); + goto end; + } + + ret=SSL_CTX_use_certificate(ctx,x); +end: + if (x != NULL) X509_free(x); + if (in != NULL) BIO_free(in); + return(ret); + } + +int SSL_CTX_use_certificate_ASN1(ctx, len, d) +SSL_CTX *ctx; +int len; +unsigned char *d; + { + X509 *x; + int ret; + + x=d2i_X509(NULL,&d,(long)len); + if (x == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); + return(0); + } + + ret=SSL_CTX_use_certificate(ctx,x); + X509_free(x); + return(ret); + } + +#ifndef NO_RSA +int SSL_CTX_use_RSAPrivateKey(ctx, rsa) +SSL_CTX *ctx; +RSA *rsa; + { + int ret; + CERT *c; + EVP_PKEY *pkey; + + if (rsa == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if (ctx->default_cert == NULL) + { + c=ssl_cert_new(); + if (c == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); + } + ctx->default_cert=c; + } + c=ctx->default_cert; + + if ((pkey=EVP_PKEY_new()) == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); + return(0); + } + + CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); + EVP_PKEY_assign_RSA(pkey,rsa); + + ret=ssl_set_pkey(c,pkey); + EVP_PKEY_free(pkey); + return(ret); + } + +int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type) +SSL_CTX *ctx; +char *file; +int type; + { + int j,ret=0; + BIO *in; + RSA *rsa=NULL; + +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if (in == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in,file) <= 0) + { + SYSerr(SYS_F_FOPEN,errno); + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_ASN1) + { + j=ERR_R_ASN1_LIB; + rsa=d2i_RSAPrivateKey_bio(in,NULL); + } + else if (type == SSL_FILETYPE_PEM) + { + j=ERR_R_PEM_LIB; + rsa=PEM_read_bio_RSAPrivateKey(in,NULL, + ctx->default_passwd_callback); + } + else + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + goto end; + } + if (rsa == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); + goto end; + } + ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); + RSA_free(rsa); +end: + if (in != NULL) BIO_free(in); + return(ret); + } + +int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len) +SSL_CTX *ctx; +unsigned char *d; +long len; + { + int ret; + unsigned char *p; + RSA *rsa; + + p=d; + if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); + return(0); + } + + ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); + RSA_free(rsa); + return(ret); + } +#endif /* !NO_RSA */ + +int SSL_CTX_use_PrivateKey(ctx, pkey) +SSL_CTX *ctx; +EVP_PKEY *pkey; + { + CERT *c; + + if (pkey == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + + if (ctx->default_cert == NULL) + { + c=ssl_cert_new(); + if (c == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); + return(0); + } + ctx->default_cert=c; + } + c=ctx->default_cert; + + return(ssl_set_pkey(c,pkey)); + } + +int SSL_CTX_use_PrivateKey_file(ctx, file, type) +SSL_CTX *ctx; +char *file; +int type; + { + int j,ret=0; + BIO *in; + EVP_PKEY *pkey=NULL; + +#ifdef WIN16 + in=BIO_new(BIO_s_file_internal_w16()); +#else + in=BIO_new(BIO_s_file()); +#endif + if (in == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in,file) <= 0) + { + SYSerr(SYS_F_FOPEN,errno); + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_PEM) + { + j=ERR_R_PEM_LIB; + pkey=PEM_read_bio_PrivateKey(in,NULL, + ctx->default_passwd_callback); + } + else + { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + goto end; + } + if (pkey == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); + goto end; + } + ret=SSL_CTX_use_PrivateKey(ctx,pkey); + EVP_PKEY_free(pkey); +end: + if (in != NULL) BIO_free(in); + return(ret); + } + +int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len) +int type; +SSL_CTX *ctx; +unsigned char *d; +long len; + { + int ret; + unsigned char *p; + EVP_PKEY *pkey; + + p=d; + if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) + { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); + return(0); + } + + ret=SSL_CTX_use_PrivateKey(ctx,pkey); + EVP_PKEY_free(pkey); + return(ret); + } + + diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c new file mode 100644 index 0000000000000000000000000000000000000000..af65c65dac94a7a608b9cc16bdb2776b0682604d --- /dev/null +++ b/ssl/ssl_sess.c @@ -0,0 +1,425 @@ +/* ssl/ssl_sess.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "lhash.h" +#include "rand.h" +#include "ssl_locl.h" + +SSL_SESSION *SSL_SESSION_new() + { + SSL_SESSION *ss; + + ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION)); + if (ss == NULL) + { + SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); + return(0); + } + memset(ss,0,sizeof(SSL_SESSION)); + + ss->references=1; + ss->timeout=60*5+4; /* 5 minute timeout by default */ + ss->time=time(NULL); + return(ss); + } + +int ssl_get_new_session(s, session) +SSL *s; +int session; + { + SSL_SESSION *ss=NULL; + + if ((ss=SSL_SESSION_new()) == NULL) return(0); + + /* If the context has a default timeout, use it */ + if (s->ctx->session_timeout != 0) + ss->timeout=SSL_get_default_timeout(s); + + if (s->session != NULL) + { + SSL_SESSION_free(s->session); + s->session=NULL; + } + + if (session) + { + if (s->version == SSL2_CLIENT_VERSION) + { + ss->ssl_version=2; + ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; + } + else if (s->version == SSL3_VERSION_MAJOR) + { + ss->ssl_version=3; + ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; + } + else + { + SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); + SSL_SESSION_free(ss); + return(0); + } + + for (;;) + { + SSL_SESSION *r; + + RAND_bytes(ss->session_id,ss->session_id_length); + CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); + r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions, + (char *)ss); + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + if (r == NULL) break; + /* else - woops a session_id match */ + } + } + else + { + ss->session_id_length=0; + } + + s->session=ss; + ss->ssl_version=s->version; + + return(1); + } + +int ssl_get_prev_session(s, len, session) +SSL *s; +int len; +unsigned char *session; + { + SSL_SESSION *ret,data; + + /* conn_init();*/ + data.ssl_version=s->version; + data.session_id_length=len; + if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) + return(0); + memcpy(data.session_id,session,len);; + + CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); + ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data); + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + + if (ret == NULL) + { + int copy=1; + + s->ctx->sess_miss++; + ret=NULL; + if ((s->ctx->get_session_cb != NULL) && + ((ret=s->ctx->get_session_cb(s,session,len,©)) + != NULL)) + { + s->ctx->sess_cb_hit++; + + /* The following should not return 1, otherwise, + * things are very strange */ + SSL_CTX_add_session(s->ctx,ret); + /* auto free it */ + if (!copy) + SSL_SESSION_free(ret); + } + if (ret == NULL) return(0); + } + + if (ret->cipher == NULL) + { + char buf[5],*p; + unsigned long l; + + p=buf; + l=ret->cipher_id; + l2n(l,p); + if (ret->ssl_version == 3) + ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); + else + ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); + if (ret->cipher == NULL) + return(0); + } + + /* If a thread got the session, then 'swaped', and another got + * it and then due to a time-out decided to 'Free' it we could + * be in trouble. So I'll increment it now, then double decrement + * later - am I speaking rubbish?. */ + CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); + + if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ + { + s->ctx->sess_timeout++; + /* remove it from the cache */ + SSL_CTX_remove_session(s->ctx,ret); + SSL_SESSION_free(ret); /* again to actually Free it */ + return(0); + } + + s->ctx->sess_hit++; + + /* ret->time=time(NULL); */ /* rezero timeout? */ + /* again, just leave the session + * if it is the same session, we have just incremented and + * then decremented the reference count :-) */ + if (s->session != NULL) + SSL_SESSION_free(s->session); + s->session=ret; + return(1); + } + +int SSL_CTX_add_session(ctx,c) +SSL_CTX *ctx; +SSL_SESSION *c; + { + SSL_SESSION *s; + + /* conn_init(); */ + CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); + + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + + /* If the same session if is being 're-added', Free the old + * one when the last person stops using it. + * This will also work if it is alread in the cache. + * The references will go up and then down :-) */ + if (s != NULL) + { + SSL_SESSION_free(s); + return(0); + } + else + return(1); + } + +int SSL_CTX_remove_session(ctx,c) +SSL_CTX *ctx; +SSL_SESSION *c; + { + SSL_SESSION *r; + int ret=0; + + if ((c->session_id_length != 0) && (c != NULL)) + { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c); + if (r != NULL) ret=1; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + + if (ret) + { + r->not_resumable=1; + if (ctx->remove_session_cb != NULL) + ctx->remove_session_cb(ctx,c); + SSL_SESSION_free(r); + } + } + else + ret=0; + return(ret); + } + +void SSL_SESSION_free(ss) +SSL_SESSION *ss; + { + int i; + + i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); + abort(); /* ok */ + } +#endif + + memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); + memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); + memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + if (ss->cert != NULL) ssl_cert_free(ss->cert); + if (ss->peer != NULL) X509_free(ss->peer); + if (ss->ciphers != NULL) sk_free(ss->ciphers); + memset(ss,0,sizeof(*ss)); + Free(ss); + } + +int SSL_set_session(s, session) +SSL *s; +SSL_SESSION *session; + { + int ret=0; + SSL_METHOD *meth; + + if (session != NULL) + { + meth=s->ctx->method->get_ssl_method(session->ssl_version); + if (meth == NULL) + meth=s->method->get_ssl_method(session->ssl_version); + if (meth == NULL) + { + SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); + return(0); + } + + if (meth != s->method) + { + if (!SSL_set_ssl_method(s,meth)) + return(0); + session->timeout=SSL_get_default_timeout(s); + } + + /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ + CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); + if (s->session != NULL) + SSL_SESSION_free(s->session); + s->session=session; + /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ + ret=1; + } + return(ret); + } + +long SSL_set_timeout(s,t) +SSL_SESSION *s; +long t; + { + if (s == NULL) return(0); + s->timeout=t; + return(1); + } + +long SSL_get_timeout(s) +SSL_SESSION *s; + { + if (s == NULL) return(0); + return(s->timeout); + } + +long SSL_get_time(s) +SSL_SESSION *s; + { + if (s == NULL) return(0); + return(s->time); + } + +long SSL_set_time(s,t) +SSL_SESSION *s; +long t; + { + if (s == NULL) return(0); + s->time=t; + return(t); + } + +typedef struct timeout_param_st + { + SSL_CTX *ctx; + long time; + LHASH *cache; + } TIMEOUT_PARAM; + +static void timeout(s,p) +SSL_SESSION *s; +TIMEOUT_PARAM *p; + { + if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ + { + lh_delete(p->cache,(char *)s); + s->not_resumable=1; + if (p->ctx->remove_session_cb != NULL) + p->ctx->remove_session_cb(p->ctx,s); + SSL_SESSION_free(s); + } + } + +void SSL_CTX_flush_sessions(s,t) +SSL_CTX *s; +long t; + { + unsigned long i; + TIMEOUT_PARAM tp; + + tp.ctx=s; + tp.cache=SSL_CTX_sessions(s); + if (tp.cache == NULL) return; + tp.time=t; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + i=tp.cache->down_load; + tp.cache->down_load=0; + lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp); + tp.cache->down_load=i; + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + } + +int ssl_clear_bad_session(s) +SSL *s; + { + if ( (s->session != NULL) && + !(s->shutdown & SSL_SENT_SHUTDOWN) && + !(SSL_in_init(s) || SSL_in_before(s))) + { + SSL_CTX_remove_session(s->ctx,s->session); + return(1); + } + else + return(0); + } diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c new file mode 100644 index 0000000000000000000000000000000000000000..328ccc94ff1e000e99d5b4075e19a4cf481fb493 --- /dev/null +++ b/ssl/ssl_stat.c @@ -0,0 +1,457 @@ +/* ssl/ssl_stat.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "ssl_locl.h" + +char *SSL_state_string_long(s) +SSL *s; + { + char *str; + + switch (s->state) + { +case SSL_ST_BEFORE: str="before SSL initalisation"; break; +case SSL_ST_ACCEPT: str="before accept initalisation"; break; +case SSL_ST_CONNECT: str="before connect initalisation"; break; +case SSL_ST_OK: str="SSL negotiation finished successfully"; break; +case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; +case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break; +case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break; +case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break; +case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break; +#ifndef NO_SSL2 +case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; +case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; +case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; +case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; +case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; +case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; +case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; +case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; +case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; +case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; +case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; +case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; +case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; +case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; +case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; +case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; +case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; +case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; +case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; +case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; +case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; +case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; +case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; +case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; +case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; +case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; +case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; +case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; +case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; +case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; +#endif + +#ifndef NO_SSL3 +/* SSLv3 additions */ +case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; +case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; +case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; +case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; +case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; +case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; +case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; +case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; +case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; +case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; +case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; +case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; +case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; +case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; +case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; +case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; +case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; +case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify A"; break; + +case SSL3_ST_CW_CHANGE_A: +case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; +case SSL3_ST_CW_CHANGE_B: +case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; +case SSL3_ST_CW_FINISHED_A: +case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; +case SSL3_ST_CW_FINISHED_B: +case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished A"; break; +case SSL3_ST_CR_CHANGE_A: +case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; +case SSL3_ST_CR_CHANGE_B: +case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; +case SSL3_ST_CR_FINISHED_A: +case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; +case SSL3_ST_CR_FINISHED_B: +case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; + +case SSL3_ST_CW_FLUSH: +case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; + +case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; +case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; +case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; +case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; +case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; +case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; +case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; +case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; +case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; +case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; +case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; +case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; +case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; +case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; +case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; +case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; +case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; +case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; +case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; +case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; +case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; +case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; +#endif + +#if !defined(NO_SSL2) && !defined(NO_SSL3) +/* SSLv2/v3 compatablitity states */ +/* client */ +case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; +case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; +case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; +case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; +/* server */ +case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; +case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; +#endif + +default: str="unknown state"; break; + } + return(str); + } + +char *SSL_rstate_string_long(s) +SSL *s; + { + char *str; + + switch (s->rstate) + { + case SSL_ST_READ_HEADER: str="read header"; break; + case SSL_ST_READ_BODY: str="read body"; break; + default: str="unknown"; break; + } + return(str); + } + +char *SSL_state_string(s) +SSL *s; + { + char *str; + + switch (s->state) + { +case SSL_ST_BEFORE: str="PINIT "; break; +case SSL_ST_ACCEPT: str="AINIT "; break; +case SSL_ST_CONNECT: str="CINIT "; break; +case SSL_ST_OK: str="SSLOK "; break; +#ifndef NO_SSL2 +case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; +case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; +case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; +case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; +case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; +case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; +case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; +case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; +case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; +case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; +case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; +case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; +case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; +case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; +case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; +case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; +case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; +case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; +case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; +case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; +case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; +case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; +case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; +case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; +case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; +case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; +case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; +case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; +case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; +case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; +case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; +case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; +#endif + +#ifndef NO_SSL3 +/* SSLv3 additions */ +case SSL3_ST_SW_FLUSH: +case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; +case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; +case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; +case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; +case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; +case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; +case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; +case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; +case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; +case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; +case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; +case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; +case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; +case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; +case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; +case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; +case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; +case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; +case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; + +case SSL3_ST_SW_CHANGE_A: +case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; +case SSL3_ST_SW_CHANGE_B: +case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; +case SSL3_ST_SW_FINISHED_A: +case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; +case SSL3_ST_SW_FINISHED_B: +case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; +case SSL3_ST_SR_CHANGE_A: +case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; +case SSL3_ST_SR_CHANGE_B: +case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; +case SSL3_ST_SR_FINISHED_A: +case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; +case SSL3_ST_SR_FINISHED_B: +case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; + +case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; +case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; +case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; +case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; +case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; +case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; +case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; +case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; +case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; +case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; +case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; +case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; +case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; +case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; +case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; +case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; +case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; +case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; +case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; +case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; +case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; +case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; +#endif + +#if !defined(NO_SSL2) && !defined(NO_SSL3) +/* SSLv2/v3 compatablitity states */ +/* client */ +case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; +case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; +case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; +case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; +/* server */ +case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; +case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; +#endif + +default: str="UNKWN "; break; + } + return(str); + } + +char *SSL_alert_type_string_long(value) +int value; + { + value>>=8; + if (value == SSL3_AL_WARNING) + return("warning"); + else if (value == SSL3_AL_FATAL) + return("fatal"); + else + return("unknown"); + } + +char *SSL_alert_type_string(value) +int value; + { + value>>=8; + if (value == SSL3_AL_WARNING) + return("W"); + else if (value == SSL3_AL_FATAL) + return("F"); + else + return("U"); + } + +char *SSL_alert_desc_string(value) +int value; + { + char *str; + + switch (value & 0xff) + { + case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; + case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; + case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; + case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; + case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; + case SSL3_AD_NO_CERTIFICATE: str="NC"; break; + case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; + case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; + case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; + case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; + case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; + default: str="UK"; break; + } + return(str); + } + +char *SSL_alert_desc_string_long(value) +int value; + { + char *str; + + switch (value & 0xff) + { + case SSL3_AD_CLOSE_NOTIFY: + str="close notify"; + break; + case SSL3_AD_UNEXPECTED_MESSAGE: + str="unexected_message"; + break; + case SSL3_AD_BAD_RECORD_MAC: + str="bad record mac"; + break; + case SSL3_AD_DECOMPRESSION_FAILURE: + str="decompression failure"; + break; + case SSL3_AD_HANDSHAKE_FAILURE: + str="handshake failure"; + break; + case SSL3_AD_NO_CERTIFICATE: + str="no certificate"; + break; + case SSL3_AD_BAD_CERTIFICATE: + str="bad certificate"; + break; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: + str="unsupported certificate"; + break; + case SSL3_AD_CERTIFICATE_REVOKED: + str="certificate revoked"; + break; + case SSL3_AD_CERTIFICATE_EXPIRED: + str="certificate expired"; + break; + case SSL3_AD_CERTIFICATE_UNKNOWN: + str="certifcate unknown"; + break; + case SSL3_AD_ILLEGAL_PARAMETER: + str="illegal parameter"; + break; + default: str="unknown"; break; + } + return(str); + } + +char *SSL_rstate_string(s) +SSL *s; + { + char *str; + + switch (s->rstate) + { + case SSL_ST_READ_HEADER:str="RH"; break; + case SSL_ST_READ_BODY: str="RB"; break; + case SSL_ST_READ_DONE: str="RD"; break; + default: str="unknown"; break; + } + return(str); + } diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c new file mode 100644 index 0000000000000000000000000000000000000000..c27ce913e7b0b85f04318df9e8324595fd6d7799 --- /dev/null +++ b/ssl/ssl_task.c @@ -0,0 +1,359 @@ +/* ssl/ssl_task.