Ops, interrupted commit. Fixed

shouldn't again start with thousend little text files or we quickly come back
to the old SSLeay days ;-)

.cvsignore

@@ -0,0 +1 @@
+Makefile.ssl

CHANGES

@@ -0,0 +1,833 @@
+
+ OpenSSL CHANGES
+ _______________
+
+
+ Changes between 0.9.1c and 0.9.2b
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparision
+     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey@channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script everytime: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (seperated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
+
+  *) Cleaned up the LICENSE document: The official contact for any license
+     questions now is the OpenSSL core team under openssl-core@openssl.org.
+     And add a paragraph about the dual-license situation to make sure people
+     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+     to the OpenSSL toolkit.
+     [Ralf S. Engelschall]
+
+  *) General source tree makefile cleanups: Made `making xxx in yyy...'
+     display consistent in the source tree and replaced `/bin/rm' by `rm'.
+     Additonally cleaned up the `make links' target: Remove unnecessary
+     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+     to speed processing and no longer clutter the display with confusing
+     stuff. Instead only the actually done links are displayed.
+     [Ralf S. Engelschall]
+
+  *) Permit null encryption ciphersuites, used for authentication only. It used
+     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+     encryption.
+     [Ben Laurie]
+
+  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+     signed attributes when verifying signatures (this would break them), 
+     the detached data encoding was wrong and public keys obtained using
+     X509_get_pubkey() weren't freed.
+     [Steve Henson]
+
+  *) Add text documentation for the BUFFER functions. Also added a work around
+     to a Win95 console bug. This was triggered by the password read stuff: the
+     last character typed gets carried over to the next fread(). If you were 
+     generating a new cert request using 'req' for example then the last
+     character of the passphrase would be CR which would then enter the first
+     field as blank.
+     [Steve Henson]
+
+  *) Added the new `Includes OpenSSL Cryptography Software' button as
+     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+     button and can be used by applications based on OpenSSL to show the
+     relationship to the OpenSSL project.  
+     [Ralf S. Engelschall]
+
+  *) Remove confusing variables in function signatures in files
+     ssl/ssl_lib.c and ssl/ssl.h.
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Don't install bss_file.c under PREFIX/include/
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+     functions that return function pointers and has support for NT specific
+     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+     unsigned to signed types: this was killing the Win32 compile.
+     [Steve Henson]
+
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+     This means that Apache-SSL and similar packages don't have to mess around
+     to add as many CAs as they want to the preferred list.
+     [Ben Laurie]
+
+  *) Experiment with doxygen documentation. Currently only partially applied to
+     ssl/ssl_lib.c.
+     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+     openssl.doxy as the configuration file.
+     [Ben Laurie]
+  
+  *) Get rid of remaining C++-style comments which strict C compilers hate.
+     [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server). 
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them. 
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
+  *) Move s_server -dcert and -dkey options out of the undocumented feature
+     area because they are useful for the DSA situation and should be
+     recognized by the users.
+     [Ralf S. Engelschall]
+
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+     from `int' to `unsigned int' because it's a length and initialized by
+     EVP_DigestFinal() which expects an `unsigned int *'.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Don't hard-code path to Perl interpreter on shebang line of Configure
+     script. Instead use the usual Shell->Perl transition trick.
+     [Ralf S. Engelschall]
+
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
+  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+     BIO. See the source (crypto/evp/bio_ok.c) for more info.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
+  *) Add cool BIO that does syslog (or event log on NT).
+     [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
+
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
+  *) Add preliminary config info for new extension code.
+     [Steve Henson]
+
+  *) Make RSA_NO_PADDING really use no padding.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
+  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+     key usage extension and fuller support for authority key id.
+     [Steve Henson]
+
+  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+     padding method for RSA, which is recommended for new applications in PKCS
+     #1 v2.0 (RFC 2437, October 1998).
+     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+     against Bleichbacher's attack on RSA.
+     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
+      Ben Laurie]
+
+  *) Updates to the new SSL compression code