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* VMS */ +/* + * DECnet object for servicing SSL. We accept the inbound and speak a + * simple protocol for multiplexing the 2 data streams (application and + * ssl data) over this logical link. + * + * Logical names: + * SSL_CIPHER Defines a list of cipher specifications the server + * will support in order of preference. + * SSL_SERVER_CERTIFICATE + * Points to PEM (privacy enhanced mail) file that + * contains the server certificate and private password. + * SYS$NET Logical created by netserver.exe as hook for completing + * DECnet logical link. + * + * Each NSP message sent over the DECnet link has the following structure: + * struct rpc_msg { + * char channel; + * char function; + * short length; + * char data[MAX_DATA]; + * } msg; + * + * The channel field designates the virtual data stream this message applies + * to and is one of: + * A - Application data (payload). + * R - Remote client connection that initiated the SSL connection. Encrypted + * data is sent over this connection. + * G - General data, reserved for future use. + * + * The data streams are half-duplex read/write and have following functions: + * G - Get, requests that up to msg.length bytes of data be returned. The + * data is returned in the next 'C' function response that matches the + * requesting channel. + * P - Put, requests that the first msg.length bytes of msg.data be appended + * to the designated stream. + * C - Confirms a get or put. Every get and put will get a confirm response, + * you cannot initiate another function on a channel until the previous + * operation has been confirmed. + * + * The 2 channels may interleave their operations, for example: + * Server msg Client msg + * A, Get, 4092 ----> + * <---- R, get, 4092 + * R, Confirm, {hello} ----> + * <---- R, put, {srv hello} + * R, Confirm, 0 ----> + * . (SSL handshake completed) + * . (read first app data). + * <---- A, confirm, {http data} + * A, Put, {http data} ----> + * <---- A, confirm, 0 + * + * The length field is not permitted to be larger that 4092 bytes. + * + * Author: Dave Jones + * Date: 22-JUL-1996 + */ +#include +#include +#include /* VMS IO$_ definitions */ +#include /* VMS string descriptors */ +extern int SYS$QIOW(), SYS$ASSIGN(); +int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); + +#include /* from ssltest.c */ +#include +#include "buffer.h" +#include "../e_os.h" +#include "x509.h" +#include "ssl.h" +#include "err.h" + +int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth, + int error); +BIO *bio_err=NULL; +BIO *bio_stdout=NULL; +BIO_METHOD *BIO_s_rtcp(); + +static char *cipher=NULL; +int verbose=1; +#ifdef FIONBIO +static int s_nbio=0; +#endif +#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" +/*************************************************************************/ +struct rpc_msg { /* Should have member alignment inhibited */ + char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ + char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + unsigned short int length; /* Amount of data returned or max to return */ + char data[4092]; /* variable data */ +}; +#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) + +static $DESCRIPTOR(sysnet, "SYS$NET"); +typedef unsigned short io_channel; + +struct io_status { + unsigned short status; + unsigned short count; + unsigned long stsval; +}; +int doit(io_channel chan, SSL_CTX *s_ctx ); +/*****************************************************************************/ +/* Decnet I/O routines. + */ +static int get ( io_channel chan, char *buffer, int maxlen, int *length ) +{ + int status; + struct io_status iosb; + status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, + buffer, maxlen, 0, 0, 0, 0 ); + if ( (status&1) == 1 ) status = iosb.status; + if ( (status&1) == 1 ) *length = iosb.count; + return status; +} + +static int put ( io_channel chan, char *buffer, int length ) +{ + int status; + struct io_status iosb; + status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, + buffer, length, 0, 0, 0, 0 ); + if ( (status&1) == 1 ) status = iosb.status; + return status; +} +/***************************************************************************/ +/* Handle operations on the 'G' channel. + */ +static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) +{ + return 48; +} +/***************************************************************************/ +int main ( int argc, char **argv ) +{ + int status, length; + io_channel chan; + struct rpc_msg msg; + + char *CApath=NULL,*CAfile=NULL; + int badop=0; + int ret=1; + int client_auth=0; + int server_auth=0; + SSL_CTX *s_ctx=NULL; + /* + * Confirm logical link with initiating client. + */ + LIB$INIT_TIMER(); + status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); + printf("status of assign to SYS$NET: %d\n", status ); + /* + * Initialize standard out and error files. + */ + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + if (bio_stdout == NULL) + if ((bio_stdout=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE); + /* + * get the preferred cipher list and other initialization + */ + if (cipher == NULL) cipher=getenv("SSL_CIPHER"); + printf("cipher list: %s\n", cipher ? cipher : "{undefined}" ); + + SSL_load_error_strings(); + + s_ctx=SSL_CTX_new(SSLv2()); + + if (s_ctx == NULL) goto end; + + SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); + SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); + printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT ); + + /* + * Take commands from client until bad status. + */ + LIB$SHOW_TIMER(); + status = doit ( chan, s_ctx ); + LIB$SHOW_TIMER(); + /* + * do final cleanup and exit. + */ +end: + if (s_ctx != NULL) SSL_CTX_free(s_ctx); + LIB$SHOW_TIMER(); + return 1; +} + +int doit(io_channel chan, SSL_CTX *s_ctx ) +{ + int status, length, link_state; + struct rpc_msg msg; + static char cbuf[200],sbuf[200]; + SSL *s_ssl=NULL; + BIO *c_to_s=NULL; + BIO *s_to_c=NULL; + BIO *c_bio=NULL; + BIO *s_bio=NULL; + int i; + int done=0; + + s_ssl=SSL_new(s_ctx); + if (s_ssl == NULL) goto err; + + c_to_s=BIO_new(BIO_s_rtcp()); + s_to_c=BIO_new(BIO_s_rtcp()); + if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; + BIO_set_fd ( c_to_s, "", chan ); + BIO_set_fd ( s_to_c, "", chan ); + + c_bio=BIO_new(BIO_f_ssl()); + s_bio=BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) || (s_bio == NULL)) goto err; + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl,c_to_s,s_to_c); + BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE); + + /* We can always do writes */ + printf("Begin doit main loop\n"); + /* + * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed. + */ + for (link_state = 0; link_state < 3; ) { + /* + * Wait for remote end to request data action on A channel. + */ + while ( link_state == 0 ) { + status = get ( chan, (char *) &msg, sizeof(msg), &length ); + if ( (status&1) == 0 ) { + printf("Error in main loop get: %d\n", status ); + link_state = 3; + break; + } + if ( length < RPC_HDR_SIZE ) { + printf("Error in main loop get size: %d\n", length ); + break; + link_state = 3; + } + if ( msg.channel != 'A' ) { + printf("Error in main loop, unexpected channel: %c\n", + msg.channel ); + break; + link_state = 3; + } + if ( msg.function == 'G' ) { + link_state = 1; + } else if ( msg.function == 'P' ) { + link_state = 2; /* write pending */ + } else if ( msg.function == 'X' ) { + link_state = 3; + } else { + link_state = 3; + } + } + if ( link_state == 1 ) { + i = BIO_read ( s_bio, msg.data, msg.length ); + if ( i < 0 ) link_state = 3; + else { + msg.channel = 'A'; + msg.function = 'C'; /* confirm */ + msg.length = i; + status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE ); + if ( (status&1) == 0 ) break; + link_state = 0; + } + } else if ( link_state == 2 ) { + i = BIO_write ( s_bio, msg.data, msg.length ); + if ( i < 0 ) link_state = 3; + else { + msg.channel = 'A'; + msg.function = 'C'; /* confirm */ + msg.length = 0; + status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); + if ( (status&1) == 0 ) break; + link_state = 0; + } + } + } + fprintf(stdout,"DONE\n"); +err: + /* We have to set the BIO's to NULL otherwise they will be + * free()ed twice. Once when th s_ssl is SSL_free()ed and + * again when c_ssl is SSL_free()ed. + * This is a hack required because s_ssl and c_ssl are sharing the same + * BIO structure and SSL_set_bio() and SSL_free() automatically + * BIO_free non NULL entries. + * You should not normally do this or be required to do this */ + s_ssl->rbio=NULL; + s_ssl->wbio=NULL; + + if (c_to_s != NULL) BIO_free(c_to_s); + if (s_to_c != NULL) BIO_free(s_to_c); + if (c_bio != NULL) BIO_free(c_bio); + if (s_bio != NULL) BIO_free(s_bio); + return(0); +} diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c new file mode 100644 index 0000000000000000000000000000000000000000..b9cb9ef67321be238a29e19169731b1b7b1a4efa --- /dev/null +++ b/ssl/ssl_txt.c @@ -0,0 +1,133 @@ +/* ssl/ssl_txt.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "buffer.h" +#include "ssl_locl.h" + +#ifndef WIN16 +int SSL_SESSION_print_fp(fp, x) +FILE *fp; +SSL_SESSION *x; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=SSL_SESSION_print(b,x); + BIO_free(b); + return(ret); + } +#endif + +int SSL_SESSION_print(bp,x) +BIO *bp; +SSL_SESSION *x; + { + int i; + char str[128]; + + if (x == NULL) goto err; + if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; + sprintf(str," Cipher : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name); + if (BIO_puts(bp,str) <= 0) goto err; + if (BIO_puts(bp," Session-ID: ") <= 0) goto err; + for (i=0; i<(int)x->session_id_length; i++) + { + sprintf(str,"%02X",x->session_id[i]); + if (BIO_puts(bp,str) <= 0) goto err; + } + if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; + for (i=0; i<(int)x->master_key_length; i++) + { + sprintf(str,"%02X",x->master_key[i]); + if (BIO_puts(bp,str) <= 0) goto err; + } + if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; + if (x->key_arg_length == 0) + { + if (BIO_puts(bp,"None") <= 0) goto err; + } + else + for (i=0; i<(int)x->key_arg_length; i++) + { + sprintf(str,"%02X",x->key_arg[i]); + if (BIO_puts(bp,str) <= 0) goto err; + } + if (x->time != 0L) + { + sprintf(str,"\n Start Time: %ld",x->time); + if (BIO_puts(bp,str) <= 0) goto err; + } + if (x->timeout != 0L) + { + sprintf(str,"\n Timeout : %ld (sec)",x->timeout); + if (BIO_puts(bp,str) <= 0) goto err; + } + if (BIO_puts(bp,"\n") <= 0) goto err; + + return(1); +err: + return(0); + } + diff --git a/ssl/ssltest.c b/ssl/ssltest.c new file mode 100644 index 0000000000000000000000000000000000000000..b8d657f3ba865d9dcb4211dc0754a9afb898ab9d --- /dev/null +++ b/ssl/ssltest.c @@ -0,0 +1,635 @@ +/* ssl/ssltest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#ifdef WIN16 +#define APPS_WIN16 +#endif +#include "bio.h" +#include "crypto.h" +#include "../e_os.h" +#include "x509.h" +#include "ssl.h" +#include "err.h" + +#ifdef WIN16 +#define APPS_WIN16 +#include "../crypto/bio/bss_file.c" +#endif + +#define TEST_SERVER_CERT "../apps/server.pem" +#define TEST_CLIENT_CERT "../apps/client.pem" + +#ifndef NOPROTO +int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +static DH *get_dh512(void); +#else +int MS_CALLBACK verify_callback(); +static DH *get_dh512(); +#endif + +BIO *bio_err=NULL; +BIO *bio_stdout=NULL; + +static char *cipher=NULL; +int verbose=0; +#ifdef FIONBIO +static int s_nbio=0; +#endif + + +#ifndef NOPROTO +int doit(SSL_CTX *s_ctx,SSL_CTX *c_ctx); +#else +int doit(); +#endif + +static void sv_usage() + { + fprintf(stderr,"usage: ssltest [args ...]\n"); + fprintf(stderr,"\n"); + fprintf(stderr," -server_auth - check server certificate\n"); + fprintf(stderr," -client_auth - do client authentication\n"); + fprintf(stderr," -v - more output\n"); +#ifndef NO_SSL2 + fprintf(stderr," -ssl2 - use SSLv2\n"); +#endif +#ifndef NO_SSL3 + fprintf(stderr," -ssl3 - use SSLv3\n"); +#endif + fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); + fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); + } + +int main(argc, argv) +int argc; +char *argv[]; + { + char *CApath=NULL,*CAfile=NULL; + int badop=0; + int ssl2=0,ssl3=0,ret=1; + int client_auth=0; + int server_auth=0; + char *server_cert=TEST_SERVER_CERT; + char *client_cert=TEST_CLIENT_CERT; + SSL_CTX *s_ctx=NULL; + SSL_CTX *c_ctx=NULL; + SSL_METHOD *meth=NULL; + DH *dh; + + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + argc--; + argv++; + + while (argc >= 1) + { + if (strcmp(*argv,"-server_auth") == 0) + server_auth=1; + else if (strcmp(*argv,"-client_auth") == 0) + client_auth=1; + else if (strcmp(*argv,"-v") == 0) + verbose=1; + else if (strcmp(*argv,"-ssl2") == 0) + ssl2=1; + else if (strcmp(*argv,"-ssl3") == 0) + ssl3=1; + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + server_cert= *(++argv); + } + else if (strcmp(*argv,"-s_cert") == 0) + { + if (--argc < 1) goto bad; + server_cert= *(++argv); + } + else if (strcmp(*argv,"-c_cert") == 0) + { + if (--argc < 1) goto bad; + client_cert= *(++argv); + } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } + else + { + fprintf(stderr,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sv_usage(); + goto end; + } + +/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ + + SSLeay_add_ssl_algorithms(); + SSL_load_error_strings(); + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + if (ssl2) + meth=SSLv2_method(); + else + if (ssl3) + meth=SSLv3_method(); + else + meth=SSLv23_method(); +#else +#ifdef NO_SSL2 + meth=SSLv3_method(); +#else + meth=SSLv2_method(); +#endif +#endif + + c_ctx=SSL_CTX_new(meth); + s_ctx=SSL_CTX_new(meth); + if ((c_ctx == NULL) || (s_ctx == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (cipher != NULL) + { + SSL_CTX_set_cipher_list(c_ctx,cipher); + SSL_CTX_set_cipher_list(s_ctx,cipher); + } + +#ifndef NO_DH + dh=get_dh512(); + SSL_CTX_set_tmp_dh(s_ctx,dh); + DH_free(dh); +#endif + + if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) + { + ERR_print_errors(bio_err); + } + else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert, + SSL_FILETYPE_PEM)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (client_auth) + { + SSL_CTX_use_certificate_file(c_ctx,client_cert, + SSL_FILETYPE_PEM); + SSL_CTX_use_PrivateKey_file(c_ctx,client_cert, + SSL_FILETYPE_PEM); + } + + if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx)) || + (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(c_ctx))) + { + fprintf(stderr,"SSL_load_verify_locations\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (client_auth) + { + fprintf(stderr,"client authentication\n"); + SSL_CTX_set_verify(s_ctx, + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); + } + if (server_auth) + { + fprintf(stderr,"server authentication\n"); + SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, + verify_callback); + } + + ret=doit(s_ctx,c_ctx); +end: + if (s_ctx != NULL) SSL_CTX_free(s_ctx); + if (c_ctx != NULL) SSL_CTX_free(c_ctx); + + if (bio_stdout != NULL) BIO_free(bio_stdout); + + ERR_remove_state(0); + EVP_cleanup(); + CRYPTO_mem_leaks(bio_err); + EXIT(ret); + } + +#define W_READ 1 +#define W_WRITE 2 +#define C_DONE 1 +#define S_DONE 2 + +int doit(s_ctx,c_ctx) +SSL_CTX *s_ctx,*c_ctx; + { + static char cbuf[200],sbuf[200]; + int ret=1; + SSL *c_ssl=NULL; + SSL *s_ssl=NULL; + BIO *c_to_s=NULL; + BIO *s_to_c=NULL; + BIO *c_bio=NULL; + BIO *s_bio=NULL; + int c_r,c_w,s_r,s_w; + int c_want,s_want; + int i; + int done=0; + int c_write,s_write; + int do_server=0,do_client=0; + SSL_CIPHER *ciph; + + c_ssl=SSL_new(c_ctx); + s_ssl=SSL_new(s_ctx); + if ((s_ssl == NULL) || (c_ssl == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + + c_to_s=BIO_new(BIO_s_mem()); + s_to_c=BIO_new(BIO_s_mem()); + if ((s_to_c == NULL) || (c_to_s == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + + c_bio=BIO_new(BIO_f_ssl()); + s_bio=BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) || (s_bio == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl,s_to_c,c_to_s); + BIO_set_ssl(c_bio,c_ssl,BIO_CLOSE); + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl,c_to_s,s_to_c); + BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE); + + c_r=0; s_r=1; + c_w=1; s_w=0; + c_want=W_WRITE; + s_want=0; + c_write=1,s_write=0; + + /* We can always do writes */ + for (;;) + { + do_server=0; + do_client=0; + + i=(int)BIO_pending(s_bio); + if ((i && s_r) || s_w) do_server=1; + + i=(int)BIO_pending(c_bio); + if ((i && c_r) || c_w) do_client=1; + + if (do_server && verbose) + { + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); + } + + if (do_client && verbose) + { + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); + } + + if (!do_client && !do_server) + { + fprintf(stdout,"ERROR IN STARTUP\n"); + ERR_print_errors(bio_err); + break; + } + if (do_client && !(done & C_DONE)) + { + if (c_write) + { + i=BIO_write(c_bio,"hello from client\n",18); + if (i < 0) + { + c_r=0; + c_w=0; + if (BIO_should_retry(c_bio)) + { + if (BIO_should_read(c_bio)) + c_r=1; + if (BIO_should_write(c_bio)) + c_w=1; + } + else + { + fprintf(stderr,"ERROR in CLIENT\n"); + ERR_print_errors(bio_err); + goto err; + } + } + else if (i == 0) + { + fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + goto err; + } + else + { + /* ok */ + c_write=0; + } + } + else + { + i=BIO_read(c_bio,cbuf,100); + if (i < 0) + { + c_r=0; + c_w=0; + if (BIO_should_retry(c_bio)) + { + if (BIO_should_read(c_bio)) + c_r=1; + if (BIO_should_write(c_bio)) + c_w=1; + } + else + { + fprintf(stderr,"ERROR in CLIENT\n"); + ERR_print_errors(bio_err); + goto err; + } + } + else if (i == 0) + { + fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + goto err; + } + else + { + done|=C_DONE; + fprintf(stdout,"CLIENT:from server:"); + fwrite(cbuf,1,i,stdout); + fflush(stdout); + } + } + } + + if (do_server && !(done & S_DONE)) + { + if (!s_write) + { + i=BIO_read(s_bio,sbuf,100); + if (i < 0) + { + s_r=0; + s_w=0; + if (BIO_should_retry(s_bio)) + { + if (BIO_should_read(s_bio)) + s_r=1; + if (BIO_should_write(s_bio)) + s_w=1; + } + else + { + fprintf(stderr,"ERROR in SERVER\n"); + ERR_print_errors(bio_err); + goto err; + } + } + else if (i == 0) + { + ERR_print_errors(bio_err); + fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n"); + goto err; + } + else + { + s_write=1; + s_w=1; + fprintf(stdout,"SERVER:from client:"); + fwrite(sbuf,1,i,stdout); + fflush(stdout); + } + } + else + { + i=BIO_write(s_bio,"hello from server\n",18); + if (i < 0) + { + s_r=0; + s_w=0; + if (BIO_should_retry(s_bio)) + { + if (BIO_should_read(s_bio)) + s_r=1; + if (BIO_should_write(s_bio)) + s_w=1; + } + else + { + fprintf(stderr,"ERROR in SERVER\n"); + ERR_print_errors(bio_err); + goto err; + } + } + else if (i == 0) + { + ERR_print_errors(bio_err); + fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n"); + goto err; + } + else + { + s_write=0; + s_r=1; + done|=S_DONE; + } + } + } + + if ((done & S_DONE) && (done & C_DONE)) break; + } + + ciph=SSL_get_current_cipher(c_ssl); + fprintf(stdout,"DONE, used %s, %s\n",SSL_CIPHER_get_version(ciph), + SSL_CIPHER_get_name(ciph)); + ret=0; +err: + /* We have to set the BIO's to NULL otherwise they will be + * Free()ed twice. Once when th s_ssl is SSL_free()ed and + * again when c_ssl is SSL_free()ed. + * This is a hack required because s_ssl and c_ssl are sharing the same + * BIO structure and SSL_set_bio() and SSL_free() automatically + * BIO_free non NULL entries. + * You should not normally do this or be required to do this */ + if (s_ssl != NULL) + { + s_ssl->rbio=NULL; + s_ssl->wbio=NULL; + } + if (c_ssl != NULL) + { + c_ssl->rbio=NULL; + c_ssl->wbio=NULL; + } + + if (c_to_s != NULL) BIO_free(c_to_s); + if (s_to_c != NULL) BIO_free(s_to_c); + if (c_bio != NULL) BIO_free(c_bio); + if (s_bio != NULL) BIO_free(s_bio); + return(ret); + } + +int MS_CALLBACK verify_callback(ok, ctx) +int ok; +X509_STORE_CTX *ctx; + { + char *s,buf[256]; + + s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); + if (s != NULL) + { + if (ok) + fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf); + else + fprintf(stderr,"depth=%d error=%d %s\n", + ctx->error_depth,ctx->error,buf); + } + + if (ok == 0) + { + switch (ctx->error) + { + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + ok=1; + } + } + + return(ok); + } + +static unsigned char dh512_p[]={ + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, + }; +static unsigned char dh512_g[]={ + 0x02, + }; + +static DH *get_dh512() + { + DH *dh=NULL; + +#ifndef NO_DH + if ((dh=DH_new()) == NULL) return(NULL); + dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); + dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + return(NULL); +#endif + return(dh); + } + diff --git a/ssl/zz b/ssl/zz new file mode 100644 index 0000000000000000000000000000000000000000..47c570ec805d09d4606993137856d4f1d12582ab --- /dev/null +++ b/ssl/zz @@ -0,0 +1,402 @@ +/* ssl/s23_srvr.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "buffer.h" +#include "rand.h" +#include "objects.h" +#include "evp.h" +#include "ssl_locl.h" + +#define BREAK break + +#ifndef NOPROTO +int ssl23_get_client_hello(SSL *s); +#else +int ssl23_get_client_hello(); +#endif + +static SSL_METHOD *ssl23_get_server_method(ver) +int ver; + { + if (ver == 2) + return(SSLv2_server_method()); + else if (ver == 3) + return(SSLv3_server_method()); + else + return(NULL); + } + +SSL_METHOD *SSLv23_server_method() + { + static int init=1; + static SSL_METHOD SSLv23_server_data; + + if (init) + { + init=0; + memcpy((char *)&SSLv23_server_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_server_data.ssl_accept=ssl23_accept; + SSLv23_server_data.get_ssl_method=ssl23_get_server_method; + } + return(&SSLv23_server_data); + } + +int ssl23_accept(s) +SSL *s; + { + BUF_MEM *buf; + unsigned long Time=time(NULL); + void (*cb)()=NULL; + int ret= -1; + int new_state,state; + + RAND_seed((unsigned char *)&Time,sizeof(Time)); + ERR_clear_error(); + errno=0; + + if (s->info_callback != NULL) + cb=s->info_callback; + else if (s->ctx->info_callback != NULL) + cb=s->ctx->info_callback; + + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); + s->in_handshake++; + + for (;;) + { + state=s->state; + + switch(s->state) + { + case SSL_ST_BEFORE: + case SSL_ST_ACCEPT: + case SSL_ST_BEFORE|SSL_ST_ACCEPT: + case SSL_ST_OK|SSL_ST_ACCEPT: + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + + s->version=3; + s->type=SSL_ST_ACCEPT; + + if (s->init_buf == NULL) + { + if ((buf=BUF_MEM_new()) == NULL) + { + ret= -1; + goto end; + } + if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) + { + ret= -1; + goto end; + } + s->init_buf=buf; + } + + ssl3_init_finished_mac(s); + + s->state=SSL23_ST_SR_CLNT_HELLO_A; + s->ctx->sess_accept++; + s->init_num=0; + break; + + case SSL23_ST_SR_CLNT_HELLO_A: + case SSL23_ST_SR_CLNT_HELLO_B: + + s->shutdown=0; + ret=ssl23_get_client_hello(s); + if (ret >= 0) cb=NULL; + goto end; + break; + + default: + SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); + ret= -1; + goto end; + /* break; */ + } + + if ((cb != NULL) && (s->state != state)) + { + new_state=s->state; + s->state=state; + cb(s,SSL_CB_ACCEPT_LOOP,1); + s->state=new_state; + } + } +end: + if (cb != NULL) + cb(s,SSL_CB_ACCEPT_EXIT,ret); + s->in_handshake--; + return(ret); + } + + +int ssl23_get_client_hello(s) +SSL *s; + { + char buf[8]; + unsigned char *p,*d,*dd; + unsigned int i; + unsigned int csl,sil,cl; + int n=0,j; + BIO *bbio; + int type=0; + + /* read the initial header */ + if (s->state == SSL23_ST_SR_CLNT_HELLO_A) + { + if (!ssl3_setup_buffers(s)) goto err; + + n=ssl23_read_bytes(s,7); + if (n != 7) return(n); + + p=s->packet; + + memcpy(buf,p,n); + + if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) + { + /* SSLv2 header */ + if ((p[3] == 0x00) && (p[4] == 0x02)) + { + /* SSLv2 */ + type=1; + } + else if ((p[3] == SSL3_VERSION_MAJOR) && + (p[4] == SSL3_VERSION_MINOR)) + { + /* SSLv3 */ + s->state=SSL23_ST_SR_CLNT_HELLO_B; + } + } + else if ((p[0] == SSL3_RT_HANDSHAKE) && + (p[1] == SSL3_VERSION_MAJOR) && + (p[2] == SSL3_VERSION_MINOR) && + (p[5] == SSL3_MT_CLIENT_HELLO)) + { + /* true SSLv3 */ + type=3; + } + } + + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) + { + /* we have a SSLv3 in a SSLv2 header */ + type=2; + p=s->packet; + n=((p[0]&0x7f)<<8)|p[1]; + if (n > (1024*4)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); + goto err; + } + + j=ssl23_read_bytes(s,n+2); + if (j <= 0) return(j); + + ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); + + p=s->packet; + p+=5; + n2s(p,csl); + n2s(p,sil); + n2s(p,cl); + d=(unsigned char *)s->init_buf->data; + if ((csl+sil+cl+11) != s->packet_length) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); + goto err; + } + + *(d++)=SSL3_VERSION_MAJOR; + *(d++)=SSL3_VERSION_MINOR; + + /* lets populate the random area */ + /* get the chalenge_length */ + i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; + memset(d,0,SSL3_RANDOM_SIZE); + memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); + d+=SSL3_RANDOM_SIZE; + + /* no session-id reuse */ + *(d++)=0; + + /* ciphers */ + j=0; + dd=d; + d+=2; + for (i=0; iinit_buf->data); + + /* get the data reused from the init_buf */ + s->s3->tmp.reuse_message=1; + s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; + s->s3->tmp.message_size=i; + } + + if (type == 1) + { + /* we are talking sslv2 */ + /* we need to clean up the SSLv3 setup and put in the + * sslv2 stuff. */ + + if (s->s2 == NULL) + { + if (!ssl2_new(s)) + goto err; + } + else + ssl2_clear(s); + + if (s->s3 != NULL) ssl3_free(s); + + if (!BUF_MEM_grow(s->init_buf, + SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) + { + goto err; + } + + s->state=SSL2_ST_GET_CLIENT_HELLO_A; + if (s->ctx->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) + s->s2->ssl2_rollback=0; + else + s->s2->ssl2_rollback=1; + + /* setup the 5 bytes we have read so we get them from + * the sslv2 buffer */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + s->packet= &(s->s2->rbuf[0]); + memcpy(s->packet,buf,n); + s->s2->rbuf_left=n; + s->s2->rbuf_offs=0; + + s->method=SSLv2_server_method(); + s->handshake_func=s->method->ssl_accept; + } + + if ((type == 2) || (type == 3)) + { + /* we have sslv3 */ + + if (s->bbio == NULL) + { + bbio=BIO_new(BIO_f_buffer()); + if (bbio == NULL) + goto err; + s->bbio=bbio; + } + else + bbio=s->bbio; + BIO_reset(bbio); + if (!BIO_set_write_buffer_size(bbio,16*1024)) + goto err; + s->wbio=BIO_push(bbio,s->wbio); + + /* we are in this state */ + s->state=SSL3_ST_SR_CLNT_HELLO_A; + + if (type == 3) + { + /* put the 'n' bytes we have read into the input buffer + * for SSLv3 */ + s->rstate=SSL_ST_READ_HEADER; + s->packet_length=n; + s->packet= &(s->s3->rbuf.buf[0]); + memcpy(s->packet,buf,n); + s->s3->rbuf.left=n; + s->s3->rbuf.offset=0; + } + else + { + s->packet_length=0; + s->s3->rbuf.left=0; + s->s3->rbuf.offset=0; + } + + s->method=SSLv3_server_method(); + s->handshake_func=s->method->ssl_accept; + } + + if ((type < 1) || (type > 3)) + { + /* bad, very bad */ + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); + goto err; + } + s->init_num=0; + return(SSL_accept(s)); +err: + return(-1); + } + diff --git a/test/CAss.cnf b/test/CAss.cnf new file mode 100644 index 0000000000000000000000000000000000000000..b941b7ae15703a6eba452835c5f28a7eb85d19c6 --- /dev/null +++ b/test/CAss.cnf @@ -0,0 +1,25 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha1 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +commonName = Common Name (eg, YOUR name) +commonName_value = Dodgy CA diff --git a/test/Makefile.ssl b/test/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..ee48d5493d28ddadb28cdfabe0ad98b9a51bbf3d --- /dev/null +++ b/test/Makefile.ssl @@ -0,0 +1,263 @@ +# +# test/Makefile.ssl +# + +DIR= test +TOP= .. +CC= cc +INCLUDES= -I../include +CFLAG= -g +INSTALLTOP= /usr/local/ssl +MAKEFILE= Makefile.ssl +MAKE= make -f $(MAKEFILE) +MAKEDEPEND= makedepend -f$(MAKEFILE) + +PEX_LIBS= +EX_LIBS= -lnsl -lsocket + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile.ssl + +DLIBCRYPTO= ../libcrypto.a +DLIBSSL= ../libssl.a +LIBCRYPTO= -L.. -lcrypto +LIBSSL= -L.. -lssl + +BNTEST= bntest +EXPTEST= exptest +IDEATEST= ideatest +SHATEST= shatest +SHA1TEST= sha1test +MDC2TEST= mdc2test +MD2TEST= md2test +MD5TEST= md5test +RC4TEST= rc4test +RC2TEST= rc2test +BFTEST= bftest +DESTEST= destest +RANDTEST= randtest +DHTEST= dhtest +DSATEST= dsatest +METHTEST= methtest +SSLTEST= ssltest + +EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(RC4TEST) \ + $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RANDTEST) $(DHTEST) \ + $(RC2TEST) $(BFTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) + +# $(METHTEST) + +OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(RC4TEST).o \ + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o \ + $(RANDTEST).o $(DHTEST).o \ + $(RC2TEST).o $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o +SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(RC4TEST).c \ + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c \ + $(RANDTEST).c $(DHTEST).c \ + $(RC2TEST).c $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ..; $(MAKE) DIRS=$(DIR) all) + +all: exe + +exe: $(EXE) + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + +errors: + +install: + +tags: + ctags $(SRC) + +tests: exe apps \ + test_des test_idea test_sha test_md5 test_md2 test_mdc2 \ + test_rc2 test_rc4 test_bf \ + test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \ + test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \ + test_ss test_ssl test_ca + +apps: + @(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all) + +test_des: + ./$(DESTEST) + +test_idea: + ./$(IDEATEST) + +test_sha: + ./$(SHATEST) + ./$(SHA1TEST) + +test_mdc2: + ./$(MDC2TEST) + +test_md5: + ./$(MD5TEST) + +test_md2: + ./$(MD2TEST) + +test_rc2: + ./$(RC2TEST) + +test_bf: + ./$(BFTEST) + +test_rc4: + ./$(RC4TEST) + +test_rand: + ./$(RANDTEST) + +test_enc: + @sh ./testenc + +test_x509: + echo test normal x509v1 certificate + sh ./tx509 2>/dev/null + echo test first x509v3 certificate + sh ./tx509 v3-cert1.pem 2>/dev/null + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +test_rsa: + @sh ./trsa 2>/dev/null + +test_crl: + @sh ./tcrl 2>/dev/null + +test_sid: + @sh ./tsid 2>/dev/null + +test_req: + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null + +test_pkcs7: + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null + +test_bn: + @echo 'test a^b%c implementations' + ./$(EXPTEST) + @echo starting big number library test, could take a while... + @(./$(BNTEST)|bc) | awk '{ \ +if ($$0 != "0") {print "error"; exit(1); } \ +if (((NR+1)%64) == 0) print NR+1," tests done"; }' + +test_verify: + @echo "The following command should have some OK's and some failures" + @echo "There are definitly a few expired certificates" + ../apps/ssleay verify -CApath ../certs ../certs/*.pem + +test_dh: + @echo "Generate as set of DH parameters" + ./$(DHTEST) + +test_dsa: + @echo "Generate as set of DSA parameters" + ./$(DSATEST) + +test_reqgen: + @echo "Generate and verify a certificate request" + @sh ./testgen + +test_ss: + @echo "Generate and certify a test certificate" + @sh ./testss + +test_ssl: + @echo "test SSL protocol" + @sh ./testssl + +test_ca: + @echo "Generate and certify a test certificate via the 'ca' program" + @sh ./testca + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log + +$(DLIBSSL): + (cd ../ssl; $(MAKE)) + +$(DLIBCRYPTO): + (cd ../crypto; $(MAKE)) + +$(BNTEST): $(BNTEST).o $(DLIBCRYPTO) + $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) + $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) + $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) + $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SHATEST): $(SHATEST).o $(DLIBCRYPTO) + $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) + $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) + $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) + $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(BFTEST): $(BFTEST).o $(DLIBCRYPTO) + $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + + +$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DESTEST): $(DESTEST).o $(DLIBCRYPTO) + $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) + $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DHTEST): $(DHTEST).o $(DLIBCRYPTO) + $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DSATEST): $(DSATEST).o $(DLIBCRYPTO) + $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(METHTEST): $(METHTEST).o $(DLIBCRYPTO) + $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) + $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/test/Uss.cnf b/test/Uss.cnf new file mode 100644 index 0000000000000000000000000000000000000000..c89692d5199c32e1ff74c59853175e868b00f7b3 --- /dev/null +++ b/test/Uss.cnf @@ -0,0 +1,28 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = md2 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 diff --git a/test/certCA.srl b/test/certCA.srl new file mode 100644 index 0000000000000000000000000000000000000000..f5c89552bd3e62bfce023a230e90d141f7a46b2f --- /dev/null +++ b/test/certCA.srl @@ -0,0 +1 @@ +32 diff --git a/test/dsa-ca.pem b/test/dsa-ca.pem new file mode 100644 index 0000000000000000000000000000000000000000..9eb08f3ddd45864dff7c3403c26e6ef6dbf4a5e9 --- /dev/null +++ b/test/dsa-ca.pem @@ -0,0 +1,43 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0 + +svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0 +Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl +Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/ +par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr +zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO +uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5 +rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx +1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4 +HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827 +MVqOsYxGCb+kez0FoDSTgw== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew +ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW +sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m +rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk +cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo +bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR +CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB +F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH +vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq +AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u +3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v +AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE +AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi +ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh +MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD +MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa +C1Q= +-----END CERTIFICATE----- + diff --git a/test/dsa-pca.pem b/test/dsa-pca.pem new file mode 100644 index 0000000000000000000000000000000000000000..e3641ad47e6b317a3fa797981ec63d80fee4a073 --- /dev/null +++ b/test/dsa-pca.pem @@ -0,0 +1,49 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4 + +GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS +mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt +of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr +FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX +RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd +qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1 +diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn +V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h +hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf +dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7 +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB +MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G +lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O +Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR +5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl +aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 +kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als +QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe +6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ +yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 +z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB +nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww +ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ +R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 +JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps +BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze +mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO +VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C +uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D +AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n +5rKUjNBhSg== +-----END CERTIFICATE----- + diff --git a/test/methtest.c b/test/methtest.c new file mode 100644 index 0000000000000000000000000000000000000000..55d1ac79346ec6c521a35b9e9d411d6d9fc8aeb9 --- /dev/null +++ b/test/methtest.c @@ -0,0 +1,105 @@ +/* test/methtest.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "rsa.h" +#include "x509.h" +#include "meth.h" +#include "err.h" + +int main(argc,argv) +int argc; +char *argv[]; + { + METHOD_CTX *top,*tmp1,*tmp2; + + top=METH_new(x509_lookup()); /* get a top level context */ + if (top == NULL) goto err; + + tmp1=METH_new(x509_by_file()); + if (top == NULL) goto err; + METH_arg(tmp1,METH_TYPE_FILE,"cafile1"); + METH_arg(tmp1,METH_TYPE_FILE,"cafile2"); + METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); + + tmp2=METH_new(x509_by_dir()); + METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts"); + METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs"); + METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); + METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); + +/* tmp=METH_new(x509_by_issuer_dir); + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); + METH_push(top,METH_X509_BY_ISSUER,tmp); + + tmp=METH_new(x509_by_issuer_primary); + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); + METH_push(top,METH_X509_BY_ISSUER,tmp); +*/ + + METH_init(top); + METH_control(tmp1,METH_CONTROL_DUMP,stdout); + METH_control(tmp2,METH_CONTROL_DUMP,stdout); + exit(0); +err: + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + exit(1); + return(0); + } diff --git a/test/pkcs7-1.pem b/test/pkcs7-1.pem new file mode 100644 index 0000000000000000000000000000000000000000..c47b27af889355134d0252ea485b455793f5cdbf --- /dev/null +++ b/test/pkcs7-1.pem @@ -0,0 +1,15 @@ +-----BEGIN PKCS7----- +MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG +SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE +AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF +eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 +MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv +bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK +ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB +FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N +9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 +BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w +bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB +BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C +j7Kie1x339mxW/w9VZNTUDQQweHh +-----END PKCS7----- diff --git a/test/pkcs7.pem b/test/pkcs7.pem new file mode 100644 index 0000000000000000000000000000000000000000..d55c60b94e13a2990fbd2c3a9fa958b1c41922c7 --- /dev/null +++ b/test/pkcs7.pem @@ -0,0 +1,54 @@ + MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg + AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH + EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl + cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw + ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 + MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh + c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh + bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE + CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl + Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G + CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK + ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 + l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC + HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg + Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 + c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj + YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 + dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx + dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu + LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU + ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln + biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT + IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB + AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t + L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL + HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF + slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 + ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR + /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT + aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp + ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 + OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu + MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz + Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv + qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy + sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb + P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG + A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA + KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 + Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 + Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq + hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp + Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk + dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ + KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 + dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW + I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow + ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W + ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD + ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw + MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK + /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ + DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP + b+xSu/jH0gAAMYAAAAAAAAAAAA== diff --git a/test/tcrl b/test/tcrl new file mode 100644 index 0000000000000000000000000000000000000000..859fba452f51586a2a8b54f0ce056e06eb9f79cd --- /dev/null +++ b/test/tcrl @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay crl' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testcrl.pem +fi + +echo testing crl conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/test.cnf b/test/test.cnf new file mode 100644 index 0000000000000000000000000000000000000000..faad3914a859c30a63070e9b37e935ff19be86e7 --- /dev/null +++ b/test/test.cnf @@ -0,0 +1,88 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/new_certs # default place for new certs. + +certificate = $dir/CAcert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/CAkey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = testkey.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Queensland +stateOrProvinceName_value = + +localityName = Locality Name (eg, city) +localityName_value = Brisbane + +organizationName = Organization Name (eg, company) +organizationName_default = +organizationName_value = CryptSoft Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = +organizationalUnitName_value = . + +commonName = Common Name (eg, YOUR name) +commonName_value = Eric Young + +emailAddress = Email Address +emailAddress_value = eay@mincom.oz.au diff --git a/test/test.txt b/test/test.txt new file mode 100644 index 0000000000000000000000000000000000000000..c6d8d50ba9d4e5b99bde580f0437fbd9a72a7286 --- /dev/null +++ b/test/test.txt @@ -0,0 +1,31 @@ +#!/bin/sh + +test=./test.txt + +cat $0 >$test; + +for i in rc4 des-cfb des-ofb des-ecb des-cbc des-ede des-ede3 \ + des-cbc-ede des-cbc-ede3 idea-ecb idea-cfb idea-ofb idea-cbc +do + echo $i + ../apps/ssleay $i -e -k test < $test > $test.$i.cipher + ../apps/ssleay $i -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi + + echo $i base64 + ../apps/ssleay $i -a -e -k test < $test > $test.$i.cipher + ../apps/ssleay $i -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi +done diff --git a/test/testca b/test/testca new file mode 100644 index 0000000000000000000000000000000000000000..a28402f9ca79fa2187d1c19b808066637d3c7cd0 --- /dev/null +++ b/test/testca @@ -0,0 +1,44 @@ +#!/bin/sh + +SH="/bin/sh" +PATH=../apps:$PATH +export SH PATH + +SSLEAY_CONFIG="-config CAss.cnf" +export SSLEAY_CONFIG + +/bin/rm -fr demoCA +$SH ../apps/CA.sh -newca <$test; + +echo cat +$cmd enc < $test > $test.cipher +$cmd enc < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi +echo base64 +$cmd enc -a -e < $test > $test.cipher +$cmd enc -a -d < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi + +for i in rc4 \ + des-cfb des-ede-cfb des-ede3-cfb \ + des-ofb des-ede-ofb des-ede3-ofb \ + des-ecb des-ede des-ede3 desx \ + des-cbc des-ede-cbc des-ede3-cbc \ + idea-ecb idea-cfb idea-ofb idea-cbc \ + rc2-ecb rc2-cfb rc2-ofb rc2-cbc \ + bf-ecb bf-cfb bf-ofb bf-cbc +do + echo $i + $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi + + echo $i base64 + $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi +done +rm -f $test diff --git a/test/testgen b/test/testgen new file mode 100644 index 0000000000000000000000000000000000000000..12a4ca4cea89f24aaff47f4ec94634cd4567368c --- /dev/null +++ b/test/testgen @@ -0,0 +1,30 @@ +#!/bin/sh + +T=testcert +KEY=512 +CA=../certs/testca.pem + +/bin/rm -f $T.1 $T.2 $T.key + +PATH=../apps:$PATH; +export PATH + +echo "generating certificate request" + +echo "There should be a 2 sequences of .'s and some +'s." +echo "There should not be more that at most 80 per line" +echo "This could take some time." + +../apps/ssleay req -config test.cnf -new -out testreq.pem +if [ $? != 0 ]; then +echo problems creating request +exit 1 +fi + +../apps/ssleay req -verify -in testreq.pem -noout +if [ $? != 0 ]; then +echo signature on req is wrong +exit 1 +fi + +exit 0 diff --git a/test/testkey.pem b/test/testkey.pem new file mode 100644 index 0000000000000000000000000000000000000000..c8eba826684729d5af14b5ef65448670dd7d5148 --- /dev/null +++ b/test/testkey.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBAK8j1FaU9b+TMyeiXGzIGJZ/Coj39v2v4a4NviCjWELm14fdcdg4 +3Q99LTLyvLDnq7sLQX4gOMaLM4rmGMgeuGsCAwEAAQJAAaFRvqSQTQIvvbSzK4gJ +Qo1YKcI1GFNkxFv4YxFiJu0/LXaw9U/iDSlUdH15F6ezndqojovnn731Pmf7e08F +MQIhAOCi7P0RtrV3O/KB0MYldxFOKNwp5lzH+um7jBq6oRw1AiEAx5fGT9fIFl6Z +hXgWYy+eO8QPjEXDcLTgc5/VbE3o1h8CIBIre4nYxfOVqmaqM23jl+bxcIKmbPiy +QExpnCKJWADFAiAL73CFb8LgS5HkoFS+Y6eTrVq8qaNRRw+w+lrZ2iLVQwIgRk40 +WRSH7Yv90rv1PpcQ4wxSnu3lfyFO1XZ/J1UxdfA= +-----END RSA PRIVATE KEY----- diff --git a/test/testp7.pem b/test/testp7.pem new file mode 100644 index 0000000000000000000000000000000000000000..b3b6dba8303a6fb5d44eecd16615898fc45453be --- /dev/null +++ b/test/testp7.pem @@ -0,0 +1,46 @@ +-----BEGIN PKCS7----- +MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw +ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G +A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL +EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X +DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy +bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g +Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln +aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz +aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE +KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO +Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB +AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL +YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz +IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0 +bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50 +IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D +UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg +b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN +b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz +MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg +UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC +SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv +MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw +DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf +gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ +fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew +HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl +cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu +IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B +AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h +MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC +AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd +TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2 +UNCaNQ1H26GCAa0wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UEBxMISW50 +ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln +biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3MTcxNzU5 +MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsWsQmste9f ++UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9XfZsaiiI +gotQHjCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVTMRcwFQYDVQQK +Ew5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBDQRcNOTYwNzE3 +MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBAHitA0/xAukC +jHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMlExONA3ju10f7 +owIq3s3wx10xAAAAAAA= +-----END PKCS7----- diff --git a/test/testreq.pem b/test/testreq.pem new file mode 100644 index 0000000000000000000000000000000000000000..ebae21d94ce949877a700570e155369d65dbe017 --- /dev/null +++ b/test/testreq.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET +MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v +ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvI9RWlPW/kzMnolxsyBiWfwqI +9/b9r+GuDb4go1hC5teH3XHYON0PfS0y8ryw56u7C0F+IDjGizOK5hjIHrhrAgMB +AAGgADANBgkqhkiG9w0BAQQFAANBAAJIIXcUJRF4IW0bTYoBAAWnvWNA6gl2lvNF +OTkJTP7rQG0kdx/YNbBKAosMUUtEk38o2fzsv64jzXL8weUwoPM= +-----END CERTIFICATE REQUEST----- diff --git a/test/testreq2.pem b/test/testreq2.pem new file mode 100644 index 0000000000000000000000000000000000000000..c3cdcffcbc61e1da563c4ce60155bf4180d30018 --- /dev/null +++ b/test/testreq2.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG +DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq +hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi +gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= +-----END CERTIFICATE REQUEST----- diff --git a/test/testrsa.pem b/test/testrsa.pem new file mode 100644 index 0000000000000000000000000000000000000000..aad21067a8f7cb93a52a511eb9162fd83be39135 --- /dev/null +++ b/test/testrsa.