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Fix so that the version number in the master secret, when passed
+     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+     (because the server will not accept higher), that the version number
+     is 0x03,0x01, not 0x03,0x00
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
+  *) Support for RAW extensions where an arbitrary extension can be
+     created by including its DER encoding. See apps/openssl.cnf for
+     an example.
+     [Steve Henson]
+
+  *) Make sure latest Perl versions don't interpret some generated C array
+     code as Perl array code in the crypto/err/err_genc.pl script.
+     [Lars Weber <3weber@informatik.uni-hamburg.de>]
+
+  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+     not many people have the assembler. Various Win32 compilation fixes and
+     update to the INSTALL.W32 file with (hopefully) more accurate Win32
+     build instructions.
+     [Steve Henson]
+
+  *) Modify configure script 'Configure' to automatically create crypto/date.h
+     file under Win32 and also build pem.h from pem.org. New script
+     util/mkfiles.pl to create the MINFO file on environments that can't do a
+     'make files': perl util/mkfiles.pl >MINFO should work.
+     [Steve Henson]
+
+  *) Major rework of DES function declarations, in the pursuit of correctness
+     and purity. As a result, many evil casts evaporated, and some weirdness,
+     too. You may find this causes warnings in your code. Zapping your evil
+     casts will probably fix them. Mostly.
+     [Ben Laurie]
+
+  *) Fix for a typo in asn1.h. Bug fix to object creation script
+     obj_dat.pl. It considered a zero in an object definition to mean
+     "end of object": none of the objects in objects.h have any zeros
+     so it wasn't spotted.
+     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
+
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
+  *) Correct calculation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
+  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+     message is now correct (it understands "crypto" and "ssl" on its
+     command line). There is also now an "update" option. This will update
+     the util/ssleay.num and util/libeay.num files with any new functions.
+     If you do a: 
+     perl util/mkdef.pl crypto ssl update
+     it will update them.
+     [Steve Henson]
+
+  *) Overhauled the Perl interface (perl/*):
+     - ported BN stuff to OpenSSL's different BN library
+     - made the perl/ source tree CVS-aware
+     - renamed the package from SSLeay to OpenSSL (the files still contain
+       their history because I've copied them in the repository)
+     - removed obsolete files (the test scripts will be replaced
+       by better Test::Harness variants in the future)
+     [Ralf S. Engelschall]
+
+  *) First cut for a very conservative source tree cleanup:
+     1. merge various obsolete readme texts into doc/ssleay.txt
+     where we collect the old documents and readme texts.
+     2. remove the first part of files where I'm already sure that we no
+     longer need them because of three reasons: either they are just temporary
+     files which were left by Eric or they are preserved original files where
+     I've verified that the diff is also available in the CVS via "cvs diff
+     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+     the crypto/md/ stuff).
+     [Ralf S. Engelschall]
+
+  *) More extension code. Incomplete support for subject and issuer alt
+     name, issuer and authority key id. Change the i2v function parameters
+     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+     what that's for :-) Fix to ASN1 macro which messed up
+     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+     [Steve Henson]
+
+  *) Preliminary support for ENUMERATED type. This is largely copied from the
+     INTEGER code.
+     [Steve Henson]
+
+  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Make sure `make rehash' target really finds the `openssl' program.
+     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+     like to hear about it if this slows down other processors.
+     [Ben Laurie]
+
+  *) Add CygWin32 platform information to Configure script.
+     [Alan Batie <batie@aahz.jf.intel.com>]
+
+  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
+  
+  *) New program nseq to manipulate netscape certificate sequences
+     [Steve Henson]
+
+  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+     few typos.
+     [Steve Henson]
+
+  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
+     but the BN code had some problems that would cause failures when
+     doing certificate verification and some other functions.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
+  *) Modify the 'ca' program to handle the new extension code. Modify
+     openssl.cnf for new extension format, add comments.
+     [Steve Henson]
+
+  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+     and add a sample to openssl.cnf so req -x509 now adds appropriate
+     CA extensions.
+     [Steve Henson]
+
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
+     [Steve Henson]
+
+  *) Takes a deep breath and start addding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
+  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+     can still be regenerated with "make depend".
+     [Ben Laurie]
+
+  *) Spelling mistake in C version of CAST-128.
+     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