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I +Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R +rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy +oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S +mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz +rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA +mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= +-----END RSA PRIVATE KEY----- diff --git a/test/testsid.pem b/test/testsid.pem new file mode 100644 index 0000000000000000000000000000000000000000..cd8617be2e694ce156fa6936c58b9dd86fa91d45 --- /dev/null +++ b/test/testsid.pem @@ -0,0 +1,12 @@ +-----BEGIN SSL SESSION PARAMETERS----- +MIIBxwIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV +bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw +ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz +YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG +A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk +LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G +CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD +TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI +hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L +CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTv +-----END SSL SESSION PARAMETERS----- diff --git a/test/testss b/test/testss new file mode 100644 index 0000000000000000000000000000000000000000..a5aecf4694df891505bbebf0e6a00f9000e167b4 --- /dev/null +++ b/test/testss @@ -0,0 +1,89 @@ +#!/bin/sh + +digest='-mdc2' +reqcmd="../apps/ssleay req" +x509cmd="../apps/ssleay x509 $digest" +verifycmd="../apps/ssleay verify" + +CAkey="keyCA.ss" +CAcert="certCA.ss" +CAreq="reqCA.ss" +CAconf="CAss.cnf" +CAreq2="req2CA.ss" # temp + +Uconf="Uss.cnf" +Ukey="keyU.ss" +Ureq="reqU.ss" +Ucert="certU.ss" + +echo +echo "make a certificate request using 'req'" +$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a certificate request" + exit 1 +fi +echo +echo "convert the certificate request into a self signed certificate using 'x509'" +$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to self sign a certificate request" + exit 1 +fi + +echo +echo "convert a certificate into a certificate request using 'x509'" +$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' convert a certificate to a certificate request" + exit 1 +fi + +$reqcmd -verify -in $CAreq -noout +if [ $? != 0 ]; then + echo first generated request is invalid + exit 1 +fi + +$reqcmd -verify -in $CAreq2 -noout +if [ $? != 0 ]; then + echo second generated request is invalid + exit 1 +fi + +$verifycmd -CAfile $CAcert $CAcert +if [ $? != 0 ]; then + echo first generated cert is invalid + exit 1 +fi + +echo +echo "make another certificate request using 'req'" +$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a certificate request" + exit 1 +fi + +echo +echo "sign certificate request with the just created CA via 'x509'" +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a certificate request" + exit 1 +fi + +$verifycmd -CAfile $CAcert $Ucert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert + +echo +echo The generated CA certificate is $CAcert +echo The generated CA private key is $CAkey + +echo The generated user certificate is $Ucert +echo The generated user private key is $Ukey + +/bin/rm err.ss +exit 0 diff --git a/test/testssl b/test/testssl new file mode 100644 index 0000000000000000000000000000000000000000..f115adb8e11394b453b23fea88461f3aaa6378b2 --- /dev/null +++ b/test/testssl @@ -0,0 +1,40 @@ +#!/bin/sh + +echo test sslv2 +./ssltest -ssl2 || exit 1 + +echo test sslv2 with server authentication +./ssltest -ssl2 -server_auth -CApath ../certs || exit 1 + +echo test sslv2 with client authentication +./ssltest -ssl2 -client_auth -CApath ../certs || exit 1 + +echo test sslv2 with both client and server authentication +./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1 + +echo test sslv3 +./ssltest -ssl3 || exit 1 + +echo test sslv3 with server authentication +./ssltest -ssl3 -server_auth -CApath ../certs || exit 1 + +echo test sslv3 with client authentication +./ssltest -ssl3 -client_auth -CApath ../certs || exit 1 + +echo test sslv3 with both client and server authentication +./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1 + +echo test sslv2/sslv3 +./ssltest || exit 1 + +echo test sslv2/sslv3 with server authentication +./ssltest -server_auth -CApath ../certs || exit 1 + +echo test sslv2/sslv3 with client authentication +./ssltest -client_auth -CApath ../certs || exit 1 + +echo test sslv2/sslv3 with both client and server authentication +./ssltest -server_auth -client_auth -CApath ../certs || exit 1 + +exit 0 + diff --git a/test/testx509.pem b/test/testx509.pem new file mode 100644 index 0000000000000000000000000000000000000000..8a85d14964f8392cc46b5e9fee8446754136187f --- /dev/null +++ b/test/testx509.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz +MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO +/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE +Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ +zl9HYIMxATFyqSiD9jsx +-----END CERTIFICATE----- diff --git a/test/tpkcs7 b/test/tpkcs7 new file mode 100644 index 0000000000000000000000000000000000000000..ea1f005dacfdc5a6fbc0ed8e9020acdbeaf849c5 --- /dev/null +++ b/test/tpkcs7 @@ -0,0 +1,51 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testp7.pem +fi + +echo testing pkcs7 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tpkcs7d b/test/tpkcs7d new file mode 100644 index 0000000000000000000000000000000000000000..c8f18fb09c19cac4b3fff30b52f6477f624d3c1c --- /dev/null +++ b/test/tpkcs7d @@ -0,0 +1,44 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=pkcs7-1.pem +fi + +echo testing pkcs7 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/treq b/test/treq new file mode 100644 index 0000000000000000000000000000000000000000..e5f1d8cc41fdc56f8eee25e267be3c460a9eb933 --- /dev/null +++ b/test/treq @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay req' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testreq.pem +fi + +echo testing req conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -verify -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -verify -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/trsa b/test/trsa new file mode 100644 index 0000000000000000000000000000000000000000..e5b8fe0448eb90ce8c3199780880db8ecf7e4b50 --- /dev/null +++ b/test/trsa @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay rsa' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testrsa.pem +fi + +echo testing rsa conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tsid b/test/tsid new file mode 100644 index 0000000000000000000000000000000000000000..8c7e9b1387bce2e37f62ff9eda7f204462bed98d --- /dev/null +++ b/test/tsid @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay sess_id' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testsid.pem +fi + +echo testing session-id conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tx509 b/test/tx509 new file mode 100644 index 0000000000000000000000000000000000000000..f8d1f82cdd229e97ce06b7f9aa74065cc54cb25f --- /dev/null +++ b/test/tx509 @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay x509' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testx509.pem +fi + +echo testing X509 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> n" +$cmd -in fff.p -inform p -outform n >f.n +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> d" +$cmd -in f.n -inform n -outform d >ff.d2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> n" +$cmd -in f.d -inform d -outform n >ff.n1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> n" +$cmd -in f.n -inform n -outform n >ff.n2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> n" +$cmd -in f.p -inform p -outform n >ff.n3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> p" +$cmd -in f.n -inform n -outform p >ff.p2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p2 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.n ff.n1 +if [ $? != 0 ]; then exit 1; fi +cmp f.n ff.n2 +if [ $? != 0 ]; then exit 1; fi +cmp f.n ff.n3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p2 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/v3-cert1.pem b/test/v3-cert1.pem new file mode 100644 index 0000000000000000000000000000000000000000..0da253d5c34095a36ebaabdeae0816cb4401ca21 --- /dev/null +++ b/test/v3-cert1.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx +NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz +dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw +ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu +ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 +ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp +miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C +AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK +Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x +DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR +MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB +AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 +X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 +WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO +-----END CERTIFICATE----- diff --git a/test/v3-cert2.pem b/test/v3-cert2.pem new file mode 100644 index 0000000000000000000000000000000000000000..de0723ff8de34089749986cc95beec11996124c6 --- /dev/null +++ b/test/v3-cert2.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD +YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 +ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu +dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 +WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV +BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx +FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA +6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT +G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ +YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm +b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc +F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz +lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap +jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= +-----END CERTIFICATE----- diff --git a/times/486-66.dos b/times/486-66.dos new file mode 100644 index 0000000000000000000000000000000000000000..1644bf8022a379109d861d4a645340e97f6f6e50 --- /dev/null +++ b/times/486-66.dos @@ -0,0 +1,22 @@ +MS-dos static libs, 16bit C build, 16bit assember + +SSLeay 0.6.1 +options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short) +C flags:cl /ALw /Gx- /Gf /f- /Ocgnotb2 /G2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -D +NO_SOCK +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 18.62k 55.54k 76.88k 85.39k 86.52k +md5 94.03k 442.06k 794.38k 974.51k 1061.31k +sha 38.37k 166.23k 272.78k 331.41k 353.77k +sha1 34.38k 147.77k 244.77k 292.57k 312.08k +rc4 641.25k 795.34k 817.16k 829.57k 817.16k +des cfb 111.46k 118.08k 120.69k 119.16k 119.37k +des cbc 122.96k 135.69k 137.10k 135.69k 135.40k +des ede3 48.01k 50.92k 50.32k 50.96k 50.96k +idea cfb 97.09k 100.21k 100.36k 101.14k 100.98k +idea cbc 102.08k 109.41k 111.46k 111.65k 110.52k +rc2 cfb 120.47k 125.55k 125.79k 125.55k 125.55k +rc2 cbc 129.77k 140.33k 143.72k 142.16k 141.85k +rsa 512 bits 0.264s +rsa 1024 bits 1.494s diff --git a/times/486-66.nt b/times/486-66.nt new file mode 100644 index 0000000000000000000000000000000000000000..b26a9005d63e64f9b34d94426be29328953aee5c --- /dev/null +++ b/times/486-66.nt @@ -0,0 +1,22 @@ +SSLeay 0.6.1 02-Jul-1996 +built on Fri Jul 10 09:53:15 EST 1996 +options:bn(64,32) md2(int) rc4(idx,int) des(idx,long) idea(int) +C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /nologo -DWIN32 -DL_ENDIAN /MD +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 38.27k 107.28k 145.43k 159.60k 164.15k +md5 399.00k 1946.13k 3610.80k 4511.94k 4477.27k +sha 182.04k 851.26k 1470.65k 1799.20k 1876.48k +sha1 151.83k 756.55k 1289.76k 1567.38k 1625.70k +rc4 1853.92k 2196.25k 2232.91k 2241.31k 2152.96k +des cfb 360.58k 382.69k 384.94k 386.07k 377.19k +des cbc 376.10k 431.87k 436.32k 437.78k 430.45k +des ede3 152.55k 160.38k 161.51k 161.33k 159.98k +idea cfb 245.59k 255.60k 256.65k 257.16k 254.61k +idea cbc 257.16k 276.12k 279.05k 279.11k 276.70k +rc2 cfb 280.25k 293.49k 294.74k 294.15k 291.47k +rc2 cbc 295.47k 321.57k 324.76k 324.76k 320.00k +rsa 512 bits 0.084s +rsa 1024 bits 0.495s +rsa 2048 bits 3.435s + diff --git a/times/486-66.w31 b/times/486-66.w31 new file mode 100644 index 0000000000000000000000000000000000000000..381f149b328626cdbb60d3466f1de0d9eef8daac --- /dev/null +++ b/times/486-66.w31 @@ -0,0 +1,23 @@ +Windows 3.1 DLL's, 16 bit C with 32bit assember + +SSLeay 0.6.1 02-Jul-1996 +built on Wed Jul 10 09:53:15 EST 1996 +options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short) +C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16 +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 18.94k 54.27k 73.43k 80.91k 83.75k +md5 78.96k 391.26k 734.30k 919.80k 992.97k +sha 39.01k 168.04k 280.67k 336.08k 359.10k +sha1 35.20k 150.14k 247.31k 294.54k 313.94k +rc4 509.61k 655.36k 678.43k 677.02k 670.10k +des cfb 97.09k 104.69k 106.56k 105.70k 106.56k +des cbc 116.82k 129.77k 131.07k 131.07k 131.07k +des ede3 44.22k 47.90k 48.53k 48.47k 47.86k +idea cfb 83.49k 87.03k 87.03k 87.15k 87.73k +idea cbc 89.04k 96.23k 96.95k 97.81k 97.09k +rc2 cfb 108.32k 113.58k 113.78k 114.57k 114.77k +rc2 cbc 118.08k 131.07k 134.02k 134.02k 132.66k +rsa 512 bits 0.181s +rsa 1024 bits 0.846s + diff --git a/times/586-100.dos b/times/586-100.dos new file mode 100644 index 0000000000000000000000000000000000000000..3085c256b119faf1a3cb802666f283c64af8d676 --- /dev/null +++ b/times/586-100.dos @@ -0,0 +1,24 @@ +ms-dos static libs, 16 bit C and 16 bit assmber + +SSLeay 0.6.1 02-Jul-1996 +built on Tue Jul 9 22:52:54 EST 1996 +options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short) +C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -DNO_SOCK +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 45.99k 130.75k 176.53k 199.35k 203.21k +md5 236.17k 1072.16k 1839.61k 2221.56k 2383.13k +sha 107.97k 459.10k 757.64k 908.64k 954.99k +sha1 96.95k 409.92k 672.16k 788.40k 844.26k +rc4 1659.14k 1956.30k 2022.72k 2022.72k 2022.72k +des cfb 313.57k 326.86k 326.86k 331.83k 326.86k +des cbc 345.84k 378.82k 378.82k 384.38k 378.82k +des ede3 139.59k 144.66k 144.61k 144.45k 143.29k +idea cfb 262.67k 274.21k 274.21k 274.21k 274.21k +idea cbc 284.32k 318.14k 318.14k 318.14k 318.14k +rc2 cfb 265.33k 274.21k 277.69k 277.11k 277.69k +rc2 cbc 283.71k 310.60k 309.86k 313.57k 314.32k +rsa 512 bits 0.104s +rsa 1024 bits 0.566s +rsa 2048 bits 3.680s +rsa 4096 bits 26.740s diff --git a/times/586-100.lnx b/times/586-100.lnx new file mode 100644 index 0000000000000000000000000000000000000000..0c051738c641dfd49cc17bb8a165ec2e93dc7e2a --- /dev/null +++ b/times/586-100.lnx @@ -0,0 +1,23 @@ +SSLeay 0.7.3 30-Apr-1997 +built on Mon May 12 04:13:55 EST 1997 +options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) +C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 72.95k 202.77k 274.01k 300.37k 309.23k +md5 770.57k 4094.02k 7409.41k 9302.36k 9986.05k +sha 363.05k 1571.07k 2613.85k 3134.81k 3320.49k +sha1 340.94k 1462.85k 2419.20k 2892.12k 3042.35k +rc4 3676.91k 4314.94k 4407.47k 4430.51k 4412.76k +des cbc 1489.95k 1799.08k 1841.66k 1851.73k 1848.66k +des ede3 621.93k 711.19k 726.10k 729.77k 729.09k +idea cbc 618.16k 676.99k 683.09k 684.37k 683.59k +rc2 cbc 537.59k 573.93k 578.56k 579.58k 579.70k +blowfish cbc 2077.57k 2682.20k 2827.18k 2840.92k 2842.62k +rsa 512 bits 0.024s 0.003 +rsa 1024 bits 0.120s 0.003 +rsa 2048 bits 0.751s 0.026 +rsa 4096 bits 5.320s 0.096 +dsa 512 bits 0.022s 0.042 +dsa 1024 bits 0.065s 0.126 +dsa 2048 bits 0.227s 0.449 diff --git a/times/586-100.nt b/times/586-100.nt new file mode 100644 index 0000000000000000000000000000000000000000..9adcac31050ac514b3571ae01105383f127f42dc --- /dev/null +++ b/times/586-100.nt @@ -0,0 +1,23 @@ +SSLeay 0.7.3 30-Apr-1997 +built on Mon May 19 10:47:38 EST 1997 +options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) +C flags not available +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 89.57k 245.94k 331.59k 362.95k 373.29k +md5 858.93k 4175.51k 7700.21k 9715.78k 10369.11k +sha 466.18k 2103.67k 3607.69k 4399.31k 4669.16k +sha1 449.59k 2041.02k 3496.13k 4256.45k 4512.92k +rc4 5862.55k 7447.27k 7698.80k 7768.38k 7653.84k +des cbc 1562.71k 1879.84k 1928.24k 1938.93k 1911.02k +des ede3 680.27k 707.97k 728.62k 733.15k 725.98k +idea cbc 797.46k 885.85k 895.68k 898.06k 896.45k +rc2 cbc 609.46k 648.75k 654.01k 654.42k 653.60k +blowfish cbc 2357.94k 3000.22k 3106.89k 3134.76k 3080.42k +rsa 512 bits 0.022s 0.003 +rsa 1024 bits 0.112s 0.003 +rsa 2048 bits 0.726s 0.026 +rsa 4096 bits 5.268s 0.095 +dsa 512 bits 0.021s 0.039 +dsa 1024 bits 0.063s 0.127 +dsa 2048 bits 0.224s 0.451 diff --git a/times/586-100.w31 b/times/586-100.w31 new file mode 100644 index 0000000000000000000000000000000000000000..d5b1c102435ee944f403752ba8234a5c5e13d1c9 --- /dev/null +++ b/times/586-100.w31 @@ -0,0 +1,27 @@ +Pentium 100, Windows 3.1 DLL's, 16 bit C, 32bit assember. + +Running under Windows NT 4.0 Beta 2 + +SSLeay 0.6.4 20-Aug-1996 +built on Thu Aug 22 08:44:21 EST 1996 +options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short) +C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16 +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 45.83k 128.82k 180.17k 194.90k 198.59k +md5 224.82k 1038.19k 1801.68k 2175.47k 2330.17k +sha 105.11k 448.11k 739.48k 884.13k 944.66k +sha1 94.71k 402.99k 667.88k 795.58k 844.26k +rc4 1614.19k 1956.30k 2022.72k 2022.72k 2022.72k +des cfb 291.27k 318.14k 318.14k 318.14k 322.84k +des cbc 326.86k 356.17k 362.08k 362.08k 367.15k +des ede3 132.40k 139.57k 139.53k 139.37k 140.97k +idea cfb 265.33k 280.67k 280.67k 277.69k 281.27k +idea cbc 274.21k 302.01k 306.24k 306.24k 305.53k +rc2 cfb 264.79k 274.21k 274.78k 274.21k 274.21k +rc2 cbc 281.27k 306.24k 309.86k 305.53k 309.86k +rsa 512 bits 0.058s +rsa 1024 bits 0.280s +rsa 2048 bits 1.430s +rsa 4096 bits 10.600s + diff --git a/times/586p-100.lnx b/times/586p-100.lnx new file mode 100644 index 0000000000000000000000000000000000000000..561eb3114fe21dbd9f32b69943c7240685f34736 --- /dev/null +++ b/times/586p-100.lnx @@ -0,0 +1,26 @@ +Pentium 100 - Linux 1.2.13 - gcc 2.7.2p +This is the pentium specific version of gcc + +SSLeay 0.6.4 20-Aug-1996 +built on Thu Aug 22 08:27:58 EST 1996 +options:bn(64,32) md2(char) rc4(idx,int) des(idx,long) idea(int) +C flags:gcc -DL_ENDIAN -DTERMIO -O6 -fomit-frame-pointer -mpentium -Wall +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 74.90k 208.43k 282.11k 309.59k 318.43k +md5 807.08k 4205.67k 7801.51k 9958.06k 10810.71k +sha 405.98k 1821.55k 3119.10k 3799.04k 4052.31k +sha1 389.13k 1699.50k 2852.78k 3437.57k 3656.36k +rc4 3621.15k 4130.07k 4212.74k 4228.44k 4213.42k +des cfb 794.39k 828.37k 831.74k 832.51k 832.85k +des cbc 817.68k 886.17k 894.72k 896.00k 892.93k +des ede3 308.83k 323.29k 324.61k 324.95k 324.95k +idea cfb 690.41k 715.39k 718.51k 719.19k 718.17k +idea cbc 696.80k 760.60k 767.32k 768.68k 770.05k +rc2 cfb 619.91k 639.74k 642.30k 642.73k 641.71k +rc2 cbc 631.99k 671.42k 676.35k 676.18k 677.21k +rsa 512 bits 0.025s +rsa 1024 bits 0.123s +rsa 2048 bits 0.756s +rsa 4096 bits 5.365s + diff --git a/times/686-200.bsd b/times/686-200.bsd new file mode 100644 index 0000000000000000000000000000000000000000..f23c580e09f596fdbfe74772047ae34083a82278 --- /dev/null +++ b/times/686-200.bsd @@ -0,0 +1,25 @@ +Pentium Pro 200mhz +FreeBSD 2.1.5 +gcc 2.7.2.2 + +SSLeay 0.7.0 30-Jan-1997 +built on Tue Apr 22 12:14:36 EST 1997 +options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) +C flags:gcc -DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 130.99k 367.68k 499.09k 547.04k 566.50k +md5 1924.98k 8293.50k 13464.41k 16010.39k 16820.68k +sha 1250.75k 5330.43k 8636.88k 10227.36k 10779.14k +sha1 1071.55k 4572.50k 7459.98k 8791.96k 9341.61k +rc4 10724.22k 14546.25k 15240.18k 15259.50k 15265.63k +des cbc 3309.11k 3883.01k 3968.25k 3971.86k 3979.14k +des ede3 1442.98k 1548.33k 1562.48k 1562.00k 1563.33k +idea cbc 2195.69k 2506.39k 2529.59k 2545.66k 2546.54k +rc2 cbc 806.00k 833.52k 837.58k 838.52k 836.69k +blowfish cbc 4687.34k 5949.97k 6182.43k 6248.11k 6226.09k +rsa 512 bits 0.010s +rsa 1024 bits 0.045s +rsa 2048 bits 0.260s +rsa 4096 bits 1.690s + diff --git a/times/686-200.nt b/times/686-200.nt new file mode 100644 index 0000000000000000000000000000000000000000..c8cbaa04e39daff07a29cf99dd8a6aeede7db239 --- /dev/null +++ b/times/686-200.nt @@ -0,0 +1,24 @@ +built on Tue May 13 08:24:51 EST 1997 +options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfi +sh(ptr2) +C flags not available +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 156.39k 427.99k 576.14k 628.36k 647.27k +md5 2120.48k 10255.02k 18396.07k 22795.13k 24244.53k +sha 1468.59k 6388.89k 10686.12k 12826.62k 13640.01k +sha1 1393.46k 6013.34k 9974.56k 11932.59k 12633.45k +rc4 13833.46k 19275.29k 20321.24k 20281.93k 20520.08k +des cbc 3382.50k 4104.02k 4152.78k 4194.30k 4194.30k +des ede3 1465.51k 1533.00k 1549.96k 1553.29k 1570.29k +idea cbc 2579.52k 3079.52k 3130.08k 3153.61k 3106.89k +rc2 cbc 1204.57k 1276.42k 1285.81k 1289.76k 1285.81k +blowfish cbc 5229.81k 6374.32k 6574.14k 6574.14k 6594.82k +rsa 512 bits 0.008s 0.001 +rsa 1024 bits 0.038s 0.001 +rsa 2048 bits 0.231s 0.008 +rsa 4096 bits 1.540s 0.027 +dsa 512 bits 0.007s 0.013 +dsa 1024 bits 0.021s 0.040 +dsa 2048 bits 0.066s 0.130 + diff --git a/times/R10000.t b/times/R10000.t new file mode 100644 index 0000000000000000000000000000000000000000..6b3874c8665d7e6ccfaa803f423e25c37e5c260e --- /dev/null +++ b/times/R10000.t @@ -0,0 +1,24 @@ +IRIX 6.2 - R10000 195mhz +SLeay 0.6.5a 06-Dec-1996 +built on Tue Dec 24 03:51:45 EST 1996 +options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) +C flags:cc -O2 -DTERMIOS -DB_ENDIAN +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 156.34k 424.03k 571.88k 628.88k 646.01k +md5 1885.02k 8181.72k 13440.53k 16020.60k 16947.54k +sha 1587.12k 7022.05k 11951.24k 14440.12k 15462.74k +sha1 1413.13k 6215.86k 10571.16k 12736.22k 13628.51k +rc4 10556.28k 11974.08k 12077.10k 12111.38k 12103.20k +des cfb 2977.71k 3252.27k 3284.36k 3302.66k 3290.54k +des cbc 3298.31k 3704.96k 3771.30k 3730.73k 3778.80k +des ede3 1278.28k 1328.82k 1342.66k 1339.82k 1343.27k +idea cfb 2843.34k 3138.04k 3180.95k 3176.46k 3188.54k +idea cbc 3115.21k 3558.03k 3590.61k 3591.24k 3601.18k +rc2 cfb 2006.66k 2133.33k 2149.03k 2159.36k 2149.71k +rc2 cbc 2167.07k 2315.30k 2338.05k 2329.34k 2333.90k +rsa 512 bits 0.008s +rsa 1024 bits 0.043s +rsa 2048 bits 0.280s +rsa 4096 bits 2.064s + diff --git a/times/R4400.t b/times/R4400.t new file mode 100644 index 0000000000000000000000000000000000000000..af8848ffe369f0bcbf0980d1d296c60d9c1045a1 --- /dev/null +++ b/times/R4400.t @@ -0,0 +1,26 @@ +IRIX 5.3 +R4400 200mhz +cc -O2 +SSLeay 0.6.5a 06-Dec-1996 +built on Mon Dec 23 11:51:11 EST 1996 +options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) +C flags:cc -O2 -DTERMIOS -DB_ENDIAN +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 100.62k 280.25k 380.15k 416.02k 428.82k +md5 828.62k 3525.05k 6311.98k 7742.51k 8328.04k +sha 580.04k 2513.74k 4251.73k 5101.04k 5394.80k +sha1 520.23k 2382.94k 4107.82k 5024.62k 5362.56k +rc4 5871.53k 6323.08k 6357.49k 6392.04k 6305.45k +des cfb 1016.76k 1156.72k 1176.59k 1180.55k 1181.65k +des cbc 1016.38k 1303.81k 1349.10k 1359.41k 1356.62k +des ede3 607.39k 650.74k 655.11k 657.52k 654.18k +idea cfb 1296.10k 1348.66k 1353.80k 1358.75k 1355.40k +idea cbc 1453.90k 1554.68k 1567.84k 1569.89k 1573.57k +rc2 cfb 1199.86k 1251.69k 1253.57k 1259.56k 1251.31k +rc2 cbc 1334.60k 1428.55k 1441.89k 1445.42k 1441.45k +rsa 512 bits 0.024s +rsa 1024 bits 0.125s +rsa 2048 bits 0.806s +rsa 4096 bits 5.800s + diff --git a/times/aix.t b/times/aix.t new file mode 100644 index 0000000000000000000000000000000000000000..4f24e3980e5563a69b137f2971bf5758b4c69a0b --- /dev/null +++ b/times/aix.t @@ -0,0 +1,34 @@ +from Paco Garcia +This machine is a Bull Estrella Minitower Model MT604-100 +Processor : PPC604 +P.Speed : 100Mhz +Data/Instr Cache : 16 K +L2 Cache : 256 K +PCI BUS Speed : 33 Mhz +TransfRate PCI : 132 MB/s +Memory : 96 MB + +AIX 4.1.4 + +SSLeay 0.6.6 14-Jan-1997 +built on Mon Jan 13 21:36:03 CUT 1997 +options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish +(idx) +C flags:cc -O -DAIX -DB_ENDIAN +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 53.83k 147.46k 197.63k 215.72k 221.70k +md5 1278.13k 5354.77k 8679.60k 10195.09k 10780.56k +sha 1055.34k 4600.37k 7721.30k 9298.94k 9868.63k +sha1 276.90k 1270.25k 2187.95k 2666.84k 2850.82k +rc4 4660.57k 5268.93k 5332.48k 5362.47k 5346.65k +des cbc 1774.16k 1981.10k 1979.56k 2032.71k 1972.25k +des ede3 748.81k 781.42k 785.66k 785.75k 780.84k +idea cbc 2066.19k 2329.58k 2378.91k 2379.86k 2380.89k +rc2 cbc 1278.53k 1379.69k 1389.99k 1393.66k 1389.91k +blowfish cbc 2812.91k 3307.90k 3364.91k 3386.37k 3374.32k +rsa 512 bits 0.019s +rsa 1024 bits 0.096s +rsa 2048 bits 0.614s +rsa 4096 bits 4.433s + diff --git a/times/aixold.t b/times/aixold.t new file mode 100644 index 0000000000000000000000000000000000000000..0b51412cf9f04bee65322cc7b5ad2508d4b016e0 --- /dev/null +++ b/times/aixold.t @@ -0,0 +1,23 @@ +SSLeay 0.7.3r 20-May-1997 +built on Mon Jun 2 04:06:32 EST 1997 +options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish(idx) +C flags:cc -O -DAIX -DB_ENDIAN +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 19.09k 52.47k 71.23k 77.49k 78.93k +md5 214.56k 941.21k 1585.43k 1883.12k 1988.70k +sha 118.35k 521.65k 860.28k 1042.27k 1100.46k +sha1 109.52k 478.98k 825.90k 995.48k 1049.69k +rc4 1263.63k 1494.24k 1545.70k 1521.66k 1518.99k +des cbc 259.62k 286.55k 287.15k 288.15k 289.45k +des ede3 104.92k 107.88k 109.27k 109.25k 109.96k +idea cbc 291.63k 320.07k 319.40k 320.51k 318.27k +rc2 cbc 220.04k 237.76k 241.44k 245.90k 244.08k +blowfish cbc 407.95k 474.83k 480.99k 485.71k 481.07k +rsa 512 bits 0.157s 0.019 +rsa 1024 bits 0.908s 0.023 +rsa 2048 bits 6.225s 0.218 +rsa 4096 bits 46.500s 0.830 +dsa 512 bits 0.159s 0.312 +dsa 1024 bits 0.536s 1.057 +dsa 2048 bits 1.970s 3.977 diff --git a/times/alpha.t b/times/alpha.t new file mode 100644 index 0000000000000000000000000000000000000000..3a7c6c4983622fbdb3ba4f79e6dcc0fed7d99059 --- /dev/null +++ b/times/alpha.t @@ -0,0 +1,81 @@ +SSLeay-051 Alpha gcc -O3 64Bit (assember bn_mul) +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 44.40k 121.56k 162.73k 179.20k 185.01k +md5 780.85k 3278.53k 5281.52k 6327.98k 6684.67k +sha 501.40k 2249.19k 3855.27k 4801.19k 5160.96k +sha-1 384.99k 1759.72k 3113.64k 3946.92k 4229.80k +rc4 3505.05k 3724.54k 3723.78k 3555.33k 3694.68k +des cfb 946.96k 1015.27k 1021.87k 1033.56k 1037.65k +des cbc 1001.24k 1220.20k 1243.31k 1272.73k 1265.87k +des ede3 445.34k 491.65k 500.53k 502.10k 502.44k +idea cfb 