+
+  *) Changes to the error generation code. The perl script err-code.pl 
+     now reads in the old error codes and retains the old numbers, only
+     adding new ones if necessary. It also only changes the .err files if new
+     codes are added. The makefiles have been modified to only insert errors
+     when needed (to avoid needlessly modifying header files). This is done
+     by only inserting errors if the .err file is newer than the auto generated
+     C file. To rebuild all the error codes from scratch (the old behaviour)
+     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+     or delete all the .err files.
+     [Steve Henson]
+
+  *) CAST-128 was incorrectly implemented for short keys. The C version has
+     been fixed, but is untested. The assembler versions are also fixed, but
+     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+     to regenerate it if needed.
+     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+      Hagino <itojun@kame.net>]
+
+  *) File was opened incorrectly in randfile.c.
+     [Ulf M<>ller <ulf@fitug.de>]
+
+  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+     al: it's just almost always a UTCTime. Note this patch adds new error
+     codes so do a "make errors" if there are problems.
+     [Steve Henson]
+
+  *) Correct Linux 1 recognition in config.
+     [Ulf M<>ller <ulf@fitug.de>]
+
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody@replay.com>]
+
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
+  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+     [Ben Laurie]
+
+  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+     parameters. This was causing a warning which killed off the Win32 compile.
+     [Steve Henson]
+
+  *) Remove C++ style comments from crypto/bn/bn_local.h.
+     [Neil Costigan <neil.costigan@celocom.com>]
+
+  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+     based on a text string, looking up short and long names and finally
+     "dot" format. The "dot" format stuff didn't work. Added new function
+     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
+     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+     OID is not part of the table.
+     [Steve Henson]
+
+  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+     X509_LOOKUP_by_alias().
+     [Ben Laurie]
+
+  *) Sort openssl functions by name.
+     [Ben Laurie]
+
+  *) Get the gendsa program working (hopefully) and add it to app list. Remove
+     encryption from sample DSA keys (in case anyone is interested the password
+     was "1234").
+     [Steve Henson]
+
+  *) Make _all_ *_free functions accept a NULL pointer.
+     [Frans Heymans <fheymans@isaserver.be>]
+
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody@replay.com>]
+
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody@replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
+  *) Fix the various library and apps files to free up pkeys obtained from
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
+  *) Fix reference counting in X509_PUBKEY_get(). This makes
+     demos/maurice/example2.c work, amongst others, probably.
+     [Steve Henson and Ben Laurie]
+
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
+  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+     [Steve Henson]
+
+  *) Make the top-level INSTALL documentation easier to understand.
+     [Paul Sutton]
+
+  *) Makefiles updated to exit if an error occurs in a sub-directory
+     make (including if user presses ^C) [Paul Sutton]
+
+  *) Make Montgomery context stuff explicit in RSA data structure.
+     [Ben Laurie]
+
+  *) Fix build order of pem and err to allow for generated pem.h.
+     [Ben Laurie]
+
+  *) Fix renumbering bug in X509_NAME_delete_entry().
+     [Ben Laurie]
+
+  *) Enhanced the err-ins.pl script so it makes the error library number 
+     global and can add a library name. This is needed for external ASN1 and
+     other error libraries.
+     [Steve Henson]
+
+  *) Fixed sk_insert which never worked properly.
+     [Steve Henson]
+
+  *) Fix ASN1 macros so they can handle indefinite length construted 
+     EXPLICIT tags. Some non standard certificates use these: they can now
+     be read in.
+     [Steve Henson]
+
+  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+     into a single doc/ssleay.txt bundle. This way the information is still
+     preserved but no longer messes up this directory. Now it's new room for
+     the new set of documenation files.
+     [Ralf S. Engelschall]
+
+  *) SETs were incorrectly DER encoded. This was a major pain, because they
+     shared code with SEQUENCEs, which aren't coded the same. This means that
+     almost everything to do with SETs or SEQUENCEs has either changed name or
+     number of arguments.
+     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
+
+  *) Fix test data to work with the above.
+     [Ben Laurie]
+
+  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+     was already fixed by Eric for 0.9.1 it seems.
+     [Ben Laurie - pointed out by Ulf M<>ller <ulf@fitug.de>]
+
+  *) Autodetect FreeBSD3.
+     [Ben Laurie]
+
+  *) Fix various bugs in Configure. This affects the following platforms:
+     nextstep
+     ncr-scde
+     unixware-2.0
+     unixware-2.0-pentium
+     sco5-cc.
+     [Ben Laurie]
+
+  *) Eliminate generated files from CVS. Reorder tests to regenerate files
+     before they are needed.
+     [Ben Laurie]
+