643.53k 667.49k 663.81k 666.28k 664.51k +idea cbc 650.42k 735.41k 733.27k 742.74k 745.47k +rsa 512 bits 0.031s +rsa 1024 bits 0.141s +rsa 2048 bits 0.844s +rsa 4096 bits 6.033s + +SSLeay-051 Alpha cc -O2 64bit (assember bn_mul) +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 45.37k 122.86k 165.97k 182.95k 188.42k +md5 842.42k 3629.93k 5916.76k 7039.17k 7364.61k +sha 498.93k 2197.23k 3895.60k 4756.48k 5132.13k +sha-1 382.02k 1757.21k 3112.53k 3865.23k 4128.77k +rc4 2975.25k 3049.33k 3180.97k 3214.68k 3424.26k +des cfb 901.55k 990.83k 1006.08k 1011.19k 1004.89k +des cbc 947.84k 1127.84k 1163.67k 1162.24k 1157.80k +des ede3 435.62k 485.57k 493.67k 491.52k 491.52k +idea cfb 629.31k 648.66k 647.77k 648.53k 649.90k +idea cbc 565.15k 608.00k 613.46k 613.38k 617.13k +rsa 512 bits 0.030s +rsa 1024 bits 0.141s +rsa 2048 bits 0.854s +rsa 4096 bits 6.067s + +des cfb 718.28k 822.64k 833.11k 836.27k 841.05k +des cbc 806.10k 951.42k 975.83k 983.73k 991.23k +des ede3 329.50k 379.11k 387.95k 387.41k 388.33k + +des cfb 871.62k 948.65k 951.81k 953.00k 955.58k +des cbc 953.60k 1174.27k 1206.70k 1216.10k 1216.44k +des ede3 349.34k 418.05k 427.26k 429.74k 431.45k + + + + +SSLeay-045c Alpha gcc -O3 64Bit +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 44.95k 122.22k 164.27k 180.62k 184.66k +md5 808.71k 3371.95k 5415.68k 6385.66k 6684.67k +sha 493.68k 2162.05k 3725.82k 4552.02k 4838.74k +rc4 3317.32k 3649.09k 3728.30k 3744.09k 3691.86k +cfb des 996.45k 1050.77k 1058.30k 1059.16k 1064.96k +cbc des 1096.52k 1255.49k 1282.13k 1289.90k 1299.80k +ede3 des 482.14k 513.51k 518.66k 520.19k 521.39k +cfb idea 519.90k 533.40k 535.21k 535.55k 535.21k +cbc idea 619.34k 682.21k 688.04k 689.15k 690.86k +rsa 512 bits 0.050s +rsa 1024 bits 0.279s +rsa 2048 bits 1.908s +rsa 4096 bits 14.750s + +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 37.31k 102.77k 137.64k 151.55k 155.78k +md5 516.65k 2535.21k 4655.72k 5859.66k 6343.34k +rc4 3519.61k 3707.01k 3746.86k 3755.39k 3675.48k +cfb des 780.27k 894.68k 913.10k 921.26k 922.97k +cbc des 867.54k 1040.13k 1074.17k 1075.54k 1084.07k +ede3 des 357.19k 397.36k 398.08k 402.28k 401.41k +cbc idea 646.53k 686.44k 694.03k 691.20k 693.59k +rsa 512 bits 0.046s +rsa 1024 bits 0.270s +rsa 2048 bits 1.858s +rsa 4096 bits 14.350s + +md2 C 37.83k 103.17k 137.90k 150.87k 155.37k +md2 L 37.30k 102.04k 139.01k 152.74k 155.78k +rc4 I 3532.24k 3718.08k 3750.83k 3768.78k 3694.59k +rc4 CI 2662.97k 2873.26k 2907.22k 2920.63k 2886.31k +rc4 LI 3514.63k 3738.72k 3747.41k 3752.96k 3708.49k +cbc idea S 619.01k 658.68k 661.50k 662.53k 663.55k +cbc idea L 645.69k 684.22k 694.55k 692.57k 690.86k diff --git a/times/alpha400.t b/times/alpha400.t new file mode 100644 index 0000000000000000000000000000000000000000..079e0d187ce3b448686dceba41f89e50c67c55be --- /dev/null +++ b/times/alpha400.t @@ -0,0 +1,25 @@ +Alpha EV5.6 (21164A) 400mhz + +SSLeay 0.7.3r 20-May-1997 +built on Mon Jun 2 03:39:58 EST 1997 +options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx) +C flags:cc -arch host -tune host -fast -std -O4 -inline speed +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 274.98k 760.96k 1034.27k 1124.69k 1148.69k +md5 2524.46k 11602.60k 19838.81k 24075.26k 25745.10k +sha 1848.46k 8335.66k 14232.49k 17247.91k 18530.30k +sha1 1639.67k 7336.53k 12371.80k 14807.72k 15870.63k +rc4 17950.93k 19390.66k 19652.44k 19700.39k 19412.31k +des cbc 4018.59k 4872.06k 4988.76k 5003.26k 4995.73k +des ede3 1809.11k 1965.67k 1984.26k 1986.90k 1982.46k +idea cbc 2848.82k 3204.33k 3250.26k 3257.34k 3260.42k +rc2 cbc 3766.08k 4349.50k 4432.21k 4448.94k 4448.26k +blowfish cbc 6694.88k 9042.35k 9486.93k 9598.98k 9624.91k +rsa 512 bits 0.003s 0.000 +rsa 1024 bits 0.013s 0.000 +rsa 2048 bits 0.081s 0.003 +rsa 4096 bits 0.577s 0.011 +dsa 512 bits 0.003s 0.005 +dsa 1024 bits 0.007s 0.014 +dsa 2048 bits 0.025s 0.050 diff --git a/times/cyrix100.lnx b/times/cyrix100.lnx new file mode 100644 index 0000000000000000000000000000000000000000..010a2216b1e8642c6453e992298573671a96b997 --- /dev/null +++ b/times/cyrix100.lnx @@ -0,0 +1,22 @@ +SSLeay 0.6.6 06-Dec-1996 +built on Fri Dec 6 10:05:20 GMT 1996 +options:bn(64,32) md2(char) rc4(idx,int) des(idx,risc,16,long) idea(int) +C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 36.77k 102.48k 138.00k 151.57k 155.78k +md5 513.59k 2577.22k 4623.51k 5768.99k 6214.53k +sha 259.89k 1105.45k 1814.97k 2156.16k 2292.13k +sha1 242.43k 1040.95k 1719.44k 2049.74k 2164.64k +rc4 1984.48k 2303.41k 2109.37k 2071.47k 1985.61k +des cfb 712.08k 758.29k 753.17k 752.06k 748.67k +des cbc 787.37k 937.64k 956.77k 961.61k 957.54k +des ede3 353.97k 377.28k 379.99k 379.34k 379.11k +idea cfb 403.80k 418.50k 416.60k 415.78k 415.03k +idea cbc 426.54k 466.40k 471.31k 472.67k 473.14k +rc2 cfb 405.15k 420.05k 418.16k 416.72k 416.36k +rc2 cbc 428.21k 468.43k 473.09k 472.59k 474.70k +rsa 512 bits 0.040s +rsa 1024 bits 0.195s +rsa 2048 bits 1.201s +rsa 4096 bits 8.700s diff --git a/times/dgux-x86.t b/times/dgux-x86.t new file mode 100644 index 0000000000000000000000000000000000000000..70635c536b45db21c76eb5d4342ebb04f5d859ce --- /dev/null +++ b/times/dgux-x86.t @@ -0,0 +1,23 @@ +version:SSLeay 0.5.2c 15-May-1996 +built Fri Jun 14 19:47:04 EST 1996 +options:bn(LLONG,thirty_two) md2(CHAR) rc4(IDX,int) des(ary,long) idea(int) +C flags:gcc -O3 -fomit-frame-pointer -DL_ENDIAN + +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 113.86k 316.48k 428.36k 467.63k 481.56k +md5 1001.99k 5037.99k 9545.94k 12036.95k 11800.38k +sha 628.77k 2743.48k 5113.42k 6206.99k 6165.42k +sha1 583.83k 2638.66k 4538.85k 5532.09k 5917.04k +rc4 5493.27k 6369.39k 6511.30k 6577.83k 6486.73k +des cfb 1219.01k 1286.06k 1299.33k 1288.87k 1381.72k +des cbc 1360.58k 1469.04k 1456.96k 1454.08k 1513.57k +des ede3 544.45k 567.84k 568.99k 570.37k 566.09k +idea cfb 1012.39k 1056.30k 1063.52k 989.17k 863.24k +idea cbc 985.36k 1090.44k 1105.92k 1108.65k 1090.17k +rc2 cfb 963.86k 979.06k 995.30k 937.35k 827.39k +rc2 cbc 951.72k 1042.11k 1049.60k 1047.21k 1059.11k +rsa 512 bits 0.032s +rsa 1024 bits 0.159s +rsa 2048 bits 1.025s +rsa 4096 bits 7.270s + diff --git a/times/dgux.t b/times/dgux.t new file mode 100644 index 0000000000000000000000000000000000000000..c7f7564e8dab692ef286367ec544a82d08ed40ec --- /dev/null +++ b/times/dgux.t @@ -0,0 +1,17 @@ +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 38.54k 106.28k 144.00k 157.46k 161.72k +md5 323.23k 1471.62k 2546.11k 3100.20k 3309.57k +rc4 I 1902.74k 2055.20k 2080.42k 2077.88k 2065.46k +cfb des 456.23k 475.22k 481.79k 488.42k 487.17k +cbc des 484.30k 537.50k 553.09k 558.08k 558.67k +ede3 des 199.97k 209.05k 211.03k 211.85k 212.78k +cbc idea 478.50k 519.33k 523.42k 525.09k 526.44k +rsa 512 bits 0.159s !RSA_LLONG +rsa 1024 bits 1.053s +rsa 2048 bits 7.600s +rsa 4096 bits 59.760s + +md2 C 30.53k 83.58k 112.84k 123.22k 126.24k +rc4 1844.56k 1975.50k 1997.73k 1994.95k 1984.88k +rc4 C 1800.09k 1968.85k 1995.20k 1992.36k 1996.80k +rc4 CI 1830.81k 2035.75k 2067.28k 2070.23k 2062.77k diff --git a/times/hpux-acc.t b/times/hpux-acc.t new file mode 100644 index 0000000000000000000000000000000000000000..0c0e936d1932541c8d9a40e07ee8654af101efb9 --- /dev/null +++ b/times/hpux-acc.t @@ -0,0 +1,25 @@ +HPUX 887 + +SSLeay 0.7.3r 20-May-1997 +built on Mon Jun 2 02:59:45 EST 1997 +options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) +C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 58.99k 166.85k 225.07k 247.21k 253.76k +md5 639.22k 2726.98k 4477.25k 5312.69k 5605.20k +sha 381.08k 1661.49k 2793.84k 3368.86k 3581.23k +sha1 349.54k 1514.56k 2536.63k 3042.59k 3224.39k +rc4 2891.10k 4238.01k 4464.11k 4532.49k 4545.87k +des cbc 717.05k 808.76k 820.14k 821.97k 821.96k +des ede3 288.21k 303.50k 303.69k 305.82k 305.14k +idea cbc 325.83k 334.36k 335.89k 336.61k 333.43k +rc2 cbc 793.00k 915.81k 926.69k 933.28k 929.53k +blowfish cbc 1561.91k 2051.97k 2122.65k 2139.40k 2145.92k +rsa 512 bits 0.031s 0.004 +rsa 1024 bits 0.164s 0.004 +rsa 2048 bits 1.055s 0.037 +rsa 4096 bits 7.600s 0.137 +dsa 512 bits 0.029s 0.057 +dsa 1024 bits 0.092s 0.177 +dsa 2048 bits 0.325s 0.646 diff --git a/times/hpux-kr.t b/times/hpux-kr.t new file mode 100644 index 0000000000000000000000000000000000000000..ad4a0adc1876d5a8181f739e10d2b7a54904ca3f --- /dev/null +++ b/times/hpux-kr.t @@ -0,0 +1,23 @@ +SSLeay 0.7.3r 20-May-1997 +built on Mon Jun 2 02:17:35 EST 1997 +options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfish(idx) +C flags:cc -DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 35.30k 98.36k 133.41k 146.34k 150.69k +md5 391.20k 1737.31k 2796.65k 3313.75k 3503.74k +sha 189.55k 848.14k 1436.72k 1735.87k 1848.03k +sha1 175.30k 781.14k 1310.32k 1575.61k 1675.81k +rc4 2070.55k 2501.47k 2556.65k 2578.34k 2584.91k +des cbc 465.13k 536.85k 545.87k 547.86k 548.89k +des ede3 190.05k 200.99k 202.31k 202.22k 202.75k +idea cbc 263.44k 277.77k 282.13k 281.51k 283.15k +rc2 cbc 448.37k 511.39k 519.54k 522.00k 521.31k +blowfish cbc 839.98k 1097.70k 1131.16k 1145.64k 1144.67k +rsa 512 bits 0.048s 0.005 +rsa 1024 bits 0.222s 0.006 +rsa 2048 bits 1.272s 0.042 +rsa 4096 bits 8.445s 0.149 +dsa 512 bits 0.041s 0.077 +dsa 1024 bits 0.111s 0.220 +dsa 2048 bits 0.363s 0.726 diff --git a/times/hpux.t b/times/hpux.t new file mode 100644 index 0000000000000000000000000000000000000000..dcf7615edf363ea099b14fda23b785d9f8ae306d --- /dev/null +++ b/times/hpux.t @@ -0,0 +1,86 @@ +HP-UX A.09.05 9000/712 + +SSLeay 0.6.6 14-Jan-1997 +built on Tue Jan 14 16:36:31 WET 1997 +options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) +blowfish(idx) +C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 66.56k 184.92k 251.82k 259.86k 282.62k +md5 615.54k 2805.92k 4764.30k 5724.21k 6084.39k +sha 358.23k 1616.46k 2781.50k 3325.72k 3640.89k +sha1 327.50k 1497.98k 2619.44k 3220.26k 3460.85k +rc4 3500.47k 3890.99k 3943.81k 3883.74k 3900.02k +des cbc 742.65k 871.66k 887.15k 891.21k 895.40k +des ede3 302.42k 322.50k 324.46k 326.66k 326.05k +idea cbc 664.41k 755.87k 765.61k 772.70k 773.69k +rc2 cbc 798.78k 931.04k 947.69k 950.31k 952.04k +blowfish cbc 1353.32k 1932.29k 2021.93k 2047.02k 2053.66k +rsa 512 bits 0.059s +rsa 1024 bits 0.372s +rsa 2048 bits 2.697s +rsa 4096 bits 20.790s + +SSLeay 0.6.6 14-Jan-1997 +built on Tue Jan 14 15:37:30 WET 1997 +options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) +blowfish(idx) +C flags:gcc -DB_ENDIAN -O3 +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 44.91k 122.57k 167.71k 183.89k 190.24k +md5 532.50k 2316.27k 3965.72k 4740.11k 5055.06k +sha 363.76k 1684.09k 2978.53k 3730.86k 3972.72k +sha1 385.76k 1743.53k 2997.69k 3650.74k 3899.08k +rc4 3178.84k 3621.31k 3672.71k 3684.01k 3571.54k +des cbc 733.00k 844.70k 863.28k 863.72k 868.73k +des ede3 289.99k 308.94k 310.11k 309.64k 312.08k +idea cbc 624.07k 713.91k 724.76k 723.35k 725.13k +rc2 cbc 704.34k 793.39k 804.25k 805.99k 782.63k +blowfish cbc 1371.24k 1823.66k 1890.05k 1915.51k 1920.12k +rsa 512 bits 0.030s +rsa 1024 bits 0.156s +rsa 2048 bits 1.113s +rsa 4096 bits 7.480s + + +HPUX B.10.01 V 9000/887 - HP92453-01 A.10.11 HP C Compiler +SSLeay 0.5.2 - -Aa +ESlit +Oall +O4 -Wl,-a,archive + +HPUX A.09.04 B 9000/887 + +ssleay 0.5.1 gcc v 2.7.0 -O3 -mpa-risc-1-1 +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 53.00k 166.81k 205.66k 241.95k 242.20k +md5 743.22k 3128.44k 6031.85k 6142.07k 7025.26k +sha 481.30k 2008.24k 3361.31k 3985.07k 4180.74k +sha-1 463.60k 1916.15k 3139.24k 3786.27k 3997.70k +rc4 3708.61k 4125.16k 4547.53k 4206.21k 4390.07k +des cfb 665.91k 705.97k 698.48k 694.25k 666.08k +des cbc 679.80k 741.90k 769.85k 747.62k 719.47k +des ede3 264.31k 270.22k 265.63k 273.07k 273.07k +idea cfb 635.91k 673.40k 605.60k 699.53k 672.36k +idea cbc 705.85k 774.63k 750.60k 715.83k 721.50k +rsa 512 bits 0.066s +rsa 1024 bits 0.372s +rsa 2048 bits 2.177s +rsa 4096 bits 16.230s + +HP92453-01 A.09.61 HP C Compiler +ssleay 0.5.1 cc -Ae +ESlit +Oall -Wl,-a,archive +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 58.69k 163.30k 213.57k 230.40k 254.23k +md5 608.60k 2596.82k 3871.43k 4684.10k 4763.88k +sha 343.26k 1482.43k 2316.80k 2766.27k 2860.26k +sha-1 319.15k 1324.13k 2106.03k 2527.82k 2747.95k +rc4 2467.47k 3374.41k 3265.49k 3354.39k 3368.55k +des cfb 812.05k 814.90k 851.20k 819.20k 854.56k +des cbc 836.35k 994.06k 916.02k 1020.01k 988.14k +des ede3 369.78k 389.15k 401.01k 382.94k 408.03k +idea cfb 290.40k 298.06k 286.11k 296.92k 299.46k +idea cbc 301.30k 297.72k 304.34k 300.10k 309.70k +rsa 512 bits 0.350s +rsa 1024 bits 2.635s +rsa 2048 bits 19.930s + diff --git a/times/p2.w95 b/times/p2.w95 new file mode 100644 index 0000000000000000000000000000000000000000..82d1e5515d59acda22f9d0a0f0a31102d82b8520 --- /dev/null +++ b/times/p2.w95 @@ -0,0 +1,22 @@ +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 235.90k 652.30k 893.36k 985.74k 985.74k +mdc2 779.61k 816.81k 825.65k 816.01k 825.65k +md5 2788.77k 13508.23k 24672.38k 30504.03k 33156.55k +sha 1938.22k 8397.01k 14122.24k 16980.99k 18196.55k +sha1 1817.29k 7832.50k 13168.93k 15738.48k 16810.84k +rc4 15887.52k 21709.65k 22745.68k 22995.09k 22995.09k +des cbc 4599.02k 5377.31k 5377.31k 5533.38k 5533.38k +des ede3 1899.59k 2086.71k 2086.67k 2086.51k 2085.90k +idea cbc 3350.08k 3934.62k 3979.42k 4017.53k 4017.53k +rc2 cbc 1534.13k 1630.76k 1625.70k 1644.83k 1653.91k +blowfish cbc 6678.83k 8490.49k 8701.88k 8848.74k 8886.24k + sign verify +rsa 512 bits 0.0062s 0.0008s +rsa 1024 bits 0.0287s 0.0009s +rsa 2048 bits 0.1785s 0.0059s +rsa 4096 bits 1.1300s 0.0205s + sign verify +dsa 512 bits 0.0055s 0.0100s +dsa 1024 bits 0.0154s 0.0299s +dsa 2048 bits 0.0502s 0.0996s diff --git a/times/readme b/times/readme new file mode 100644 index 0000000000000000000000000000000000000000..7074f5815b9d38a8fba353c7298782b9e1935cdc --- /dev/null +++ b/times/readme @@ -0,0 +1,11 @@ +The 'times' in this directory are not all for the most recent version of +the library and it should be noted that on some CPUs (specifically sparc +and Alpha), the locations of files in the application after linking can +make upto a %10 speed difference when running benchmarks on things like +cbc mode DES. To put it mildly this can be very anoying. + +About the only way to get around this would be to compile the library as one +object file, or to 'include' the source files in a specific order. + +The best way to get an idea of the 'raw' DES speed is to build the +'speed' program in crypto/des. diff --git a/times/s586-100.lnx b/times/s586-100.lnx new file mode 100644 index 0000000000000000000000000000000000000000..cbc3e3c4fb91db4bd0009ba5d80b5d21e88d2519 --- /dev/null +++ b/times/s586-100.lnx @@ -0,0 +1,25 @@ +Shared library build + +SSLeay 0.7.3 30-Apr-1997 +built on Tue May 13 03:43:56 EST 1997 +options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) +C flags:-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 68.95k 191.40k 258.22k 283.31k 291.21k +md5 627.37k 3064.75k 5370.15k 6765.91k 7255.38k +sha 323.35k 1431.32k 2417.07k 2916.69k 3102.04k +sha1 298.08k 1318.34k 2228.82k 2694.83k 2864.47k +rc4 3404.13k 4026.33k 4107.43k 4136.28k 4117.85k +des cbc 1414.60k 1782.53k 1824.24k 1847.64k 1840.47k +des ede3 588.36k 688.19k 700.33k 702.46k 704.51k +idea cbc 582.96k 636.71k 641.54k 642.39k 642.30k +rc2 cbc 569.34k 612.37k 617.64k 617.47k 619.86k +blowfish cbc 2015.77k 2534.49k 2609.65k 2607.10k 2615.98k +rsa 512 bits 0.027s 0.003 +rsa 1024 bits 0.128s 0.003 +rsa 2048 bits 0.779s 0.027 +rsa 4096 bits 5.450s 0.098 +dsa 512 bits 0.024s 0.045 +dsa 1024 bits 0.068s 0.132 +dsa 2048 bits 0.231s 0.469 diff --git a/times/s586-100.nt b/times/s586-100.nt new file mode 100644 index 0000000000000000000000000000000000000000..8e3baf6d5e622b5dc4fe365c99e52c8640c66df4 --- /dev/null +++ b/times/s586-100.nt @@ -0,0 +1,23 @@ +SSLeay 0.7.3 30-Apr-1997 +built on Mon May 19 10:47:38 EST 1997 +options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2) +C flags not available +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 90.26k 248.57k 335.06k 366.09k 376.64k +md5 863.95k 4205.24k 7628.78k 9582.60k 10290.25k +sha 463.93k 2102.51k 3623.28k 4417.85k 4695.29k +sha1 458.23k 2005.88k 3385.78k 4094.00k 4340.13k +rc4 5843.60k 7543.71k 7790.31k 7836.89k 7791.47k +des cbc 1583.95k 1910.67k 1960.69k 1972.12k 1946.13k +des ede3 654.79k 722.60k 740.97k 745.82k 738.27k +idea cbc 792.04k 876.96k 887.35k 892.63k 890.36k +rc2 cbc 603.50k 652.38k 661.85k 662.69k 661.44k +blowfish cbc 2379.88k 3043.76k 3153.61k 3153.61k 3134.76k +rsa 512 bits 0.022s 0.003 +rsa 1024 bits 0.111s 0.003 +rsa 2048 bits 0.716s 0.025 +rsa 4096 bits 5.188s 0.094 +dsa 512 bits 0.020s 0.039 +dsa 1024 bits 0.062s 0.124 +dsa 2048 bits 0.221s 0.441 diff --git a/times/sgi.t b/times/sgi.t new file mode 100644 index 0000000000000000000000000000000000000000..7963610150b7eed3ca4b4ab4022cc586cf602706 --- /dev/null +++ b/times/sgi.t @@ -0,0 +1,29 @@ +SGI Challenge R4400 200mhz IRIX 5.3 - gcc (2.6.3) +SSLeay 0.6.1 02-Jul-1996 +built on Tue Jul 2 16:25:30 EST 1996 +options:bn(64,32) md2(char) rc4(idx,char) des(idx,long) idea(int) +C flags:gcc -O2 -mips2 -DTERMIOS -DB_ENDIAN +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 96.53k 266.70k 360.09k 393.70k 405.07k +md5 971.15k 4382.56k 7406.90k 8979.99k 9559.18k +sha 596.86k 2832.26k 4997.30k 6277.75k 6712.89k +sha1 578.34k 2630.16k 4632.05k 5684.34k 6083.37k +rc4 5641.12k 6821.76k 6996.13k 7052.61k 6913.32k +des cfb 1354.86k 1422.11k 1434.58k 1433.24k 1432.89k +des cbc 1467.13k 1618.92k 1630.08k 1637.00k 1629.62k +des ede3 566.13k 591.91k 596.86k 596.18k 592.54k +idea cfb 1190.60k 1264.49k 1270.38k 1267.84k 1272.37k +idea cbc 1271.45k 1410.37k 1422.49k 1426.46k 1421.73k +rc2 cfb 1285.73k 1371.40k 1380.92k 1383.13k 1379.23k +rc2 cbc 1386.61k 1542.10k 1562.49k 1572.45k 1567.93k +rsa 512 bits 0.018s +rsa 1024 bits 0.106s +rsa 2048 bits 0.738s +rsa 4096 bits 5.535s + +version:SSLeay 0.5.2c 15-May-1996 +rsa 512 bits 0.035s +rsa 1024 bits 0.204s +rsa 2048 bits 1.423s +rsa 4096 bits 10.800s diff --git a/times/sparc.t b/times/sparc.t new file mode 100644 index 0000000000000000000000000000000000000000..1611f76570a4d392607084f1dda6efb1dad27cb7 --- /dev/null +++ b/times/sparc.t @@ -0,0 +1,26 @@ +gcc 2.7.2 +Sparc 10 - Solaris 2.3 - 50mhz +SSLeay 0.7.3r 20-May-1997 +built on Mon Jun 2 00:55:51 EST 1997 +options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) +C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 54.88k 154.52k 210.35k 231.08k 237.21k +md5 550.75k 2460.49k 4116.01k 4988.74k 5159.86k +sha 340.28k 1461.76k 2430.10k 2879.87k 2999.15k +sha1 307.27k 1298.41k 2136.26k 2540.07k 2658.28k +rc4 2652.21k 2805.24k 3301.63k 4003.98k 4071.18k +des cbc 811.78k 903.93k 914.19k 921.60k 932.29k +des ede3 328.21k 344.93k 349.64k 351.48k 345.07k +idea cbc 685.06k 727.42k 734.41k 730.11k 739.21k +rc2 cbc 718.59k 777.02k 781.96k 784.38k 782.60k +blowfish cbc 1268.85k 1520.64k 1568.88k 1587.54k 1591.98k +rsa 512 bits 0.037s 0.005 +rsa 1024 bits 0.213s 0.006 +rsa 2048 bits 1.471s 0.053 +rsa 4096 bits 11.100s 0.202 +dsa 512 bits 0.038s 0.074 +dsa 1024 bits 0.128s 0.248 +dsa 2048 bits 0.473s 0.959 + diff --git a/times/sparcLX.t b/times/sparcLX.t new file mode 100644 index 0000000000000000000000000000000000000000..2fdaed7cc5000c2b33a69210f06d4d18c393af81 --- /dev/null +++ b/times/sparcLX.t @@ -0,0 +1,22 @@ +Sparc Station LX +SSLeay 0.7.3 30-Apr-1997 +built on Thu May 1 10:44:02 EST 1997 +options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) +C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 17.60k 48.72k 66.47k 72.70k 74.72k +md5 226.24k 1082.21k 1982.72k 2594.02k 2717.01k +sha 71.38k 320.71k 551.08k 677.76k 720.90k +sha1 63.08k 280.79k 473.86k 576.94k 608.94k +rc4 1138.30k 1257.67k 1304.49k 1377.78k 1364.42k +des cbc 265.34k 308.85k 314.28k 315.39k 317.20k +des ede3 83.23k 93.13k 94.04k 94.50k 94.63k +idea cbc 254.48k 274.26k 275.88k 274.68k 275.80k +rc2 cbc 328.27k 375.39k 381.43k 381.61k 380.83k +blowfish cbc 487.00k 498.02k 510.12k 515.41k 516.10k +rsa 512 bits 0.093s +rsa 1024 bits 0.537s +rsa 2048 bits 3.823s +rsa 4096 bits 28.650s + diff --git a/times/usparc.t b/times/usparc.t new file mode 100644 index 0000000000000000000000000000000000000000..2215624f9f2e7b1820efe9014784cce16776d6d1 --- /dev/null +++ b/times/usparc.t @@ -0,0 +1,25 @@ +Sparc 2000? - Solaris 2.5.1 - 167mhz Ultra sparc + +SSLeay 0.7.3r 20-May-1997 +built on Mon Jun 2 02:25:48 EST 1997 +options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr) +C flags:cc cc -xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa -DB_ENDIAN +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 135.23k 389.87k 536.66k 591.87k 603.48k +md5 1534.38k 6160.41k 9842.69k 11446.95k 11993.09k +sha 1178.30k 5020.74k 8532.22k 10275.50k 11010.05k +sha1 1114.22k 4703.94k 7703.81k 9236.14k 9756.67k +rc4 10818.03k 13327.57k 13711.10k 13810.69k 13836.29k +des cbc 3052.44k 3320.02k 3356.25k 3369.98k 3295.91k +des ede3 1310.32k 1359.98k 1367.47k 1362.94k 1362.60k +idea cbc 1749.52k 1833.13k 1844.74k 1848.32k 1848.66k +rc2 cbc 1950.25k 2053.23k 2064.21k 2072.58k 2072.58k +blowfish cbc 4927.16k 5659.75k 5762.73k 5797.55k 5805.40k +rsa 512 bits 0.021s 0.003 +rsa 1024 bits 0.126s 0.003 +rsa 2048 bits 0.888s 0.032 +rsa 4096 bits 6.770s 0.122 +dsa 512 bits 0.022s 0.043 +dsa 1024 bits 0.076s 0.151 +dsa 2048 bits 0.286s 0.574 diff --git a/tools/Makefile.ssl b/tools/Makefile.ssl new file mode 100644 index 0000000000000000000000000000000000000000..537e97d268e026f256871a8394ea07b34a670c8b --- /dev/null +++ b/tools/Makefile.ssl @@ -0,0 +1,54 @@ +# +# SSLeay/tools/Makefile +# + +DIR= tools +TOP= .. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= makedepend -f Makefile.ssl +MAKEFILE= Makefile.ssl + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile.ssl +TEST= +APPS= c_hash c_info c_issuer c_name c_rehash + +all: + +install: + @for i in $(APPS) ; \ + do \ + (cp $$i $(INSTALLTOP)/bin/$$i; \ + chmod 755 $(INSTALLTOP)/bin/$$i ); \ + done; + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + +lint: + +tags: + +errors: + +depend: + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/tools/c_hash b/tools/c_hash new file mode 100644 index 0000000000000000000000000000000000000000..54ff9d2cacc6e040befb86f943cb12ca79be4a1f --- /dev/null +++ b/tools/c_hash @@ -0,0 +1,9 @@ +#!/bin/sh +# print out the hash values +# + +for i in $* +do + h=`ssleay x509 -hash -noout -in $i` + echo "$h.0 => $i" +done diff --git a/tools/c_info b/tools/c_info new file mode 100644 index 0000000000000000000000000000000000000000..5dd960b3a1ec30309764d2d6de56fe24e156ade2 --- /dev/null +++ b/tools/c_info @@ -0,0 +1,12 @@ +#!/bin/sh +# +# print the subject +# + +for i in $* +do + n=`ssleay x509 -subject -issuer -enddate -noout -in $i` + echo "$i" + echo "$n" + echo "--------" +done diff --git a/tools/c_issuer b/tools/c_issuer new file mode 100644 index 0000000000000000000000000000000000000000..a885b24b7baec599d2db49c91be9e2fb91a2ae9f --- /dev/null +++ b/tools/c_issuer @@ -0,0 +1,10 @@ +#!/bin/sh +# +# print out the issuer +# + +for i in $* +do + n=`ssleay x509 -issuer -noout -in $i` + echo "$i\t$n" +done diff --git a/tools/c_name b/tools/c_name new file mode 100644 index 0000000000000000000000000000000000000000..4b33e68c5941268d2a8ffd8ff145a88512417e83 --- /dev/null +++ b/tools/c_name @@ -0,0 +1,10 @@ +#!/bin/sh +# +# print the subject +# + +for i in $* +do + n=`ssleay x509 -subject -noout -in $i` + echo "$i $n" +done diff --git a/tools/c_rehash b/tools/c_rehash new file mode 100644 index 0000000000000000000000000000000000000000..007600152c5a78a5476f75bdb2bd1c7ae8b12061 --- /dev/null +++ b/tools/c_rehash @@ -0,0 +1,47 @@ +#!/bin/sh +# +# redo the hashes for the certificates in your cert path or the ones passed +# on the command line. +# + +if [ "$SSLEAY"x = "x" ]; then + SSLEAY='ssleay' + export SSLEAY +fi +DIR=/usr/local/ssl +#PATH=$DIR/bin:$PATH + +SSL_DIR=$DIR/certs + +if [ "$*" = "" ]; then + CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}} +else + CERTS=$* +fi + +IFS=': ' +for i in $CERTS +do + ( + IFS=' ' + if [ -d $i -a -w $i ]; then + cd $i + echo "Doing $i" + for i in *.pem + do + if [ $i != '*.pem' ]; then + h=`$SSLEAY x509 -hash -noout -in $i` + if [ "x$h" = "x" ]; then + echo $i does not contain a certificate + else + if [ -f $h.0 ]; then + /bin/rm -f $h.0 + fi + echo "$i => $h.0" + ln -s $i $h.0 + fi + fi + done + fi + ) +done diff --git a/util/FreeBSD.sh b/util/FreeBSD.sh new file mode 100755 index 0000000000000000000000000000000000000000..db8edfc6aa288b096e060e294073ccf13d3f848b --- /dev/null +++ b/util/FreeBSD.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +perl util/perlpath.pl /usr/bin +perl util/ssldir.pl /usr/local +perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD +perl Configure FreeBSD diff --git a/util/add_cr.pl b/util/add_cr.pl new file mode 100755 index 0000000000000000000000000000000000000000..04d002677cf2e4e267a76c494240db930cd0b465 --- /dev/null +++ b/util/add_cr.pl @@ -0,0 +1,123 @@ +#!/usr/local/bin/perl +# +# This adds a copyright message to a souce code file. +# It also gets the file name correct. +# +# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch] +# + +foreach (@ARGV) + { + &dofile($_); + } + +sub dofile + { + local($file)=@_; + + open(IN,"<$file") || die "unable to open $file:$!\n"; + + print STDERR "doing $file\n"; + @in=; + + return(1) if ($in[0] =~ / NOCW /); + + @out=(); + open(OUT,">$file.out") || die "unable to open $file.$$:$!\n"; + push(@out,"/* $file */\n"); + if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/)) + { + push(@out,&Copyright); + $i=2; + @a=grep(/ Copyright \(C\) /,@in); + if ($#a >= 0) + { + while (($i <= $#in) && ($in[$i] ne " */\n")) + { $i++; } + $i++ if ($in[$i] eq " */\n"); + + while (($i <= $#in) && ($in[$i] =~ /^\s*$/)) + { $i++; } + + push(@out,"\n"); + for ( ; $i <= $#in; $i++) + { push(@out,$in[$i]); } + } + else + { push(@out,@in); } + } + else + { + shift(@in); + push(@out,@in); + } + print OUT @out; + close(IN); + close(OUT); + rename("$file","$file.orig") || die "unable to rename $file:$!\n"; + rename("$file.out",$file) || die "unable to rename $file.out:$!\n"; + } + + + +sub Copyright + { + return <<'EOF'; +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +EOF + } diff --git a/util/ck_errf.pl b/util/ck_errf.pl new file mode 100755 index 0000000000000000000000000000000000000000..3af91744c5f2bfee1f5f5651c08ea23b905879d8 --- /dev/null +++ b/util/ck_errf.pl @@ -0,0 +1,44 @@ +#!/usr/local/bin/perl +# +# This is just a quick script to scan for cases where the 'error' +# function name in a XXXerr() macro is wrong. +# +# Run in the top level by going +# perl util/ck_errf.pl */*.c */*/*.c +# + +foreach $file (@ARGV) + { + open(IN,"<$file") || die "unable to open $file\n"; + $func=""; + while () + { + if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/) + { + $func=$1; + $func =~ tr/A-Z/a-z/; + } + if (/([A-Z0-9]+)err\(([^,]+)/) + { + next if ($func eq ""); + $errlib=$1; + $n=$2; + if ($n !~ /([^_]+)_F_(.+)$/) + { + # print "check -$file:$.:$func:$n\n"; + next; + } + $lib=$1; + $n=$2; + + if ($lib ne $errlib) + { print "$file:$.:$func:$n\n"; next; } + + $n =~ tr/A-Z/a-z/; + if (($n ne $func) && ($errlib ne "SYS")) + { print "$file:$.:$func:$n\n"; next; } + # print "$func:$1\n"; + } + } + } + diff --git a/util/deleof.pl b/util/deleof.pl new file mode 100755 index 0000000000000000000000000000000000000000..155acd88ff1374cd61f9d6a82aa976e2f58d0c5e --- /dev/null +++ b/util/deleof.pl @@ -0,0 +1,7 @@ +#!/usr/local/bin/perl + +while (<>) + { + print + last if (/^# DO NOT DELETE THIS LINE/); + } diff --git a/util/do_ms.sh b/util/do_ms.sh new file mode 100755 index 0000000000000000000000000000000000000000..03e349df6cad64773ffa11cfb8085980dbaffdbf --- /dev/null +++ b/util/do_ms.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# +# generate the Microsoft makefiles and .def files +# + +PATH=util:../util:$PATH + +# perl util/mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak +# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak +perl util/mk1mf.pl VC-W31-32 dll >ms/w31dll.mak +# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak +perl util/mk1mf.pl VC-WIN32 dll >ms/ntdll.mak + +perl util/mkdef.pl 16 libeay > ms/libeay16.def +perl util/mkdef.pl 32 libeay > ms/libeay32.def +perl util/mkdef.pl 16 ssleay > ms/ssleay16.def +perl util/mkdef.pl 32 ssleay > ms/ssleay32.def diff --git a/util/err-ins.pl b/util/err-ins.pl new file mode 100755 index 0000000000000000000000000000000000000000..31b70df8d0e28e329bbb1b15ae69a6337ee357c3 --- /dev/null +++ b/util/err-ins.pl @@ -0,0 +1,33 @@ +#!/usr/local/bin/perl +# +# tack error codes onto the end of a file +# + +open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n"; +@err=; +close(ERR); + +open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n"; + +@out=""; +while () + { + push(@out,$_); + last if /BEGIN ERROR CODES/; + } +close(IN); + +open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n"; +print OUT @out; +print OUT @err; +print OUT <<"EOF"; + +#ifdef __cplusplus +} +#endif +#endif + +EOF +close(OUT); + + diff --git a/util/files.pl b/util/files.pl new file mode 100755 index 0000000000000000000000000000000000000000..41f033e3b9aa409dba89c65bc9481e6be5d0a8ae --- /dev/null +++ b/util/files.pl @@ -0,0 +1,61 @@ +#!/usr/local/bin/perl +# +# used to generate the file MINFO for use by util/mk1mf.pl +# It is basically a list of all variables from the passed makefile +# + +$s=""; +while (<>) + { + chop; + s/#.*//; + if (/^(\S+)\s*=\s*(.*)$/) + { + $o=""; + ($s,$b)=($1,$2); + for (;;) + { + if ($b =~ /\\$/) + { + chop($b); + $o.=$b." "; + $b=<>; + chop($b); + } + else + { + $o.=$b." "; + last; + } + } + $o =~ s/^\s+//; + $o =~ s/\s+$//; + $o =~ s/\s+/ /g; + + $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g; + $sym{$s}=$o; + } + } + +$pwd=`pwd`; chop($pwd); + +if ($sym{'TOP'} eq ".") + { + $n=0; + $dir="."; + } +else { + $n=split(/\//,$sym{'TOP'}); + @_=split(/\//,$pwd); + $z=$#_-$n+1; + foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; } + chop($dir); + } + +print "RELATIVE_DIRECTORY=$dir\n"; + +foreach (sort keys %sym) + { + print "$_=$sym{$_}\n"; + } +print "RELATIVE_DIRECTORY=\n"; diff --git a/util/fixNT.sh b/util/fixNT.sh new file mode 100755 index 0000000000000000000000000000000000000000..a4eee1b7f3dbf87febc939ae93ddfb8c082f5852 --- /dev/null +++ b/util/fixNT.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# clean up the mess that NT makes of my source tree +# + +if [ -f makefile.ssl -a ! -f Makefile.ssl ]; then + /bin/mv makefile.ssl Makefile.ssl +fi +chmod +x Configure util/* +echo cleaning +/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null +echo 'removing those damn ^M' +perl -pi -e 's/\015//' * */* */*/* 2>/dev/null >/dev/null +make -f Makefile.ssl links diff --git a/util/install.sh b/util/install.sh new file mode 100755 index 0000000000000000000000000000000000000000..e1d0c982df50226f57ef0c0a0f73a58302b2a3a4 --- /dev/null +++ b/util/install.sh @@ -0,0 +1,108 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5; it is not part of GNU. +# +# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $ +# +# This script is compatible with the BSD install script, but was written +# from scratch. +# + + +# set DOITPROG to echo to test this script + +doit="${DOITPROG:-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG:-mv}" +cpprog="${CPPROG:-cp}" +chmodprog="${CHMODPROG:-chmod}" +chownprog="${CHOWNPROG:-chown}" +chgrpprog="${CHGRPPROG:-chgrp}" +stripprog="${STRIPPROG:-strip}" +rmprog="${RMPROG:-rm}" + +instcmd="$mvprog" +chmodcmd="" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +src="" +dst="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +fi + +if [ x"$dst" = x ] +then + echo "install: no destination specified" + exit 1 +fi + + +# if destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + +if [ -d $dst ] +then + dst="$dst"/`basename $src` +fi + + +# get rid of the old one and mode the new one in + +$doit $rmcmd $dst +$doit $instcmd $src $dst + + +# and set any options; do chmod last to preserve setuid bits + +if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi +if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi +if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi +if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi + +exit 0 diff --git a/util/libeay.num b/util/libeay.num new file mode 100755 index 0000000000000000000000000000000000000000..04ad69c6a1d3347e401f1bb0acfa8cab1efc2c7f --- /dev/null +++ b/util/libeay.num @@ -0,0 +1,955 @@ +SSLeay 1 +SSLeay_version 2 +ASN1_BIT_STRING_asn1_meth 3 +ASN1_HEADER_free 4 +ASN1_HEADER_new 5 +ASN1_IA5STRING_asn1_meth 6 +ASN1_INTEGER_get 7 +ASN1_INTEGER_set 8 +ASN1_INTEGER_to_BN 9 +ASN1_OBJECT_create 10 +ASN1_OBJECT_free 11 +ASN1_OBJECT_new 12 +ASN1_PRINTABLE_type 13 +ASN1_STRING_cmp 14 +ASN1_STRING_dup 15 +ASN1_STRING_free 16 +ASN1_STRING_new 17 +ASN1_STRING_print 18 +ASN1_STRING_set 19 +ASN1_STRING_type_new 20 +ASN1_TYPE_free 21 +ASN1_TYPE_new 22 +ASN1_UNIVERSALSTRING_to_string 23 +ASN1_UTCTIME_check 24 +ASN1_UTCTIME_print 25 +ASN1_UTCTIME_set 26 +ASN1_check_infinite_end 27 +ASN1_d2i_bio 28 +ASN1_d2i_fp 29 +ASN1_digest 30 +ASN1_dup 31 +ASN1_get_object 32 +ASN1_i2d_bio 33 +ASN1_i2d_fp 34 +ASN1_object_size 35 +ASN1_parse 36 +ASN1_put_object 37 +ASN1_sign 38 +ASN1_verify 39 +BF_cbc_encrypt 40 +BF_cfb64_encrypt 41 +BF_ecb_encrypt 42 +BF_encrypt 43 +BF_ofb64_encrypt 44 +BF_options 45 +BF_set_key 46 +BIO_CONNECT_free 47 +BIO_CONNECT_new 48 +BIO_PROXY_free 49 +BIO_PROXY_new 50 +BIO_accept 51 +BIO_ctrl 52 +BIO_ctrl_int 53 +BIO_debug_callback 54 +BIO_dump 55 +BIO_dup_chain 56 +BIO_f_base64 57 +BIO_f_buffer 58 +BIO_f_cipher 59 +BIO_f_md 60 +BIO_f_null 61 +BIO_f_proxy_server 62 +BIO_fd_non_fatal_error 63 +BIO_fd_should_retry 64 +BIO_find_type 65 +BIO_free 66 +BIO_free_all 67 +BIO_get_accept 68 +BIO_get_accept_socket 69 +BIO_get_filter_bio 70 +BIO_get_host_ip 71 +BIO_get_port 72 +BIO_get_retry_BIO 73 +BIO_get_retry_reason 74 +BIO_gethostbyname 75 +BIO_gets 76 +BIO_nbio_sock_error 77 +BIO_new 78 +BIO_new_accept 79 +BIO_new_connect 80 +BIO_new_fd 81 +BIO_new_file 82 +BIO_new_fp 83 +BIO_new_socket 84 +BIO_pop 85 +BIO_printf 86 +BIO_push 87 +BIO_puts 88 +BIO_read 89 +BIO_s_accept 90 +BIO_s_connect 91 +BIO_s_fd 92 +BIO_s_file 93 +BIO_s_file_internal_w16 94 +BIO_s_mem 95 +BIO_s_null 96 +BIO_s_proxy_client 97 +BIO_s_socket 98 +BIO_s_socket 99 +BIO_set 100 +BIO_set_cipher 101 +BIO_set_tcp_ndelay 102 +BIO_sock_cleanup 103 +BIO_sock_error 104 +BIO_sock_init 105 +BIO_sock_non_fatal_error 106 +BIO_sock_should_retry 107 +BIO_socket_ioctl 108 +BIO_write 109 +BN_CTX_free 110 +BN_CTX_new 111 +BN_MONT_CTX_free 112 +BN_MONT_CTX_new 113 +BN_MONT_CTX_set 114 +BN_add 115 +BN_add_word 116 +BN_ascii2bn 117 +BN_bin2bn 118 +BN_bn2ascii 119 +BN_bn2bin 120 +BN_clear 121 +BN_clear_bit 122 +BN_clear_free 123 +BN_cmp 124 +BN_copy 125 +BN_div 126 +BN_div_word 127 +BN_dup 128 +BN_free 129 +BN_from_montgomery 130 +BN_gcd 131 +BN_generate_prime 132 +BN_get_word 133 +BN_is_bit_set 134 +BN_is_prime 135 +BN_lshift 136 +BN_lshift1 137 +BN_mask_bits 138 +BN_mod 139 +BN_mod_exp 140 +BN_mod_exp_mont 141 +BN_mod_exp_recp 142 +BN_mod_exp_simple 143 +BN_mod_inverse 144 +BN_mod_mul 145 +BN_mod_mul_montgomery 146 +BN_mod_mul_reciprocal 147 +BN_mod_word 148 +BN_mul 149 +BN_new 150 +BN_num_bits 151 +BN_num_bits_word 152 +BN_options 153 +BN_print 154 +BN_print_fp 155 +BN_rand 156 +BN_reciprocal 157 +BN_rshift 158 +BN_rshift1 159 +BN_set_bit 160 +BN_set_word 161 +BN_sqr 162 +BN_sub 163 +BN_to_ASN1_INTEGER 164 +BN_ucmp 165 +BN_value_one 166 +BUF_MEM_free 167 +BUF_MEM_grow 168 +BUF_MEM_new 169 +BUF_strdup 170 +CONF_free 171 +CONF_get_number 172 +CONF_get_section 173 +CONF_get_string 174 +CONF_load 175 +CRYPTO_add_lock 176 +CRYPTO_dbg_free 177 +CRYPTO_dbg_malloc 178 +CRYPTO_dbg_realloc 179 +CRYPTO_dbg_remalloc 180 +CRYPTO_free 181 +CRYPTO_get_add_lock_callback 182 +CRYPTO_get_id_callback 183 +CRYPTO_get_lock_name 184 +CRYPTO_get_locking_callback 185 +CRYPTO_get_mem_functions 186 +CRYPTO_lock 187 +CRYPTO_malloc 188 +CRYPTO_mem_ctrl 189 +CRYPTO_mem_leaks 190 +CRYPTO_mem_leaks_cb 191 +CRYPTO_mem_leaks_fp 192 +CRYPTO_realloc 193 +CRYPTO_remalloc 194 +CRYPTO_set_add_lock_callback 195 +CRYPTO_set_id_callback 196 +CRYPTO_set_locking_callback 197 +CRYPTO_set_mem_functions 198 +CRYPTO_thread_id 199 +DH_check 200 +DH_compute_key 201 +DH_free 202 +DH_generate_key 203 +DH_generate_parameters 204 +DH_new 205 +DH_size 206 +DHparams_print 207 +DHparams_print_fp 208 +DSA_free 209 +DSA_generate_key 210 +DSA_generate_parameters 211 +DSA_is_prime 212 +DSA_new 213 +DSA_print 214 +DSA_print_fp 215 +DSA_sign 216 +DSA_sign_setup 217 +DSA_size 218 +DSA_verify 219 +DSAparams_print 220 +DSAparams_print_fp 221 +ERR_clear_error 222 +ERR_error_string 223 +ERR_free_strings 224 +ERR_func_error_string 225 +ERR_get_err_state_table 226 +ERR_get_error 227 +ERR_get_error_line 228 +ERR_get_state 229 +ERR_get_string_table 230 +ERR_lib_error_string 231 +ERR_load_ASN1_strings 232 +ERR_load_BIO_strings 233 +ERR_load_BN_strings 234 +ERR_load_BUF_strings 235 +ERR_load_CONF_strings 236 +ERR_load_DH_strings 237 +ERR_load_DSA_strings 238 +ERR_load_ERR_strings 239 +ERR_load_EVP_strings 240 +ERR_load_OBJ_strings 241 +ERR_load_PEM_strings 242 +ERR_load_PROXY_strings 243 +ERR_load_RSA_strings 244 +ERR_load_X509_strings 245 +ERR_load_crypto_strings 246 +ERR_load_strings 247 +ERR_peek_error 248 +ERR_peek_error_line 249 +ERR_print_errors 250 +ERR_print_errors_fp 251 +ERR_put_error 252 +ERR_reason_error_string 253 +ERR_remove_state 254 +EVP_BytesToKey 255 +EVP_CIPHER_CTX_cleanup 256 +EVP_CipherFinal 257 +EVP_CipherInit 258 +EVP_CipherUpdate 259 +EVP_DecodeBlock 260 +EVP_DecodeFinal 261 +EVP_DecodeInit 262 +EVP_DecodeUpdate 263 +EVP_DecryptFinal 264 +EVP_DecryptInit 265 +EVP_DecryptUpdate 266 +EVP_DigestFinal 267 +EVP_DigestInit 268 +EVP_DigestUpdate 269 +EVP_EncodeBlock 270 +EVP_EncodeFinal 271 +EVP_EncodeInit 272 +EVP_EncodeUpdate 273 +EVP_EncryptFinal 274 +EVP_EncryptInit 275 +EVP_EncryptUpdate 276 +EVP_OpenFinal 277 +EVP_OpenInit 278 +EVP_PKEY_assign 279 +EVP_PKEY_copy_parameters 280 +EVP_PKEY_free 281 +EVP_PKEY_missing_parameters 282 +EVP_PKEY_new 283 +EVP_PKEY_save_parameters 284 +EVP_PKEY_size 285 +EVP_PKEY_type 286 +EVP_SealFinal 287 +EVP_SealInit 288 +EVP_SignFinal 289 +EVP_VerifyFinal 290 +EVP_add_alias 291 +EVP_add_cipher 292 +EVP_add_digest 293 +EVP_bf_cbc 294 +EVP_bf_cfb 295 +EVP_bf_ecb 296 +EVP_bf_ofb 297 +EVP_cleanup 298 +EVP_des_cbc 299 +EVP_des_cfb 300 +EVP_des_ecb 301 +EVP_des_ede 302 +EVP_des_ede3 303 +EVP_des_ede3_cbc 304 +EVP_des_ede3_cfb 305 +EVP_des_ede3_ofb 306 +EVP_des_ede_cbc 307 +EVP_des_ede_cfb 308 +EVP_des_ede_ofb 309 +EVP_des_ofb 310 +EVP_desx_cbc 311 +EVP_dss 312 +EVP_dss1 313 +EVP_enc_null 314 +EVP_get_cipherbyname 315 +EVP_get_digestbyname 316 +EVP_get_pw_prompt 317 +EVP_idea_cbc 318 +EVP_idea_cfb 319 +EVP_idea_ecb 320 +EVP_idea_ofb 321 +EVP_md2 322 +EVP_md5 323 +EVP_md_null 324 +EVP_rc2_cbc 325 +EVP_rc2_cfb 326 +EVP_rc2_ecb 327 +EVP_rc2_ofb 328 +EVP_rc4 329 +EVP_read_pw_string 330 +EVP_set_pw_prompt 331 +EVP_sha 332 +EVP_sha1 333 +MD2 334 +MD2_Final 335 +MD2_Init 336 +MD2_Update 337 +MD2_options 338 +MD5 339 +MD5_Final 340 +MD5_Init 341 +MD5_Update 342 +MDC2 343 +MDC2_Final 344 +MDC2_Init 345 +MDC2_Update 346 +NETSCAPE_SPKAC_free 347 +NETSCAPE_SPKAC_new 348 +NETSCAPE_SPKI_free 349 +NETSCAPE_SPKI_new 350 +NETSCAPE_SPKI_sign 351 +NETSCAPE_SPKI_verify 352 +OBJ_add_object 353 +OBJ_bsearch 354 +OBJ_cleanup 355 +OBJ_cmp 356 +OBJ_create_and_add_object 357 +OBJ_dup 358 +OBJ_ln2nid 359 +OBJ_new_nid 360 +OBJ_nid2ln 361 +OBJ_nid2obj 362 +OBJ_nid2sn 363 +OBJ_obj2nid 364 +OBJ_sn2nid 365 +OBJ_txt2nid 366 +PEM_ASN1_read 367 +PEM_ASN1_read_bio 368 +PEM_ASN1_write 369 +PEM_ASN1_write_bio 370 +PEM_SealFinal 371 +PEM_SealInit 372 +PEM_SealUpdate 373 +PEM_SignFinal 374 +PEM_SignInit 375 +PEM_SignUpdate 376 +PEM_X509_INFO_read 377 +PEM_X509_INFO_read_bio 378 +PEM_X509_INFO_write_bio 379 +PEM_dek_info 380 +PEM_do_header 381 +PEM_get_EVP_CIPHER_INFO 382 +PEM_proc_type 383 +PEM_read 384 +PEM_read_DHparams 385 +PEM_read_DSAPrivateKey 386 +PEM_read_DSAparams 387 +PEM_read_PKCS7 388 +PEM_read_PrivateKey 389 +PEM_read_RSAPrivateKey 390 +PEM_read_X509 391 +PEM_read_X509_CRL 392 +PEM_read_X509_REQ 393 +PEM_read_bio 394 +PEM_read_bio_DHparams 395 +PEM_read_bio_DSAPrivateKey 396 +PEM_read_bio_DSAparams 397 +PEM_read_bio_PKCS7 398 +PEM_read_bio_PrivateKey 399 +PEM_read_bio_RSAPrivateKey 400 +PEM_read_bio_X509 401 +PEM_read_bio_X509_CRL 402 +PEM_read_bio_X509_REQ 403 +PEM_write 404 +PEM_write_DHparams 405 +PEM_write_DSAPrivateKey 406 +PEM_write_DSAparams 407 +PEM_write_PKCS7 408 +PEM_write_PrivateKey 409 +PEM_write_RSAPrivateKey 410 +PEM_write_X509 411 +PEM_write_X509_CRL 412 +PEM_write_X509_REQ 413 +PEM_write_bio 414 +PEM_write_bio_DHparams 415 +PEM_write_bio_DSAPrivateKey 416 +PEM_write_bio_DSAparams 417 +PEM_write_bio_PKCS7 418 +PEM_write_bio_PrivateKey 419 +PEM_write_bio_RSAPrivateKey 420 +PEM_write_bio_X509 421 +PEM_write_bio_X509_CRL 422 +PEM_write_bio_X509_REQ 423 +PKCS7_DIGEST_free 424 +PKCS7_DIGEST_new 425 +PKCS7_ENCRYPT_free 426 +PKCS7_ENCRYPT_new 427 +PKCS7_ENC_CONTENT_free 428 +PKCS7_ENC_CONTENT_new 429 +PKCS7_ENVELOPE_free 430 +PKCS7_ENVELOPE_new 431 +PKCS7_ISSUER_AND_SERIAL_digest 432 +PKCS7_ISSUER_AND_SERIAL_free 433 +PKCS7_ISSUER_AND_SERIAL_new 434 +PKCS7_RECIP_INFO_free 435 +PKCS7_RECIP_INFO_new 436 +PKCS7_SIGNED_free 437 +PKCS7_SIGNED_new 438 +PKCS7_SIGNER_INFO_free 439 +PKCS7_SIGNER_INFO_new 440 +PKCS7_SIGN_ENVELOPE_free 441 +PKCS7_SIGN_ENVELOPE_new 442 +PKCS7_dup 443 +PKCS7_free 444 +PKCS7_new 445 +PROXY_ENTRY_add_noproxy 446 +PROXY_ENTRY_clear_noproxy 447 +PROXY_ENTRY_free 448 +PROXY_ENTRY_get_noproxy 449 +PROXY_ENTRY_new 450 +PROXY_ENTRY_set_server 451 +PROXY_add_noproxy 452 +PROXY_add_server 453 +PROXY_check_by_host 454 +PROXY_check_url 455 +PROXY_clear_noproxy 456 +PROXY_free 457 +PROXY_get_noproxy 458 +PROXY_get_proxies 459 +PROXY_get_proxy_entry 460 +PROXY_load_conf 461 +PROXY_new 462 +PROXY_print 463 +RAND_bytes 464 +RAND_cleanup 465 +RAND_file_name 466 +RAND_load_file 467 +RAND_screen 468 +RAND_seed 469 +RAND_write_file 470 +RC2_cbc_encrypt 471 +RC2_cfb64_encrypt 472 +RC2_ecb_encrypt 473 +RC2_encrypt 474 +RC2_ofb64_encrypt 475 +RC2_set_key 476 +RC4 477 +RC4_options 478 +RC4_set_key 479 +RSAPrivateKey_asn1_meth 480 +RSAPrivateKey_dup 481 +RSAPublicKey_dup 482 +RSA_PKCS1_SSLeay 483 +RSA_free 484 +RSA_generate_key 485 +RSA_new 486 +RSA_new_method 487 +RSA_print 488 +RSA_print_fp 489 +RSA_private_decrypt 490 +RSA_private_encrypt 491 +RSA_public_decrypt 492 +RSA_public_encrypt 493 +RSA_set_default_method 494 +RSA_sign 495 +RSA_sign_ASN1_OCTET_STRING 496 +RSA_size 497 +RSA_verify 498 +RSA_verify_ASN1_OCTET_STRING 499 +SHA 500 +SHA1 501 +SHA1_Final 502 +SHA1_Init 503 +SHA1_Update 504 +SHA_Final 505 +SHA_Init 506 +SHA_Update 507 +SSLeay_add_all_algorithms 508 +SSLeay_add_all_ciphers 509 +SSLeay_add_all_digests 510 +TXT_DB_create_index 511 +TXT_DB_free 512 +TXT_DB_get_by_index 513 +TXT_DB_insert 514 +TXT_DB_read 515 +TXT_DB_write 516 +X509_ALGOR_free 517 +X509_ALGOR_new 518 +X509_ATTRIBUTE_free 519 +X509_ATTRIBUTE_new 520 +X509_CINF_free 521 +X509_CINF_new 522 +X509_CRL_INFO_free 523 +X509_CRL_INFO_new 524 +X509_CRL_add_ext 525 +X509_CRL_cmp 526 +X509_CRL_delete_ext 527 +X509_CRL_dup 528 +X509_CRL_free 529 +X509_CRL_get_ext 530 +X509_CRL_get_ext_by_NID 531 +X509_CRL_get_ext_by_OBJ 532 +X509_CRL_get_ext_by_critical 533 +X509_CRL_get_ext_count 534 +X509_CRL_new 535 +X509_CRL_sign 536 +X509_CRL_verify 537 +X509_EXTENSION_create_by_NID 538 +X509_EXTENSION_create_by_OBJ 539 +X509_EXTENSION_dup 540 +X509_EXTENSION_free 541 +X509_EXTENSION_get_critical 542 +X509_EXTENSION_get_data 543 +X509_EXTENSION_get_object 544 +X509_EXTENSION_new 545 +X509_EXTENSION_set_critical 546 +X509_EXTENSION_set_data 547 +X509_EXTENSION_set_object 548 +X509_INFO_free 549 +X509_INFO_new 550 +X509_LOOKUP_by_alias 551 +X509_LOOKUP_by_fingerprint 552 +X509_LOOKUP_by_issuer_serial 553 +X509_LOOKUP_by_subject 554 +X509_LOOKUP_ctrl 555 +X509_LOOKUP_file 556 +X509_LOOKUP_free 557 +X509_LOOKUP_hash_dir 558 +X509_LOOKUP_init 559 +X509_LOOKUP_new 560 +X509_LOOKUP_shutdown 561 +X509_NAME_ENTRY_create_by_NID 562 +X509_NAME_ENTRY_create_by_OBJ 563 +X509_NAME_ENTRY_dup 564 +X509_NAME_ENTRY_free 565 +X509_NAME_ENTRY_get_data 566 +X509_NAME_ENTRY_get_object 567 +X509_NAME_ENTRY_new 568 +X509_NAME_ENTRY_set_data 569 +X509_NAME_ENTRY_set_object 570 +X509_NAME_add_entry 571 +X509_NAME_cmp 572 +X509_NAME_delete_entry 573 +X509_NAME_digest 574 +X509_NAME_dup 575 +X509_NAME_entry_count 576 +X509_NAME_free 577 +X509_NAME_get_entry 578 +X509_NAME_get_index_by_NID 579 +X509_NAME_get_index_by_OBJ 580 +X509_NAME_get_text_by_NID 581 +X509_NAME_get_text_by_OBJ 582 +X509_NAME_hash 583 +X509_NAME_new 584 +X509_NAME_oneline 585 +X509_NAME_print 586 +X509_NAME_set 587 +X509_OBJECT_free_contents 588 +X509_OBJECT_retrive_by_subject 589 +X509_OBJECT_up_ref_count 590 +X509_PKEY_free 591 +X509_PKEY_new 592 +X509_PUBKEY_free 593 +X509_PUBKEY_get 594 +X509_PUBKEY_new 595 +X509_PUBKEY_set 596 +X509_REQ_INFO_free 597 +X509_REQ_INFO_new 598 +X509_REQ_dup 599 +X509_REQ_free 600 +X509_REQ_get_pubkey 601 +X509_REQ_new 602 +X509_REQ_print 603 +X509_REQ_print_fp 604 +X509_REQ_set_pubkey 605 +X509_REQ_set_subject_name 606 +X509_REQ_set_version 607 +X509_REQ_sign 608 +X509_REQ_to_X509 609 +X509_REQ_verify 610 +X509_REVOKED_add_ext 611 +X509_REVOKED_delete_ext 612 +X509_REVOKED_free 613 +X509_REVOKED_get_ext 614 +X509_REVOKED_get_ext_by_NID 615 +X509_REVOKED_get_ext_by_OBJ 616 +X509_REVOKED_get_ext_by_critical 617 +X509_REVOKED_get_ext_count 618 +X509_REVOKED_new 619 +X509_SIG_free 620 +X509_SIG_new 621 +X509_STORE_CTX_cleanup 622 +X509_STORE_CTX_init 623 +X509_STORE_add_cert 624 +X509_STORE_add_lookup 625 +X509_STORE_free 626 +X509_STORE_get_by_subject 627 +X509_STORE_load_locations 628 +X509_STORE_new 629 +X509_STORE_set_default_paths 630 +X509_VAL_free 631 +X509_VAL_new 632 +X509_add_ext 633 +X509_asn1_meth 634 +X509_certificate_type 635 +X509_check_private_key 636 +X509_cmp_current_time 637 +X509_delete_ext 638 +X509_digest 639 +X509_dup 640 +X509_free 641 +X509_get_default_cert_area 642 +X509_get_default_cert_dir 643 +X509_get_default_cert_dir_env 644 +X509_get_default_cert_file 645 +X509_get_default_cert_file_env 646 +X509_get_default_private_dir 647 +X509_get_ext 648 +X509_get_ext_by_NID 649 +X509_get_ext_by_OBJ 650 +X509_get_ext_by_critical 651 +X509_get_ext_count 652 +X509_get_issuer_name 653 +X509_get_pubkey 654 +X509_get_pubkey_parameters 655 +X509_get_serialNumber 656 +X509_get_subject_name 657 +X509_gmtime_adj 658 +X509_issuer_and_serial_cmp 659 +X509_issuer_and_serial_hash 660 +X509_issuer_name_cmp 661 +X509_issuer_name_hash 662 +X509_load_cert_file 663 +X509_new 664 +X509_print 665 +X509_print_fp 666 +X509_set_issuer_name 667 +X509_set_notAfter 668 +X509_set_notBefore 669 +X509_set_pubkey 670 +X509_set_serialNumber 671 +X509_set_subject_name 672 +X509_set_version 673 +X509_sign 674 +X509_subject_name_cmp 675 +X509_subject_name_hash 676 +X509_to_X509_REQ 677 +X509_verify 678 +X509_verify_cert 679 +X509_verify_cert_error_string 680 +X509v3_add_ext 681 +X509v3_add_extension 682 +X509v3_add_netscape_extensions 683 +X509v3_add_standard_extensions 684 +X509v3_cleanup_extensions 685 +X509v3_data_type_by_NID 686 +X509v3_data_type_by_OBJ 687 +X509v3_delete_ext 688 +X509v3_get_ext 689 +X509v3_get_ext_by_NID 690 +X509v3_get_ext_by_OBJ 691 +X509v3_get_ext_by_critical 692 +X509v3_get_ext_count 693 +X509v3_pack_string 694 +X509v3_pack_type_by_NID 695 +X509v3_pack_type_by_OBJ 696 +X509v3_unpack_string 697 +_des_crypt 698 +a2d_ASN1_OBJECT 699 +a2i_ASN1_INTEGER 700 +a2i_ASN1_STRING 701 +asn1_Finish 702 +asn1_GetSequence 703 +bn_div64 704 +bn_expand2 705 +bn_mul_add_word 706 +bn_mul_word 707 +bn_qadd 708 +bn_qsub 709 +bn_sqr_words 710 +crypt 711 +d2i_ASN1_BIT_STRING 712 +d2i_ASN1_BOOLEAN 713 +d2i_ASN1_HEADER 714 +d2i_ASN1_IA5STRING 715 +d2i_ASN1_INTEGER 716 +d2i_ASN1_OBJECT 717 +d2i_ASN1_OCTET_STRING 718 +d2i_ASN1_PRINTABLE 719 +d2i_ASN1_PRINTABLESTRING 720 +d2i_ASN1_SET 721 +d2i_ASN1_T61STRING 722 +d2i_ASN1_TYPE 723 +d2i_ASN1_UTCTIME 724 +d2i_ASN1_bytes 725 +d2i_ASN1_type_bytes 726 +d2i_DHparams 727 +d2i_DSAPrivateKey 728 +d2i_DSAPrivateKey_bio 729 +d2i_DSAPrivateKey_fp 730 +d2i_DSAPublicKey 731 +d2i_DSAparams 732 +d2i_NETSCAPE_SPKAC 733 +d2i_NETSCAPE_SPKI 734 +d2i_Netscape_RSA 735 +d2i_PKCS7 736 +d2i_PKCS7_DIGEST 737 +d2i_PKCS7_ENCRYPT 738 +d2i_PKCS7_ENC_CONTENT 739 +d2i_PKCS7_ENVELOPE 740 +d2i_PKCS7_ISSUER_AND_SERIAL 741 +d2i_PKCS7_RECIP_INFO 742 +d2i_PKCS7_SIGNED 743 +d2i_PKCS7_SIGNER_INFO 744 +d2i_PKCS7_SIGN_ENVELOPE 745 +d2i_PKCS7_bio 746 +d2i_PKCS7_fp 747 +d2i_PrivateKey 748 +d2i_PublicKey 749 +d2i_RSAPrivateKey 750 +d2i_RSAPrivateKey_bio 751 +d2i_RSAPrivateKey_fp 752 +d2i_RSAPublicKey 753 +d2i_X509 754 +d2i_X509_ALGOR 755 +d2i_X509_ATTRIBUTE 756 +d2i_X509_CINF 757 +d2i_X509_CRL 758 +d2i_X509_CRL_INFO 759 +d2i_X509_CRL_bio 760 +d2i_X509_CRL_fp 761 +d2i_X509_EXTENSION 762 +d2i_X509_NAME 763 +d2i_X509_NAME_ENTRY 764 +d2i_X509_PKEY 765 +d2i_X509_PUBKEY 766 +d2i_X509_REQ 767 +d2i_X509_REQ_INFO 768 +d2i_X509_REQ_bio 769 +d2i_X509_REQ_fp 770 +d2i_X509_REVOKED 771 +d2i_X509_SIG 772 +d2i_X509_VAL 773 +d2i_X509_bio 774 +d2i_X509_fp 775 +des_3cbc_encrypt 776 +des_cbc_cksum 777 +des_cbc_encrypt 778 +des_cblock_print_file 779 +des_cfb64_encrypt 780 +des_cfb_encrypt 781 +des_decrypt3 782 +des_ecb3_encrypt 783 +des_ecb_encrypt 784 +des_ede3_cbc_encrypt 785 +des_ede3_cfb64_encrypt 786 +des_ede3_ofb64_encrypt 787 +des_enc_read 788 +des_enc_write 789 +des_encrypt 790 +des_encrypt2 791 +des_encrypt3 792 +des_fcrypt 793 +des_is_weak_key 794 +des_key_sched 795 +des_ncbc_encrypt 796 +des_ofb64_encrypt 797 +des_ofb_encrypt 798 +des_options 799 +des_pcbc_encrypt 800 +des_quad_cksum 801 +des_random_key 802 +des_random_seed 803 +des_read_2passwords 804 +des_read_password 805 +des_read_pw 806 +des_read_pw_string 807 +des_set_key 808 +des_set_odd_parity 809 +des_string_to_2keys 810 +des_string_to_key 811 +des_xcbc_encrypt 812 +des_xwhite_in2out 813 +fcrypt_body 814 +i2a_ASN1_INTEGER 815 +i2a_ASN1_OBJECT 816 +i2a_ASN1_STRING 817 +i2d_ASN1_BIT_STRING 818 +i2d_ASN1_BOOLEAN 819 +i2d_ASN1_HEADER 820 +i2d_ASN1_IA5STRING 821 +i2d_ASN1_INTEGER 822 +i2d_ASN1_OBJECT 823 +i2d_ASN1_OCTET_STRING 824 +i2d_ASN1_PRINTABLE 825 +i2d_ASN1_SET 826 +i2d_ASN1_TYPE 827 +i2d_ASN1_UTCTIME 828 +i2d_ASN1_bytes 829 +i2d_DHparams 830 +i2d_DSAPrivateKey 831 +i2d_DSAPrivateKey_bio 832 +i2d_DSAPrivateKey_fp 833 +i2d_DSAPublicKey 834 +i2d_DSAparams 835 +i2d_NETSCAPE_SPKAC 836 +i2d_NETSCAPE_SPKI 837 +i2d_Netscape_RSA 838 +i2d_PKCS7 839 +i2d_PKCS7_DIGEST 840 +i2d_PKCS7_ENCRYPT 841 +i2d_PKCS7_ENC_CONTENT 842 +i2d_PKCS7_ENVELOPE 843 +i2d_PKCS7_ISSUER_AND_SERIAL 844 +i2d_PKCS7_RECIP_INFO 845 +i2d_PKCS7_SIGNED 846 +i2d_PKCS7_SIGNER_INFO 847 +i2d_PKCS7_SIGN_ENVELOPE 848 +i2d_PKCS7_bio 849 +i2d_PKCS7_fp 850 +i2d_PrivateKey 851 +i2d_PublicKey 852 +i2d_RSAPrivateKey 853 +i2d_RSAPrivateKey_bio 854 +i2d_RSAPrivateKey_fp 855 +i2d_RSAPublicKey 856 +i2d_X509 857 +i2d_X509_ALGOR 858 +i2d_X509_ATTRIBUTE 859 +i2d_X509_CINF 860 +i2d_X509_CRL 861 +i2d_X509_CRL_INFO 862 +i2d_X509_CRL_bio 863 +i2d_X509_CRL_fp 864 +i2d_X509_EXTENSION 865 +i2d_X509_NAME 866 +i2d_X509_NAME_ENTRY 867 +i2d_X509_PKEY 868 +i2d_X509_PUBKEY 869 +i2d_X509_REQ 870 +i2d_X509_REQ_INFO 871 +i2d_X509_REQ_bio 872 +i2d_X509_REQ_fp 873 +i2d_X509_REVOKED 874 +i2d_X509_SIG 875 +i2d_X509_VAL 876 +i2d_X509_bio 877 +i2d_X509_fp 878 +idea_cbc_encrypt 879 +idea_cfb64_encrypt 880 +idea_ecb_encrypt 881 +idea_encrypt 882 +idea_ofb64_encrypt 883 +idea_options 884 +idea_set_decrypt_key 885 +idea_set_encrypt_key 886 +lh_delete 887 +lh_doall 888 +lh_doall_arg 889 +lh_free 890 +lh_insert 891 +lh_new 892 +lh_node_stats 893 +lh_node_stats_bio 894 +lh_node_usage_stats 895 +lh_node_usage_stats_bio 896 +lh_retrieve 897 +lh_stats 898 +lh_stats_bio 899 +lh_strhash 900 +sk_delete 901 +sk_delete_ptr 902 +sk_dup 903 +sk_find 904 +sk_free 905 +sk_insert 906 +sk_new 907 +sk_pop 908 +sk_pop_free 909 +sk_push 910 +sk_set_cmp_func 911 +sk_shift 912 +sk_unshift 913 +sk_zero 914 +BIO_f_nbio_test 915 +ASN1_TYPE_get 916 +ASN1_TYPE_set 917 +PKCS7_content_free 918 +ERR_load_PKCS7_strings 919 +X509_find_by_issuer_and_serial 920 +X509_find_by_subject 921 +d2i_PKCS7_fp 922 +i2d_PKCS7_fp 923 +PKCS7_dup 924 +d2i_PKCS7_bio 925 +i2d_PKCS7_bio 926 +PKCS7_ctrl 927 +PKCS7_set_type 928 +PKCS7_set_content 929 +PKCS7_SIGNER_INFO_set 930 +PKCS7_add_signer 931 +PKCS7_add_certificate 932 +PKCS7_add_crl 933 +PKCS7_content_new 934 +PKCS7_dataSign 935 +PKCS7_dataVerify 936 +PKCS7_dataInit 937 +PKCS7_add_signature 938 +PKCS7_cert_from_signer_info 939 +PKCS7_get_signer_info 940 +EVP_delete_alias 941 +EVP_mdc2 942 +PEM_read_bio_RSAPublicKey 943 +PEM_write_bio_RSAPublicKey 944 +d2i_RSAPublicKey_bio 945 +i2d_RSAPublicKey_bio 946 +PEM_read_RSAPublicKey 947 +PEM_read_bio_RSAPublicKey 948 +PEM_write_RSAPublicKey 949 +PEM_write_bio_RSAPublicKey 950 +d2i_RSAPublicKey_bio 951 +d2i_RSAPublicKey_fp 952 +i2d_RSAPublicKey_bio 953 +i2d_RSAPublicKey_fp 954 +BIO_copy_next_retry 955 diff --git a/util/mk1mf.pl b/util/mk1mf.pl new file mode 100755 index 0000000000000000000000000000000000000000..ef0769289067296179e1189132b8b5e711c4de95 --- /dev/null +++ b/util/mk1mf.pl @@ -0,0 +1,692 @@ +#!/usr/local/bin/perl +# A bit of an evil hack but it post processes the file ../MINFO which +# is generated by `make files` in the top directory. +# This script outputs one mega makefile that has no shell stuff or any +# funny stuff +# + +$INSTALLTOP="/usr/local/ssl"; + +$infile="MINFO"; + +%ops=( + "VC-WIN32", "Microsoft Visual C++ 4.[01] - Windows NT [34].x", + "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", + "VC-WIN16", "Alias for VC-W31-32", + "VC-W31-32", "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+", + "VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS", + "BC-NT", "Borland C++ 4.5 - Windows NT - PROBABLY NOT WORKING", + "BC-W31", "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING", + "BC-MSDOS","Borland C++ 4.5 - MSDOS", + "FreeBSD","FreeBSD distribution", + "default","cc under unix", + ); + +$type=""; +foreach (@ARGV) + { + if (/^no-rc2$/) { $no_rc2=1; } + elsif (/^no-rc4$/) { $no_rc4=1; } + elsif (/^no-idea$/) { $no_idea=1; } + elsif (/^no-des$/) { $no_des=1; } + elsif (/^no-bf$/) { $no_bf=1; } + elsif (/^no-md2$/) { $no_md2=1; } + elsif (/^no-md5$/) { $no_md5=1; } + elsif (/^no-sha$/) { $no_sha=1; } + elsif (/^no-sha1$/) { $no_sha1=1; } + elsif (/^no-mdc2$/) { $no_mdc2=1; } + elsif (/^no-patents$/) { $no_rc2=$no_rc4=$no_idea=$no_sha1=$no_rsa=1; } + elsif (/^no-rsa$/) { $no_rsa=1; } + elsif (/^no-dsa$/) { $no_dsa=1; } + elsif (/^no-dh$/) { $no_dh=1; } + elsif (/^no-asm$/) { $no_asm=1; } + elsif (/^no-ssl2$/) { $no_ssl2=1; } + elsif (/^no-ssl3$/) { $no_ssl3=1; } + elsif (/^no-err$/) { $no_err=1; } + elsif (/^no-sock$/) { $no_sock=1; } + + elsif (/^rsaref$/) { $rsaref=1; } + elsif (/^gcc$/) { $gcc=1; } + elsif (/^debug$/) { $debug=1; } + elsif (/^shlib$/) { $shlib=1; } + elsif (/^dll$/) { $shlib=1; } + elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } + elsif (/^-[lL].*$/) { $l_flags.="$_ "; } + elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) + { $c_flags.="$_ "; } + else + { + if (!defined($ops{$_})) + { + print STDERR "unknown option - $_\n"; + print STDERR "usage: perl mk1mf.pl [system] [options]\n"; + print STDERR "\nwhere [system] can be one of the following\n"; + foreach $i (sort keys %ops) + { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; } + print STDERR <<"EOF"; +and [options] can be one of + no-md2 no-md5 no-sha no-sha1 no-mdc2 - Skip this digest + no-rc2 no-rc4 no-idea no-des no-bf - Skip this symetriccipher + no-rsa no-dsa no-dh - Skip this public key cipher + no-ssl2 no-ssl3 - Skip this version of SSL + just-ssl - remove all non-ssl keys/digest + no-asm - No x86 asm + no-socks - No socket code + no-err - No error strings + dll/shlib - Build shared libraries (MS) + debug - Debug build + gcc - Use Gcc (unix) + rsaref - Build to require RSAref + +Values that can be set +TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath CC=C-compiler + +-L -l - extra library flags (unix) +- - extra 'cc' flags, + added (MS), or replace (unix) +EOF + exit(1); + } + $type=$_; + } + } + +$no_mdc2=1 if ($no_des); + +$no_ssl3=1 if ($no_md5 || $no_sha1); +$no_ssl3=1 if ($no_rsa && $no_dh); + +$no_ssl2=1 if ($no_md5 || $no_rsa); +$no_ssl2=1 if ($no_rsa); + +$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; +$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.'; +$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:'out'; +$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:'tmp'; +$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:''; + +($ssl,$crypto)=("ssl","crypto"); +$RSAglue="RSAglue"; +$ranlib="echo ranlib"; + +push(@INC,"util/pl","pl"); +if ($type eq "VC-MSDOS") + { + $asmbits=16; + $msdos=1; + require 'VC-16.pl'; + } +elsif ($type eq "VC-W31-16") + { + $asmbits=16; + $msdos=1; $win16=1; + require 'VC-16.pl'; + } +elsif (($type eq "VC-W31-32") || ($type eq "VC-WIN16")) + { + $asmbits=32; + $msdos=1; $win16=1; + require 'VC-16.pl'; + } +elsif (($type eq "VC-WIN32") || ($type eq "VC-NT")) + { + require 'VC-32.pl'; + } +elsif ($type eq "BC-NT") + { + $bc=1; + require 'BC-32.pl'; + } +elsif ($type eq "BC-W31") + { + $bc=1; + $msdos=1; $w16=1; + require 'BC-16.pl'; + } +elsif ($type eq "BC-Q16") + { + $msdos=1; $w16=1; $shlib=0; $qw=1; + require 'BC-16.pl'; + } +elsif ($type eq "BC-MSDOS") + { + $asmbits=16; + $msdos=1; + require 'BC-16.pl'; + } +elsif ($type eq "FreeBSD") + { + require 'unix.pl'; + $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer'; + } +else + { + require "unix.pl"; + + $unix=1; + $cflags.=' -DTERMIO'; + } + +# $bin_dir.=$o causes a core dump on my sparc :-( +$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq '')); + +$cflags.=" -DNO_IDEA" if $no_idea; +$cflags.=" -DNO_RC2" if $no_rc2; +$cflags.=" -DNO_RC4" if $no_rc4; +$cflags.=" -DNO_MD2" if $no_md2; +$cflags.=" -DNO_MD5" if $no_md5; +$cflags.=" -DNO_SHA" if $no_sha; +$cflags.=" -DNO_SHA1" if $no_sha1; +$cflags.=" -DNO_MDC2" if $no_mdc2; +$cflags.=" -DNO_BLOWFISH" if $no_bf; +$cflags.=" -DNO_DES" if $no_des; +$cflags.=" -DNO_RSA" if $no_rsa; +$cflags.=" -DNO_DSA" if $no_dsa; +$cflags.=" -DNO_DH" if $no_dh; +$cflags.=" -DNO_SOCK" if $no_sock; +$cflags.=" -DNO_SSL2" if $no_ssl2; +$cflags.=" -DNO_SSL3" if $no_ssl3; +$cflags.=" -DNO_ERR" if $no_err; +$cflags.=" -DRSAref" if $rsaref ne ""; + +if ($unix) + { $cflags="$c_flags" if ($c_flags ne ""); } +else { $cflags="$c_flags$cflags" if ($c_flags ne ""); } + +$ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); + +if ($ranlib ne "") + { + $ranlib="\$(SRC_D)$o$ranlib"; + } + +if ($msdos) + { + $banner ="\t\@echo Make sure you have run 'perl Configure $type' in the\n"; + $banner.="\t\@echo top level directory, if you don't have perl, you will\n"; + $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n"; + $banner.="\t\@echo documentation for details.\n"; + } + +# have to do this to allow $(CC) under unix +$link="$bin_dir$link" if ($link !~ /^\$/); + +$INSTALLTOP =~ s|/|$o|g; + +$defs= <<"EOF"; +# This makefile has been automatically generated from the SSLeay distribution. +# This single makefile will build the complete SSLeay distribution and +# by default leave the 'intertesting' output files in .${o}out and the stuff +# that needs deleting in .${o}tmp. +# The file was generated by running 'make makefile.one', which +# does a 'make files', which writes all the environment variables from all +# the makefiles to the file call MINFO. This file is used by +# util${o}mk1mf.pl to generate makefile.one. +# The 'makefile per directory' system suites me when developing this +# library and also so I can 'distribute' indervidual library sections. +# The one monster makefile better suits building in non-unix +# environments. + +INSTALLTOP=$INSTALLTOP + +# Set your compiler options +CC=$bin_dir${cc} +CFLAG=$cflags +APP_CFLAG=$app_cflag +LIB_CFLAG=$lib_cflag +APP_EX_OBJ=$app_ex_obj +SHLIB_EX_OBJ=$shlib_ex_obj +# add extra libraries to this define, for solaris -lsocket -lnsl would +# be added +EX_LIBS=$ex_libs + +# The SSLeay directory +SRC_D=$src_dir + +LINK=$link +LFLAGS=$lflags + +BN_MULW_OBJ=$bn_mulw_obj +BN_MULW_SRC=$bn_mulw_src +DES_ENC_OBJ=$des_enc_obj +DES_ENC_SRC=$des_enc_src +DES_CRYPT_OBJ=$des_crypt_obj +DES_CRYPT_SRC=$des_crypt_src +BF_ENC_OBJ=$bf_enc_obj +BF_ENC_SRC=$bf_enc_src + +# The output directory for everything intersting +OUT_D=$out_dir +# The output directory for all the temporary muck +TMP_D=$tmp_dir + +CP=$cp +RM=$rm +RANLIB=$ranlib +MKDIR=mkdir +MKLIB=$bin_dir$mklib +MLFLAGS=$mlflags +ASM=$bin_dir$asm + +###################################################### +# You should not need to touch anything below this point +###################################################### + +E_EXE=ssleay +SSL=$ssl +CRYPTO=$crypto +RSAGLUE=$RSAglue + +# BIN_D - Binary output directory +# TEST_D - Binary test file output directory +# LIB_D - library output directory +# INC_D - include directory +BIN_D=\$(OUT_D) +TEST_D=\$(OUT_D) +LIB_D=\$(OUT_D) +INC_D=\$(OUT_D) + +# INCL_D - local library directory +# OBJ_D - temp object file directory +OBJ_D=\$(TMP_D) +INCL_D=\$(TMP_D) + +O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp +O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp +O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp +L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp +L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp + +L_LIBS= \$(L_SSL) \$(L_CRYPTO) +#L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO) + +###################################################### +# Don't touch anything below this point +###################################################### + +INC=-DFLAT_INC -I\$(INC_D) -I\$(INCL_D) +APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) +LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) +LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL) + +############################################# +EOF + +$rules=<<"EOF"; +all: banner \$(OUT_D) \$(TMP_D) headers lib exe + +banner: +$banner + +\$(OUT_D): + \$(MKDIR) \$(OUT_D) + +\$(TMP_D): + \$(MKDIR) \$(TMP_D) + +headers: \$(HEADER) \$(EXHEADER) + +lib: \$(LIBS_DEP) + +exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep + +install: + \$(MKDIR) \$(INSTALLTOP) + \$(MKDIR) \$(INSTALLTOP)${o}bin + \$(MKDIR) \$(INSTALLTOP)${o}include + \$(MKDIR) \$(INSTALLTOP)${o}lib + \$(CP) \$(INC_D)${o}*.h \$(INSTALLTOP)${o}include + \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin + \$(CP) \$(LIB_D)$o\$(O_SSL) \$(INSTALLTOP)${o}lib + \$(CP) \$(LIB_D)$o\$(O_CRYPTO) \$(INSTALLTOP)${o}lib + +clean: + \$(RM) \$(TMP_D)$o*.* + +vclean: + \$(RM) \$(TMP_D)$o*.* + \$(RM) \$(OUT_D)$o*.* + +EOF + +############################################# +# We parse in input file and 'store' info for later printing. +open(IN,"<$infile") || die "unable to open $infile:$!\n"; +$_=; +for (;;) + { + chop; + + ($key,$val)=/^([^=]+)=(.*)/; + if ($key eq "RELATIVE_DIRECTORY") + { + if ($lib ne "") + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } + last if ($val eq "FINISHED"); + $lib=""; + $libobj=""; + $dir=$val; + } + + if ($key eq "TEST") + { $test.=&var_add($dir,$val); } + + if (($key eq "PROGS") || ($key eq "E_OBJ")) + { $e_exe.=&var_add($dir,$val); } + + if ($key eq "LIB") + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + } + + if ($key eq "EXHEADER") + { $exheader.=&var_add($dir,$val); } + + if ($key eq "HEADER") + { $header.=&var_add($dir,$val); } + + if ($key eq "LIBOBJ") + { $libobj=&var_add($dir,$val); } + + if (!($_=)) + { $_="RELATIVE_DIRECTORY=FINISHED\n"; } + } +close(IN); + +# Strip of trailing ' ' +foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } +$test=&clean_up_ws($test); +$e_exe=&clean_up_ws($e_exe); +$exheader=&clean_up_ws($exheader); +$header=&clean_up_ws($header); + +# First we strip the exheaders from the headers list +foreach (split(/\s+/,$exheader)){ $h{$_}=1; } +foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; } +chop($h); $header=$h; + +$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h"); +$rules.=&do_copy_rule("\$(INCL_D)",$header,".h"); + +$defs.=&do_defs("EXHEADER",$exheader,"\$(INC_D)",".h"); +$rules.=&do_copy_rule("\$(INC_D)",$exheader,".h"); + +$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj); +$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); + +$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); +$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); + +foreach (values %lib_nam) + { + $lib_obj=$lib_obj{$_}; + + if (($_ eq "SSL") && $no_ssl2 && $no_ssl3) + { + $rules.="\$(O_SSL):\n\n"; + next; + } + + if (($_ eq "RSAGLUE") && $no_rsa) + { + $rules.="\$(O_RSAGLUE):\n\n"; + next; + } + + if (($bn_mulw_obj ne "") && ($_ eq "CRYPTO")) + { + $lib_obj =~ s/\S*bn_mulw\S*/\$(BN_MULW_OBJ)/; + $rules.=&do_asm_rule($bn_mulw_obj,$bn_mulw_src); + } + if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) + { + $lib_obj =~ s/\S*des_enc\S*/\$(DES_ENC_OBJ)/; + $lib_obj =~ s/\S*fcrypt_b\S*\s*//; + $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + } + if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) + { + $lib_obj =~ s/\S*bf_enc\S*/\$(BF_ENC_OBJ)/; + $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src); + } + $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); + $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},"\$(LIB_CFLAGS)"); + } + +$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); +foreach (split(/\s+/,$test)) + { + $t=&bname($_); + $tt="\$(OBJ_D)${o}$t${obj}"; + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + } + +$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib); +$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0) + unless $no_rsa; +$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib); + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + +print $defs; +print "###################################################################\n"; +print $rules; + +############################################### +# strip off any trailing .[och] and append the relative directory +# also remembering to do nothing if we are in one of the dropped +# directories +sub var_add + { + local($dir,$val)=@_; + local(@a,$_,$ret); + + return("") if $no_idea && $dir =~ /\/idea/; + return("") if $no_rc2 && $dir =~ /\/rc2/; + return("") if $no_rc4 && $dir =~ /\/rc4/; + return("") if $no_rsa && $dir =~ /\/rsa/; + return("") if $no_rsa && $dir =~ /^rsaref/; + return("") if $no_dsa && $dir =~ /\/dsa/; + return("") if $no_dh && $dir =~ /\/dh/; + if ($no_des && $dir =~ /\/des/) + { + if ($val =~ /read_pwd/) + { return("$dir/read_pwd "); } + else + { return(""); } + } + return("") if $no_mdc2 && $dir =~ /\/mdc2/; + return("") if $no_sock && $dir =~ /\/proxy/; + return("") if $no_bf && $dir =~ /\/bf/; + + $val =~ s/^\s*(.*)\s*$/$1/; + @a=split(/\s+/,$val); + grep(s/\.[och]$//,@a); + + @a=grep(!/^e_.*_3d$/,@a) if $no_des; + @a=grep(!/^e_.*_d$/,@a) if $no_des; + @a=grep(!/^e_.*_i$/,@a) if $no_idea; + @a=grep(!/^e_.*_r2$/,@a) if $no_rc2; + @a=grep(!/^e_.*_bf$/,@a) if $no_bf; + @a=grep(!/^e_rc4$/,@a) if $no_rc4; + + @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; + @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; + + @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; + + @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; + @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; + + @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; + @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; + @a=grep(!/(^pem_seal$)/,@a) if $no_rsa; + + @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa; + @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa; + + @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4; + + @a=grep(!/_dhp$/,@a) if $no_dh; + + @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha; + @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; + @a=grep(!/_mdc2$/,@a) if $no_mdc2; + + @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; + @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; + @a=grep(!/^gendsa$/,@a) if $no_sha1; + @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh; + + @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; + + grep($_="$dir/$_",@a); + @a=grep(!/(^|\/)s_/,@a) if $no_sock; + @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock; + $ret=join(' ',@a)." "; + return($ret); + } + +# change things so that each 'token' is only separated by one space +sub clean_up_ws + { + local($w)=@_; + + $w =~ s/^\s*(.*)\s*$/$1/; + $w =~ s/\s+/ /g; + return($w); + } + +sub do_defs + { + local($var,$files,$location,$postfix)=@_; + local($_,$ret); + local(*OUT,$tmp,$t); + + $files =~ s/\//$o/g if $o ne '/'; + $ret="$var="; + $n=1; + $Vars{$var}.=""; + foreach (split(/ /,$files)) + { + $_=&bname($_) unless /^\$/; + if ($n++ == 2) + { + $n=0; + $ret.="\\\n\t"; + } + if ($_ =~ /BN_MULW/) + { $t="$_ "; } + elsif ($_ =~ /DES_ENC/) + { $t="$_ "; } + elsif ($_ =~ /BF_ENC/) + { $t="$_ "; } + else { $t="$location${o}$_$postfix "; } + + $Vars{$var}.="$t "; + $ret.=$t; + } + chop($ret); + $ret.="\n\n"; + return($ret); + } + +# return the name with the leading path removed +sub bname + { + local($ret)=@_; + $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/; + return($ret); + } + +# do a rule for each file that says 'copy' to new direcory on change +sub do_copy_rule + { + local($to,$files,$p)=@_; + local($ret,$_,$n); + + $files =~ s/\//$o/g if $o ne '/'; + foreach (split(/\s+/,$files)) + { + $n=&bname($_); + $ret.="$to${o}$n$p: \$(SRC_D)$o$_$p\n\t\$(CP) \$(SRC_D)$o$_$p $to${o}$n$p\n\n"; + } + return($ret); + } + +############################################################## +# do a rule for each file that says 'compile' to new direcory +# compile the files in '$files' into $to +sub do_compile_rule + { + local($to,$files,$ex)=@_; + local($ret,$_,$n); + + $files =~ s/\//$o/g if $o ne '/'; + foreach (split(/\s+/,$files)) + { + $n=&bname($_); + $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex) + } + return($ret); + } + +############################################################## +# do a rule for each file that says 'compile' to new direcory +sub cc_compile_target + { + local($target,$source,$ex_flags)=@_; + local($ret); + + # EAY EAY + $ex_flags.=' -DCFLAGS="\"$(CC) $(CFLAG)\""' if ($source =~ /cversion/); + $target =~ s/\//$o/g if $o ne "/"; + $source =~ s/\//$o/g if $o ne "/"; + $ret ="$target: \$(SRC_D)$o$source\n\t"; + $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n"; + return($ret); + } + +############################################################## +sub do_asm_rule + { + local($target,$src)=@_; + local($ret,@s,@t,$i); + + $target =~ s/\//$o/g if $o ne "/"; + $src =~ s/\//$o/g if $o ne "/"; + + @s=split(/\s+/,$src); + @t=split(/\s+/,$target); + + for ($i=0; $i<=$#s; $i++) + { + $ret.="$t[$i]: $s[$i]\n"; + $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n"; + } + return($ret); + } + +sub do_shlib_rule + { + local($n,$def)=@_; + local($ret,$nn); + local($t); + + ($nn=$n) =~ tr/a-z/A-Z/; + $ret.="$n.dll: \$(${nn}OBJ)\n"; + if ($vc && $w32) + { + $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n \$(${nn}OBJ_F)\n<<\n"; + } + $ret.="\n"; + return($ret); + } + diff --git a/util/mkcerts.sh b/util/mkcerts.sh new file mode 100755 index 0000000000000000000000000000000000000000..5f8a1dae73954386a5579992aac2d969353f3858 --- /dev/null +++ b/util/mkcerts.sh @@ -0,0 +1,220 @@ +#!bin/sh + +# This script will re-make all the required certs. +# cd apps +# sh ../util/mkcerts.sh +# mv ca-cert.pem pca-cert.pem ../certs +# cd .. +# cat certs/*.pem >>apps/server.pem +# cat certs/*.pem >>apps/server2.pem +# SSLEAY=`pwd`/apps/ssleay; export SSLEAY +# sh tools/c_rehash certs +# + +CAbits=1024 +SSLEAY="../apps/ssleay" +CONF="-config ../apps/ssleay.cnf" + +# create pca request. +echo creating $CAbits bit PCA cert request +$SSLEAY req $CONF \ + -new -md5 -newkey $CAbits \ + -keyout pca-key.pem \ + -out pca-req.pem -nodes >/dev/null </dev/null </dev/null </dev/null </dev/null <> pca-cert.pem +cat ca-key.pem >> ca-cert.pem +cat s512-key.pem >> server.pem +cat s1024key.pem >> server2.pem +cat c512-key.pem >> client.pem + +for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem +do +$SSLEAY x509 -issuer -subject -in $i -noout >$$ +cat $$ +/bin/cat $i >>$$ +/bin/mv $$ $i +done + +#/bin/rm -f *key.pem *req.pem *.srl + +echo Finished + diff --git a/util/mkdef.pl b/util/mkdef.pl new file mode 100755 index 0000000000000000000000000000000000000000..fa683330e8e9b83a18cb35e6162178e45bd26bb6 --- /dev/null +++ b/util/mkdef.pl @@ -0,0 +1,260 @@ +#!/usr/local/bin/perl +# +# generate a .def file +# +# It does this by parsing the header files and looking for the +# non-prototyped functions. +# + +$crypto_num="util/libeay.num"; +$ssl_num= "util/ssleay.num"; + +$NT=1; +foreach (@ARGV) + { + $NT=1 if $_ eq "32"; + $NT=0 if $_ eq "16"; + $do_ssl=1 if $_ eq "ssleay"; + $do_crypto=1 if $_ eq "libeay"; + } + +if (!$do_ssl && !$do_crypto) + { + print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 ]\n"; + exit(1); + } + +%ssl_list=&load_numbers($ssl_num); +%crypto_list=&load_numbers($crypto_num); + +$ssl="ssl/ssl.h"; + +$crypto ="crypto/crypto.h"; +$crypto.=" crypto/des/des.h"; +$crypto.=" crypto/idea/idea.h"; +$crypto.=" crypto/rc4/rc4.h"; +$crypto.=" crypto/rc2/rc2.h"; +$crypto.=" crypto/bf/blowfish.h"; +$crypto.=" crypto/md/md2.h"; +$crypto.=" crypto/md/md5.h"; +$crypto.=" crypto/mdc2/mdc2.h"; +$crypto.=" crypto/sha/sha.h"; + +$crypto.=" crypto/bn/bn.h"; +$crypto.=" crypto/rsa/rsa.h"; +$crypto.=" crypto/dsa/dsa.h"; +$crypto.=" crypto/dh/dh.h"; + +$crypto.=" crypto/stack/stack.h"; +$crypto.=" crypto/buffer/buffer.h"; +$crypto.=" crypto/bio/bio.h"; +$crypto.=" crypto/lhash/lhash.h"; +$crypto.=" crypto/conf/conf.h"; +$crypto.=" crypto/txt_db/txt_db.h"; + +$crypto.=" crypto/evp/evp.h"; +$crypto.=" crypto/objects/objects.h"; +$crypto.=" crypto/pem/pem.h"; +#$crypto.=" crypto/meth/meth.h"; +$crypto.=" crypto/asn1/asn1.h"; +$crypto.=" crypto/asn1/asn1_mac.h"; +$crypto.=" crypto/err/err.h"; +$crypto.=" crypto/pkcs7/pkcs7.h"; +$crypto.=" crypto/x509/x509.h"; +$crypto.=" crypto/x509/x509_vfy.h"; +$crypto.=" crypto/rand/rand.h"; + +$match{'NOPROTO'}=1; +$match2{'PERL5'}=1; + +&print_def_file(*STDOUT,"SSLEAY",*ssl_list,&do_defs("SSLEAY",$ssl)) + if $do_ssl == 1; + +&print_def_file(*STDOUT,"LIBEAY",*crypto_list,&do_defs("LIBEAY",$crypto)) + if $do_crypto == 1; + +sub do_defs + { + local($name,$files)=@_; + local(@ret); + + $off=-1; + foreach $file (split(/\s+/,$files)) + { +# print STDERR "reading $file\n"; + open(IN,"<$file") || die "unable to open $file:$!\n"; + $depth=0; + $pr=-1; + @np=""; + $/=undef; + $a=; + while (($i=index($a,"/*")) >= 0) + { + $j=index($a,"*/"); + break unless ($j >= 0); + $a=substr($a,0,$i).substr($a,$j+2); + # print "$i $j\n"; + } + foreach (split("\n",$a)) + { + if (/^\#ifndef (.*)/) + { + push(@tag,$1); + $tag{$1}=-1; + next; + } + elsif (/^\#if !defined\(([^\)]+)\)/) + { + push(@tag,$1); + $tag{$1}=-1; + next; + } + elsif (/^\#ifdef (.*)/) + { + push(@tag,$1); + $tag{$1}=1; + next; + } + elsif (/^\#if (.*)/) + { + push(@tag,$1); + $tag{$1}=1; + next; + } + elsif (/^\#endif/) + { + $tag{$tag[$#tag]}=0; + pop(@tag); + next; + } + elsif (/^\#else/) + { + $t=$tag[$#tag]; + $tag{$t}= -$tag{$t}; + next; + } + $t=undef; + if (/^extern .*;$/) + { $t=&do_extern($name,$_); } + elsif ( ($tag{'NOPROTO'} == 1) && + ($tag{'FreeBSD'} != 1) && + (($NT && ($tag{'WIN16'} != 1)) || + (!$NT && ($tag{'WIN16'} != -1))) && + ($tag{'PERL5'} != 1)) + { $t=&do_line($name,$_); } + if (($t ne undef) && (!$done{$name,$t})) + { + $done{$name,$t}++; + push(@ret,$t); + } + } + close(IN); + } + return(@ret); + } + +sub do_line + { + local($file,$_)=@_; + local($n); + + return(undef) if /^$/; + return(undef) if /^\s/; + if (/(CRYPTO_get_locking_callback)/) + { return($1); } + elsif (/(CRYPTO_get_id_callback)/) + { return($1); } + elsif (/(CRYPTO_get_add_lock_callback)/) + { return($1); } + elsif (/(SSL_CTX_get_verify_callback)/) + { return($1); } + else + { + /\s\**(\S+)\s*\(/; + return($1); + } + } + +sub do_extern + { + local($file,$_)=@_; + local($n); + + /\s\**(\S+);$/; + return($1); + } + +sub print_def_file + { + local(*OUT,$name,*nums,@functions)=@_; + local($n)=1; + + if ($NT) + { $name.="32"; } + else + { $name.="16"; } + + print OUT <<"EOF"; +; +; Definition file for the DDL version of the $name library from SSLeay +; + +LIBRARY $name + +DESCRIPTION 'SSLeay $name - eay\@cryptsoft.com' + +EOF + + if (!$NT) + { + print <<"EOF"; +CODE PRELOAD MOVEABLE +DATA PRELOAD MOVEABLE SINGLE + +EXETYPE WINDOWS + +HEAPSIZE 4096 +STACKSIZE 8192 + +EOF + } + + print "EXPORTS\n"; + + + (@e)=grep(/^SSLeay/,@functions); + (@r)=grep(!/^SSLeay/,@functions); + @functions=((sort @e),(sort @r)); + + foreach $func (@functions) + { + if (!defined($nums{$func})) + { + printf STDERR "$func does not have a number assigned\n"; + } + else + { + $n=$nums{$func}; + printf OUT " %s%-35s@%d\n",($NT)?"":"_",$func,$n; + } + } + printf OUT "\n"; + } + +sub load_numbers + { + local($name)=@_; + local($j,@a,%ret); + + open(IN,"<$name") || die "unable to open $name:$!\n"; + while () + { + chop; + s/#.*$//; + next if /^\s*$/; + @a=split; + $ret{$a[0]}=$a[1]; + } + close(IN); + return(%ret); + } diff --git a/util/mklink.sh b/util/mklink.sh new file mode 100755 index 0000000000000000000000000000000000000000..1e052ed6ee78ceb908aedb1d93a108a2465903e1 --- /dev/null +++ b/util/mklink.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# A bit of an ugly shell script used to actually 'link' files. +# Used by 'make links' +# + +PATH=$PATH:.:util:../util:../../util +export PATH + +from=$1 +shift + +here=`pwd` +tmp=`dirname $from` +while [ "$tmp"x != "x" -a "$tmp"x != ".x" ] +do + t=`basename $here` + here=`dirname $here` + to="/$t$to" + tmp=`dirname $tmp` +done +to=..$to + +#echo from=$from +#echo to =$to +#exit 1 + +if [ "$*"x != "x" ]; then + for i in $* + do + /bin/rm -f $from/$i + point.sh $to/$i $from/$i + done +fi +exit 0; diff --git a/util/perlpath.pl b/util/perlpath.pl new file mode 100755 index 0000000000000000000000000000000000000000..0aa5ada36768b0d7896e3f583e8cb1d3b3e54c00 --- /dev/null +++ b/util/perlpath.pl @@ -0,0 +1,30 @@ +#!/usr/local/bin/perl +# +# modify the '#!/usr/local/bin/perl' +# line in all scripts that rely on perl. +# + +require "find.pl"; + +$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n"; +&find("."); + +sub wanted + { + return unless /\.pl$/ || /^[Cc]onfigur/; + + open(IN,"<$_") || die "unable to open $dir/$_:$!\n"; + @a=; + close(IN); + + $a[0]="#!$ARGV[0]/perl\n"; + + # Playing it safe... + $new="$_.new"; + open(OUT,">$new") || die "unable to open $dir/$new:$!\n"; + print OUT @a; + close(OUT); + + rename($new,$_) || die "unable to rename $dir/$new:$!\n"; + chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n"; + } diff --git a/util/pl/BC-16.pl b/util/pl/BC-16.pl new file mode 100644 index 0000000000000000000000000000000000000000..133fe7fdfecbb196db3a6a487784ab0461f5965a --- /dev/null +++ b/util/pl/BC-16.pl @@ -0,0 +1,146 @@ +#!/usr/local/bin/perl +# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries +# + +$o='\\'; +$cp='copy'; +$rm='del'; + +# C compiler stuff +$cc='bcc'; + +if ($debug) + { $op="-v "; } +else { $op="-O "; } + +$cflags="-d -ml $op -DL_ENDIAN"; +# I add the stack opt +$base_lflags="/c /C"; +$lflags="$base_lflags"; + +if ($win16) + { + $shlib=1; + $cflags.=" -DWIN16"; + $app_cflag="-W"; + $lib_cflag="-WD"; + $lflags.="/Twe"; + } +else + { + $cflags.=" -DMSDOS"; + $lflags.=" /Tde"; + } + +if ($shlib) + { + $mlflags=" /Twd $base_lflags"; # stack if defined in .def file + $libs="libw ldllcew"; + $no_asm=1; + } +else + { $mlflags=''; } + +$obj='.obj'; +$ofile="-o"; + +# EXE linking stuff +$link="tlink"; +$efile=""; +$exep='.exe'; +$ex_libs="CL"; +$ex_libs.=$no_sock?"":" winsock.lib"; + +$app_ex_obj="C0L.obj "; +$shlib_ex_obj="" if ($shlib); + +# static library stuff +$mklib='tlib'; +$ranlib='echo no ranlib'; +$plib=""; +$libp=".lib"; +$shlibp=($shlib)?".dll":".lib"; +$lfile=''; + +$asm='bcc -c -B -Tml'; +$afile='/o'; +if ($no_asm) + { + $bn_mulw_obj=''; + $bn_mulw_src=''; + } +elsif ($asmbits == 32) + { + $bn_mulw_obj='crypto\bn\asm\x86w32.obj'; + $bn_mulw_src='crypto\bn\asm\x86w32.asm'; + } +else + { + $bn_mulw_obj='crypto\bn\asm\x86w16.obj'; + $bn_mulw_src='crypto\bn\asm\x86w16.asm'; + } + +sub do_lib_rule + { + local($target,$name,$shlib)=@_; + local($ret,$Name); + + $taget =~ s/\//$o/g if $o ne '/'; + ($Name=$name) =~ tr/a-z/A-Z/; + + $ret.="$target: \$(${Name}OBJ)\n"; + $ret.="\t\$(RM) \$(O_$Name)\n"; + + # Due to a pathetic line length limit, I unwrap the args. + local($lib_names)=""; + local($dll_names)=""; + foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"})) + { + $lib_names.=" +$_ &\n"; + $dll_names.=" $_\n"; + } + + if (!$shlib) + { + $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n"; + } + else + { + local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':""; + $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n"; + $ret.=$dll_names; + $ret.="\n $target\n\n $ex $libs\nms$o${name}16.def;\n|\n"; + ($out_lib=$target) =~ s/O_/L_/; + $ret.="\timplib /nowep $out_lib $target\n\n"; + } + $ret.="\n"; + return($ret); + } + +sub do_link_rule + { + local($target,$files,$dep_libs,$libs)=@_; + local($ret,$f,$_,@f); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs\n"; + $ret.=" \$(LINK) @&&|"; + + # Due to a pathetic line length limit, I have to unwrap the args. + $ret.=" \$(LFLAGS) "; + if ($files =~ /\(([^)]*)\)$/) + { + $ret.=" \$(APP_EX_OBJ)"; + foreach $_ (sort split(/\s+/,$Vars{$1})) + { $ret.="\n $r $_ +"; } + chop($ret); + $ret.="\n"; + } + else + { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; } + $ret.=" $target\n\n $libs\n\n|\n\n"; + return($ret); + } + +1; diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl new file mode 100644 index 0000000000000000000000000000000000000000..84262a8953b1642bbdc682476f14975dd9649c45 --- /dev/null +++ b/util/pl/BC-32.pl @@ -0,0 +1,135 @@ +#!/usr/local/bin/perl +# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries +# + +$o='\\'; +$cp='copy'; +$rm='del'; + +# C compiler stuff +$cc='bcc32'; + +if ($debug) + { $op="-v "; } +else { $op="-O "; } + +$cflags="-d $op -DL_ENDIAN "; +# I add the stack opt +$base_lflags="-c"; +$lflags="$base_lflags"; + +$cflags.=" -DWIN32"; +$app_cflag="-WC"; +$lib_cflag="-WC"; +$lflags.=" -Tpe"; + +if ($shlib) + { + $mlflags="$base_lflags -Tpe"; # stack if defined in .def file + $libs="libw ldllcew"; + } +else + { $mlflags=''; } + +$obj='.obj'; +$ofile="-o"; + +# EXE linking stuff +$link="tlink32"; +$efile=""; +$exep='.exe'; +$ex_libs="CW32.LIB IMPORT32.LIB"; +$ex_libs.=$no_sock?"":" wsock32.lib"; +$shlib_ex_obj="" if $shlib; +$app_ex_obj="C0X32.OBJ"; + +# static library stuff +$mklib='tlib'; +$ranlib=''; +$plib=""; +$libp=".lib"; +$shlibp=($shlib)?".dll":".lib"; +$lfile=''; + +$asm='ml /Cp /c /Cx'; +$afile='/Fo'; +if ($noasm) + { + $bn_mulw_obj=''; + $bn_mulw_src=''; + } +else + { + $bn_mulw_obj='crypto\bn\asm\x86b32.obj'; + $bn_mulw_src='crypto\bn\asm\x86m32.asm'; + } + +sub do_lib_rule + { + local($target,$name,$shlib)=@_; + local($ret,$Name); + + $taget =~ s/\//$o/g if $o ne '/'; + ($Name=$name) =~ tr/a-z/A-Z/; + + $ret.="$target: \$(${Name}OBJ)\n"; + $ret.="\t\$(RM) \$(O_$Name)\n"; + + # Due to a pathetic line length limit, I unwrap the args. + local($lib_names)=""; + local($dll_names)=""; + foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"})) + { + $lib_names.=" +$_ &\n"; + $dll_names.=" $_\n"; + } + + if (!$shlib) + { + $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n"; + } + else + { + # $(SHLIB_EX_OBJ) + local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':""; + $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n"; + $ret.=$dll_names; + $ret.="\n $target\n\n $ex $libs\nms$o${name}16.def;\n|\n"; + ($out_lib=$target) =~ s/O_/L_/; + $ret.="\timplib /nowep $out_lib $target\n\n"; + } + $ret.="\n"; + return($ret); + } + +sub do_link_rule + { + local($target,$files,$dep_libs,$libs)=@_; + local($ret,$f,$_,@f); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs\n"; + $ret.=" \$(LINK) @&&|"; + + # Due to a pathetic line length limit, I have to unwrap the args. + $r=" \$(LFLAGS) "; + if ($files =~ /\(([^)]*)\)$/) + { + @a=('$(APP_EX_OBJ)'); + push(@a,sort split(/\s+/,$Vars{$1})); + foreach $_ (@a) + { + $ret.="\n $r $_ +"; + $r=""; + } + chop($ret); + $ret.="\n"; + } + else + { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; } + $ret.=" $target\n\n $libs\n\n|\n\n"; + return($ret); + } + +1; diff --git a/util/pl/VC-16.pl b/util/pl/VC-16.pl new file mode 100644 index 0000000000000000000000000000000000000000..ea3e5932f5404522f5e50ac76a055abef3036984 --- /dev/null +++ b/util/pl/VC-16.pl @@ -0,0 +1,165 @@ +#!/usr/local/bin/perl +# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries +# + +$ssl= "ssleay16"; +$crypto="libeay16"; +$RSAref="RSAref16"; + +$o='\\'; +$cp='copy'; +$rm='del'; + +# C compiler stuff +$cc='cl'; + +if ($debug) + { + $op="/Od /Zi /Zd"; + $base_lflags="/CO"; + } +else { + $op="/G2 /f- /Ocgnotb2"; + } +$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000"; +if ($win16) { $base_lflags.=" /PACKD:60000"; } + +$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo"; +# I add the stack opt +$lflags="$base_lflags /STACK:20000"; + +if ($win16) + { + $cflags.=" -DWIN16"; + $app_cflag="/Gw /FPi87"; + $lib_cflag="/Gw"; + $lib_cflag.=" -DWIN16TTY" if !$shlib; + $lflags.=" /ALIGN:16"; + $ex_libs.="oldnames llibcewq libw"; + } +else + { + $no_sock=1; + $cflags.=" -DMSDOS"; + $lflags.=" /EXEPACK"; + $ex_libs.="oldnames.lib llibce.lib"; + } + +if ($shlib) + { + $mlflags="$base_lflags"; + $libs="oldnames ldllcew libw"; + $shlib_ex_obj=""; +# $no_asm=1; + } +else + { $mlflags=''; } + +$app_ex_obj="setargv.obj"; + +$obj='.obj'; +$ofile="/Fo"; + +# EXE linking stuff +$link="link"; +$efile=""; +$exep='.exe'; +$ex_libs.=$no_sock?"":" winsock"; + +# static library stuff +$mklib='lib /PAGESIZE:1024'; +$ranlib=''; +$plib=""; +$libp=".lib"; +$shlibp=($shlib)?".dll":".lib"; +$lfile=''; + +$asm='ml /Cp /c /Cx'; +$afile='/Fo'; + +$bn_mulw_obj=''; +$bn_mulw_src=''; +$des_enc_obj=''; +$des_enc_src=''; +$bf_enc_obj=''; +$bf_enc_src=''; + +if (!$no_asm) + { + if ($asmbits == 32) + { + $bn_mulw_obj='crypto\bn\asm\x86w32.obj'; + $bn_mulw_src='crypto\bn\asm\x86w32.asm'; + } + else + { + $bn_mulw_obj='crypto\bn\asm\x86w16.obj'; + $bn_mulw_src='crypto\bn\asm\x86w16.asm'; + } + } + +sub do_lib_rule + { + local($objs,$target,$name,$shlib)=@_; + local($ret,$Name); + + $taget =~ s/\//$o/g if $o ne '/'; + ($Name=$name) =~ tr/a-z/A-Z/; + + $ret.="$target: $objs\n"; +# $ret.="\t\$(RM) \$(O_$Name)\n"; + + # Due to a pathetic line length limit, I unwrap the args. + local($lib_names)=""; + local($dll_names)=" \$(SHLIB_EX_OBJ) +\n"; + ($obj)= ($objs =~ /\((.*)\)/); + foreach $_ (sort split(/\s+/,$Vars{$obj})) + { + $lib_names.="+$_ &\n"; + $dll_names.=" $_ +\n"; + } + + if (!$shlib) + { + $ret.="\tdel $target\n"; + $ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n"; + } + else + { + local($ex)=($target eq '$(O_SSL)')?'$(L_CRYPTO)':""; + $ex.=' winsock'; + $ret.="\t\$(LINK) \$(MLFLAGS) @<<\n"; + $ret.=$dll_names; + $ret.="\n $target\n\n $ex $libs\nms$o${name}.def;\n<<\n"; + ($out_lib=$target) =~ s/O_/L_/; + $ret.="\timplib /noignorecase /nowep $out_lib $target\n"; + } + $ret.="\n"; + return($ret); + } + +sub do_link_rule + { + local($target,$files,$dep_libs,$libs)=@_; + local($ret,$f,$_,@f); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs\n"; + $ret.=" \$(LINK) \$(LFLAGS) @<<\n"; + + # Due to a pathetic line length limit, I have to unwrap the args. + if ($files =~ /\(([^)]*)\)$/) + { + @a=('$(APP_EX_OBJ)'); + push(@a,sort split(/\s+/,$Vars{$1})); + for $_ (@a) + { $ret.=" $_ +\n"; } + } + else + { $ret.=" \$(APP_EX_OBJ) $files"; } + $ret.="\n $target\n\n $libs\n\n<<\n\n"; + return($ret); + } + +1; diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl new file mode 100644 index 0000000000000000000000000000000000000000..12bc58e5143b502158c02f99d7c6806af7baed4e --- /dev/null +++ b/util/pl/VC-32.pl @@ -0,0 +1,111 @@ +#!/usr/local/bin/perl +# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries +# + +$ssl= "ssleay32"; +$crypto="libeay32"; +$RSAref="RSAref32"; + +$o='\\'; +$cp='copy'; +$rm='del'; + +# C compiler stuff +$cc='cl'; +$cflags='/W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN'; +$lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; +$mlflags=''; +if ($debug) + { + $cflags="/W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN"; + $lflags.=" /debug"; + $mlflags.=' /debug'; + } +$obj='.obj'; +$ofile="/Fo"; + +# EXE linking stuff +$link="link"; +$efile="/out:"; +$exep='.exe'; +if ($no_sock) + { $ex_libs=""; } +else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; } + +# static library stuff +$mklib='lib'; +$ranlib=''; +$plib=""; +$libp=".lib"; +$shlibp=($shlib)?".dll":".lib"; +$lfile='/out:'; + +$shlib_ex_obj=""; +$app_ex_obj="setargv.obj"; + +$asm='ml /Cp /coff /c /Cx'; +$afile='/Fo'; + +$bn_mulw_obj=''; +$bn_mulw_src=''; +$des_enc_obj=''; +$des_enc_src=''; +$bf_enc_obj=''; +$bf_enc_src=''; + +if (!$no_asm) + { + $bn_mulw_obj='crypto\bn\asm\x86nt32.obj'; + $bn_mulw_src='crypto\bn\asm\x86nt32.asm'; + $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\c-win32.obj'; + $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\c-win32.asm'; + $bf_enc_obj='crypto\bf\asm\b-win32.obj'; + $bf_enc_src='crypto\bf\asm\b-win32.asm'; + } + +if ($shlib) + { + $mlflags.=" $lflags /dll"; + $cflags.=" /MD"; + $cflags.="d" if ($debug); + $lib_cflag=" /GD"; + } + +sub do_lib_rule + { + local($objs,$target,$name,$shlib)=@_; + local($ret,$Name); + + $taget =~ s/\//$o/g if $o ne '/'; + ($Name=$name) =~ tr/a-z/A-Z/; + + $ret.="$target: $objs\n"; + if (!$shlib) + { +# $ret.="\t\$(RM) \$(O_$Name)\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs\n<<\n"; + } + else + { + local($ex)=($target eq '$(O_SSL)')?' $(L_CRYPTO)':''; + $ex.=' wsock32.lib gdi32.lib'; + $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + } + $ret.="\n"; + return($ret); + } + +sub do_link_rule + { + local($target,$files,$dep_libs,$libs)=@_; + local($ret,$_); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs\n"; + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n\n"; + return($ret); + } + +1; diff --git a/util/pl/f.mak b/util/pl/f.mak new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/util/pl/unix.pl b/util/pl/unix.pl new file mode 100644 index 0000000000000000000000000000000000000000..4c0c91a67442c32ba0e01eb5284316fff2e3b77c --- /dev/null +++ b/util/pl/unix.pl @@ -0,0 +1,82 @@ +#!/usr/local/bin/perl +# +# unix.pl - the standard unix makefile stuff. +# + +$o='/'; +$cp='/bin/cp'; +$rm='/bin/rm -f'; + +# C compiler stuff + +if ($gcc) + { + $cc='gcc'; + if ($debug) + { $cflags="-g2 -ggdb"; } + else + { $cflags="-O3 -fomit-frame-pointer"; } + } +else + { + $cc='cc'; + if ($debug) + { $cflags="-g"; } + else + { $cflags="-O"; } + } +$obj='.o'; +$ofile='-o '; + +# EXE linking stuff +$link='${CC}'; +$lflags='${CFLAGS}'; +$efile='-o '; +$exep=''; +$ex_libs=""; + +# static library stuff +$mklib='ar r'; +$mlflags=''; +$ranlib='util/ranlib.sh'; +$plib='lib'; +$libp=".a"; +$shlibp=".a"; +$lfile=''; + +$asm='as'; +$afile='-o '; +$bn_mulw_obj=""; +$bn_mulw_src=""; +$des_enc_obj=""; +$des_enc_src=""; +$bf_enc_obj=""; +$bf_enc_src=""; + +sub do_lib_rule + { + local($obj,$target,$name,$shlib)=@_; + local($ret,$_,$Name); + + $target =~ s/\//$o/g if $o ne '/'; + ($Name=$name) =~ tr/a-z/A-Z/; + + $ret.="$target: \$(${Name}OBJ)\n"; + $ret.="\t\$(RM) $target\n"; + $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; + $ret.="\t\$(RANLIB) $target\n\n"; + } + +sub do_link_rule + { + local($target,$files,$dep_libs,$libs)=@_; + local($ret,$_); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($target); + $ret.="$target: $files $dep_libs\n"; + $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + return($ret); + } + +1; diff --git a/util/point.sh b/util/point.sh new file mode 100755 index 0000000000000000000000000000000000000000..92c12e82829831d10c69af63ed6b72f85c476252 --- /dev/null +++ b/util/point.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +/bin/rm -f $2 +ln -s $1 $2 diff --git a/util/ranlib.sh b/util/ranlib.sh new file mode 100755 index 0000000000000000000000000000000000000000..543f712c6ba7b87fd1036003c339b75462ca29df --- /dev/null +++ b/util/ranlib.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +cwd=`pwd` +cd /tmp + +if [ -s /bin/ranlib ] ; then + RL=/bin/ranlib +else if [ -s /usr/bin/ranlib ] ; then + RL=/usr/bin/ranlib +fi +fi + +if [ "x$RL" != "x" ] +then + case "$1" in + /*) + $RL "$1" + ;; + *) + $RL "$cwd/$1" + ;; + esac +fi diff --git a/util/sp-diff.pl b/util/sp-diff.pl new file mode 100755 index 0000000000000000000000000000000000000000..fbea9717ecb9d50da3def4cf222fc759d4b3f004 --- /dev/null +++ b/util/sp-diff.pl @@ -0,0 +1,80 @@ +#!/usr/local/bin/perl +# +# This file takes as input, the files that have been output from +# ssleay speed. +# It prints a table of the relative differences with %100 being 'no difference' +# + +($#ARGV == 1) || die "$0 speedout1 speedout2\n"; + +%one=&loadfile($ARGV[0]); +%two=&loadfile($ARGV[1]); + +$line=0; +foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3", + "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc") + { + if (defined($one{$a,8}) && defined($two{$a,8})) + { + print "type 8 byte% 64 byte% 256 byte% 1024 byte% 8192 byte%\n" + unless $line; + $line++; + printf "%-12s ",$a; + foreach $b (8,64,256,1024,8192) + { + $r=$two{$a,$b}/$one{$a,$b}*100; + printf "%12.2f",$r; + } + print "\n"; + } + } + +foreach $a ( + "rsa 512","rsa 1024","rsa 2048","rsa 4096", + "dsa 512","dsa 1024","dsa 2048", + ) + { + if (defined($one{$a,1}) && defined($two{$a,1})) + { + $r1=($one{$a,1}/$two{$a,1})*100; + $r2=($one{$a,2}/$two{$a,2})*100; + printf "$a bits %% %6.2f %% %6.2f\n",$r1,$r2; + } + } + +sub loadfile + { + local($file)=@_; + local($_,%ret); + + open(IN,"<$file") || die "unable to open '$file' for input\n"; + $header=1; + while () + { + $header=0 if /^[dr]sa/; + if (/^type/) { $header=0; next; } + next if $header; + chop; + @a=split; + if ($a[0] =~ /^[dr]sa$/) + { + ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/); + $ret{$n,1}=$t1; + $ret{$n,2}=$t2; + } + else + { + $n=join(' ',grep(/[^k]$/,@a)); + @k=grep(s/k$//,@a); + + $ret{$n, 8}=$k[0]; + $ret{$n, 64}=$k[1]; + $ret{$n, 256}=$k[2]; + $ret{$n,1024}=$k[3]; + $ret{$n,8192}=$k[4]; + } + } + close(IN); + return(%ret); + } + diff --git a/util/speed.sh b/util/speed.sh new file mode 100755 index 0000000000000000000000000000000000000000..e44f20c8a961178db486e3f1464f259cc23866c8 --- /dev/null +++ b/util/speed.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# +# This is a ugly script use, in conjuction with editing the 'b' +# configuration in the $(TOP)/Configure script which will +# output when finished a file called speed.log which is the +# timings of SSLeay with various options turned on or off. +# +# from the $(TOP) directory +# Edit Configure, modifying things to do with the b/bl-4c-2c etc +# configurations. +# + +make clean +perl Configure b +make +apps/ssleay version -v -b -f >speed.1 +apps/ssleay speed >speed.1l + +perl Configure bl-4c-2c +/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md/md2_dgst.o +make +apps/ssleay speed rc4 rsa md2 >speed.2l + +perl Configure bl-4c-ri +/bin/rm -f crypto/rc4/rc4*.o +make +apps/ssleay speed rc4 >speed.3l + +perl Configure b2-is-ri-dp +/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o +apps/ssleay speed rsa rc4 idea des >speed.4l + +cat speed.1 >speed.log +cat speed.1l >>speed.log +perl util/sp-diff.pl speed.1l speed.2l >>speed.log +perl util/sp-diff.pl speed.1l speed.3l >>speed.log +perl util/sp-diff.pl speed.1l speed.4l >>speed.log + diff --git a/util/src-dep.pl b/util/src-dep.pl new file mode 100755 index 0000000000000000000000000000000000000000..ad997e4746838fcf3152fa2f5b673c0caf83bdcc --- /dev/null +++ b/util/src-dep.pl @@ -0,0 +1,147 @@ +#!/usr/local/bin/perl + +# we make up an array of +# $file{function_name}=filename; +# $unres{filename}="func1 func2 ...." +$debug=1; +#$nm_func="parse_linux"; +$nm_func="parse_solaris"; + +foreach (@ARGV) + { + &$nm_func($_); + } + +foreach $file (sort keys %unres) + { + @a=split(/\s+/,$unres{$file}); + %ff=(); + foreach $func (@a) + { + $f=$file{$func}; + $ff{$f}=1 if $f ne ""; + } + + foreach $a (keys %ff) + { $we_need{$file}.="$a "; } + } + +foreach $file (sort keys %we_need) + { +# print " $file $we_need{$file}\n"; + foreach $bit (split(/\s+/,$we_need{$file})) + { push(@final,&walk($bit)); } + + foreach (@final) { $fin{$_}=1; } + @final=""; + foreach (sort keys %fin) + { push(@final,$_); } + + print "$file: @final\n"; + } + +sub walk + { + local($f)=@_; + local(@a,%seen,@ret,$r); + + @ret=""; + $f =~ s/^\s+//; + $f =~ s/\s+$//; + return "" if ($f =~ "^\s*$"); + + return(split(/\s/,$done{$f})) if defined ($done{$f}); + + return if $in{$f} > 0; + $in{$f}++; + push(@ret,$f); + foreach $r (split(/\s+/,$we_need{$f})) + { + push(@ret,&walk($r)); + } + $in{$f}--; + $done{$f}=join(" ",@ret); + return(@ret); + } + +sub parse_linux + { + local($name)=@_; + + open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n"; + while () + { + chop; + next if /^\s*$/; + if (/^[^[](.*):$/) + { + $file=$1; + $file="$1.c" if /\[(.*).o\]/; + print STDERR "$file\n"; + $we_need{$file}=" "; + next; + } + + @a=split(/\s*\|\s*/); + next unless $#a == 7; + next unless $a[4] eq "GLOB"; + if ($a[6] eq "UNDEF") + { + $unres{$file}.=$a[7]." "; + } + else + { + if ($file{$a[7]} ne "") + { + print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n"; + } + else + { + $file{$a[7]}=$file; + } + } + } + close(IN); + } + +sub parse_solaris + { + local($name)=@_; + + open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n"; + while () + { + chop; + next if /^\s*$/; + if (/^(\S+):$/) + { + $file=$1; + #$file="$1.c" if $file =~ /^(.*).o$/; + print STDERR "$file\n"; + $we_need{$file}=" "; + next; + } + @a=split(/\s*\|\s*/); + next unless $#a == 7; + next unless $a[4] eq "GLOB"; + if ($a[6] eq "UNDEF") + { + $unres{$file}.=$a[7]." "; + print STDERR "$file needs $a[7]\n" if $debug; + } + else + { + if ($file{$a[7]} ne "") + { + print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n"; + } + else + { + $file{$a[7]}=$file; + print STDERR "$file has $a[7]\n" if $debug; + } + } + } + close(IN); + } + diff --git a/util/ssldir.pl b/util/ssldir.pl new file mode 100755 index 0000000000000000000000000000000000000000..6c30685206989c7e91a19b7c9a99d73dd7c47ca5 --- /dev/null +++ b/util/ssldir.pl @@ -0,0 +1,52 @@ +#!/usr/local/bin/perl + +$#ARGV == 0 || die "usage: ssldir.pl /new/path\n"; +@files=('crypto/cryptlib.h', + 'Makefile.ssl', + 'tools/c_rehash', + 'util/mk1mf.pl', + ); + +%cryptlib=( + '\sX509_CERT_AREA\s',"#define X509_CERT_AREA\t\t".'"%s"', + '\sX509_CERT_DIR\s', "#define X509_CERT_DIR\t\t".'"%s/certs"', + '\sX509_CERT_FILE\s', "#define X509_CERT_FILE\t\t".'"%s/cert.pem"', + '\sX509_PRIVATE_DIR\s',"#define X509_PRIVATE_DIR\t".'"%s/private"', + ); + +%Makefile_ssl=( + '^INSTALLTOP=','INSTALLTOP=%s', + ); + +%c_rehash=( + '^DIR=', 'DIR=%s', + ); + +%mk1mf=( + '^$INSTALLTOP=','$INSTALLTOP="%s";', + ); + +&dofile("crypto/cryptlib.h",$ARGV[0],%cryptlib); +&dofile("Makefile.ssl",$ARGV[0],%Makefile_ssl); +&dofile("tools/c_rehash",$ARGV[0],%c_rehash); +&dofile("util/mk1mf.pl",$ARGV[0],%mk1mf); + +sub dofile + { + ($f,$p,%m)=@_; + + open(IN,"<$f") || die "unable to open $f:$!\n"; + @a=; + close(IN); + foreach $k (keys %m) + { + grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); + } + ($ff=$f) =~ s/\..*$//; + open(OUT,">$ff.new") || die "unable to open $f:$!\n"; + print OUT @a; + close(OUT); + rename($f,"$ff.old") || die "unable to rename $f\n"; + rename("$ff.new",$f) || die "unable to rename $ff.new\n"; + } + diff --git a/util/ssleay.num b/util/ssleay.num new file mode 100755 index 0000000000000000000000000000000000000000..592de9bb0e81ba8dc726fc2713b9e12e5aa0ee5d --- /dev/null +++ b/util/ssleay.num @@ -0,0 +1,131 @@ +ERR_load_SSL_strings 1 +SSL_CIPHER_description 2 +SSL_CTX_add_client_CA 3 +SSL_CTX_add_session 4 +SSL_CTX_check_private_key 5 +SSL_CTX_ctrl 6 +SSL_CTX_flush_sessions 7 +SSL_CTX_free 8 +SSL_CTX_get_client_CA_list 9 +SSL_CTX_get_verify_callback 10 +SSL_CTX_get_verify_mode 11 +SSL_CTX_new 12 +SSL_CTX_remove_session 13 +SSL_CTX_set_cert_verify_cb 14 +SSL_CTX_set_cipher_list 15 +SSL_CTX_set_client_CA_list 16 +SSL_CTX_set_default_passwd_cb 17 +SSL_CTX_set_dh_params 18 +SSL_CTX_set_ssl_version 19 +SSL_CTX_set_tmp_rsa 20 +SSL_CTX_set_verify 21 +SSL_CTX_use_PrivateKey 22 +SSL_CTX_use_PrivateKey_ASN1 23 +SSL_CTX_use_PrivateKey_file 24 +SSL_CTX_use_RSAPrivateKey 25 +SSL_CTX_use_RSAPrivateKey_ASN1 26 +SSL_CTX_use_RSAPrivateKey_file 27 +SSL_CTX_use_certificate 28 +SSL_CTX_use_certificate_ASN1 29 +SSL_CTX_use_certificate_file 30 +SSL_SESSION_free 31 +SSL_SESSION_new 32 +SSL_SESSION_print 33 +SSL_SESSION_print_fp 34 +SSL_accept 35 +SSL_add_client_CA 36 +SSL_alert_desc_string 37 +SSL_alert_desc_string_long 38 +SSL_alert_type_string 39 +SSL_alert_type_string_long 40 +SSL_check_private_key 41 +SSL_clear 42 +SSL_connect 43 +SSL_copy_session_id 44 +SSL_ctrl 45 +SSL_dup 46 +SSL_dup_CA_list 47 +SSL_free 48 +SSL_get_certificate 49 +#SSL_get_cipher 50 +#SSL_get_cipher_bits 51 +SSL_get_cipher_list 52 +#SSL_get_cipher_name 53 +#SSL_get_cipher_version 54 +SSL_get_ciphers 55 +SSL_get_client_CA_list 56 +SSL_get_default_timeout 57 +SSL_get_error 58 +SSL_get_fd 59 +SSL_get_peer_cert_chain 60 +SSL_get_peer_certificate 61 +SSL_get_privatekey 62 +SSL_get_rbio 63 +SSL_get_read_ahead 64 +SSL_get_shared_ciphers 65 +SSL_get_ssl_method 66 +SSL_get_time 67 +SSL_get_timeout 68 +SSL_get_verify_callback 69 +SSL_get_verify_mode 70 +SSL_get_version 71 +SSL_get_wbio 72 +SSL_load_client_CA_file 73 +SSL_load_error_strings 74 +SSL_new 75 +SSL_peek 76 +SSL_pending 77 +SSL_read 78 +SSL_renegotiate 79 +SSL_rstate_string 80 +SSL_rstate_string_long 81 +SSL_set_accept_state 82 +SSL_set_bio 83 +SSL_set_cipher_list 84 +SSL_set_client_CA_list 85 +SSL_set_connect_state 86 +SSL_set_fd 87 +SSL_set_read_ahead 88 +SSL_set_rfd 89 +SSL_set_session 90 +SSL_set_ssl_method 91 +SSL_set_time 92 +SSL_set_timeout 93 +SSL_set_verify 94 +SSL_set_wfd 95 +SSL_shutdown 96 +SSL_state_string 97 +SSL_state_string_long 98 +SSL_use_PrivateKey 99 +SSL_use_PrivateKey_ASN1 100 +SSL_use_PrivateKey_file 101 +SSL_use_RSAPrivateKey 102 +SSL_use_RSAPrivateKey_ASN1 103 +SSL_use_RSAPrivateKey_file 104 +SSL_use_certificate 105 +SSL_use_certificate_ASN1 106 +SSL_use_certificate_file 107 +SSL_write 108 +SSLeay_add_ssl_algorithms 109 +SSLv23_client_method 110 +SSLv23_method 111 +SSLv23_server_method 112 +SSLv2_client_method 113 +SSLv2_method 114 +SSLv2_server_method 115 +SSLv3_client_method 116 +SSLv3_method 117 +SSLv3_server_method 118 +d2i_SSL_SESSION 119 +i2d_SSL_SESSION 120 +BIO_f_ssl 121 +BIO_new_ssl 122 +BIO_proxy_ssl_copy_session_id 123 +BIO_ssl_copy_session_id 124 +SSL_do_handshake 125 +SSL_get_privatekey 126 +SSL_get_current_cipher 127 +SSL_CIPHER_get_bits 128 +SSL_CIPHER_get_version 129 +SSL_CIPHER_get_name 130 +BIO_ssl_shutdown 131 diff --git a/util/tab_num.pl b/util/tab_num.pl new file mode 100755 index 0000000000000000000000000000000000000000..a81ed0edc2452ce7b1ae9adc857c187e1ca01de9 --- /dev/null +++ b/util/tab_num.pl @@ -0,0 +1,17 @@ +#!/usr/local/bin/perl + +$num=1; +$width=40; + +while (<>) + { + chop; + + $i=length($_); + + $n=$width-$i; + $i=int(($n+7)/8); + print $_.("\t" x $i).$num."\n"; + $num++; + } + diff --git a/util/up_ver.pl b/util/up_ver.pl new file mode 100755 index 0000000000000000000000000000000000000000..c2fc7c313b5fb16457c01c8e2172d9a0e2d4c234 --- /dev/null +++ b/util/up_ver.pl @@ -0,0 +1,70 @@ +#!/usr/local/bin/perl +# +# Up the version numbers in the files. +# + +@files=( + "crypto/des/ecb_enc.c", + "crypto/idea/i_ecb.c", + "crypto/lhash/lhash.c", + "crypto/conf/conf.c", + "crypto/md/md2_dgst.c", + "crypto/md/md5_dgst.c", + "crypto/pem/pem_lib.c", + "crypto/bn/bn_lib.c", + "crypto/dh/dh_lib.c", + "crypto/rc4/rc4_enc.org", + "crypto/rc2/rc2_ecb.c", + "crypto/bf/bf_ecb.c", + "crypto/rsa/rsa_lib.c", + "crypto/dsa/dsa_lib.c", + "crypto/sha/sha1dgst.c", + "crypto/sha/sha_dgst.c", + "crypto/asn1/asn1_lib.c", + "crypto/x509/x509_vfy.c", + "crypto/evp/evp_enc.c", + "crypto/rand/md_rand.c", + "crypto/stack/stack.c", + "crypto/txt_db/txt_db.c", + "crypto/cversion.c", + "ssl/ssl_lib.c", + "ssl/s2_lib.c", + "ssl/s3_lib.c", + "README", + ); + +@month=('Jan','Feb','Mar','Apr','May','Jun', + 'Jul','Aug','Sep','Oct','Nov','Dec'); +@a=localtime(time()); +$time=sprintf("%02d-%s-%04d",$a[3],$month[$a[4]],$a[5]+1900); + +$ver=$ARGV[0]; +($ver ne "") || die "no version number specified\n"; + +foreach $file (@files) + { + open(IN,"<$file") || die "unable to open $file:$!\n"; + open(OUT,">$file.new") || die "unable to open $file.new:$!\n"; + $found=0; + + print STDERR "$file:"; + + while () + { + if (s/SSLeay \d\.\d.\d[^"]*(\"|\s)/SSLeay $ver $time\1/) + { + print STDERR " Done"; + $found++; + print OUT; + while () { print OUT; } + last; + } + print OUT; + } + print STDERR "\n"; + close(IN); + close(OUT); + (!$found) && die "unable to update the version number in $file\n"; + rename($file,"$file.old") || die "unable to rename $file:$!\n"; + rename("$file.new",$file) || die "unable to rename $file.new:$!\n"; + }