+  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+     [Ben Laurie]
+
+ Changes between 0.9.1b and 0.9.1c
+
+  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
+     changed SSLeay to OpenSSL in version strings.
+     [Ralf S. Engelschall]
+  
+  *) Some fixups to the top-level documents.
+     [Paul Sutton]
+
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
+  *) Updated the README file.
+     [Ralf S. Engelschall]
+
+  *) Added various .cvsignore files in the CVS repository subdirs
+     to make a "cvs update" really silent.
+     [Ralf S. Engelschall]
+
+  *) Recompiled the error-definition header files and added
+     missing symbols to the Win32 linker tables.
+     [Ralf S. Engelschall]
+
+  *) Cleaned up the top-level documents;
+     o new files: CHANGES and LICENSE
+     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
+     o merged COPYRIGHT into LICENSE
+     o removed obsolete TODO file
+     o renamed MICROSOFT to INSTALL.W32
+     [Ralf S. Engelschall]
+
+  *) Removed dummy files from the 0.9.1b source tree: 
+     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+     [Ralf S. Engelschall]
+
+  *) Added various platform portability fixes.
+     [Mark J. Cox]
+
+  *) The Genesis of the OpenSSL rpject:
+     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+     Young and Tim J. Hudson created while they were working for C2Net until
+     summer 1998.
+     [The OpenSSL Project]
+ 
+ Changes between 0.9.0b and 0.9.1b
+
+  *) Updated a few CA certificates under certs/
+     [Eric A. Young]
+
+  *) Changed some BIGNUM api stuff.
+     [Eric A. Young]
+
+  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
+     DGUX x86, Linux Alpha, etc.
+     [Eric A. Young]
+
+  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
+     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+     available).
+     [Eric A. Young]
+
+  *) Add -strparse option to asn1pars program which parses nested 
+     binary structures 
+     [Dr Stephen Henson <shenson@bigfoot.com>]
+
+  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+     [Eric A. Young]
+
+  *) DSA fix for "ca" program.
+     [Eric A. Young]
+
+  *) Added "-genkey" option to "dsaparam" program.
+     [Eric A. Young]
+
+  *) Added RIPE MD160 (rmd160) message digest.
+     [Eric A. Young]
+
+  *) Added -a (all) option to "ssleay version" command.
+     [Eric A. Young]
+
+  *) Added PLATFORM define which is the id given to Configure.
+     [Eric A. Young]
+
+  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+     [Eric A. Young]
+
+  *) Extended the ASN.1 parser routines.
+     [Eric A. Young]
+
+  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+     [Eric A. Young]
+
+  *) Added a BN_CTX to the BN library.
+     [Eric A. Young]
+
+  *) Fixed the weak key values in DES library
+     [Eric A. Young]
+
+  *) Changed API in EVP library for cipher aliases.
+     [Eric A. Young]
+
+  *) Added support for RC2/64bit cipher.
+     [Eric A. Young]
+
+  *) Converted the lhash library to the crypto/mem.c functions.
+     [Eric A. Young]
+
+  *) Added more recognized ASN.1 object ids.
+     [Eric A. Young]
+
+  *) Added more RSA padding checks for SSL/TLS.
+     [Eric A. Young]
+
+  *) Added BIO proxy/filter functionality.
+     [Eric A. Young]
+
+  *) Added extra_certs to SSL_CTX which can be used
+     send extra CA certificates to the client in the CA cert chain sending
+     process. It can be configured with SSL_CTX_add_extra_chain_cert().
+     [Eric A. Young]
+
+  *) Now Fortezza is denied in the authentication phase because
+     this is key exchange mechanism is not supported by SSLeay at all.
+     [Eric A. Young]
+
+  *) Additional PKCS1 checks.
+     [Eric A. Young]
+
+  *) Support the string "TLSv1" for all TLS v1 ciphers.
+     [Eric A. Young]
+
+  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+     [Eric A. Young]
+
+  *) Fixed a few memory leaks.
+     [Eric A. Young]
+
+  *) Fixed various code and comment typos.
+     [Eric A. Young]
+
+  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
+     bytes sent in the client random.
+     [Edward Bishop <ebishop@spyglass.com>]
+

CHANGES.SSLeay

@@ -1,4 +1,529 @@
-SSLeay 0.6.5
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+  SSLeay CHANGES
+  ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline.  Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+    - Lots and lots of changes
+
+29-Jan-98
+    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+      Goetz Babin-Ebell <babinebell@trustcenter.de>.
+    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+      TLS1_VERSION.
+
+7-Jan-98
+    - Finally reworked the cipher string to ciphers again, so it
+      works correctly
+    - All the app_data stuff is now ex_data with funcion calls to access.
+      The index is supplied by a function and 'methods' can be setup
+      for the types that are called on XXX_new/XXX_free.  This lets
+      applications get notified on creation and destruction.  Some of
+      the RSA methods could be implemented this way and I may do so.
+    - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+    - Warning - the gethostbyname cache is not fully thread safe,
+      but it should work well enough.
+    - Major internal reworking of the app_data stuff.  More functions
+      but if you were accessing ->app_data directly, things will
+      stop working.
+    - The perlv5 stuff is working.  Currently on message digests,
+      ciphers and the bignum library.
+
+9-Dec-97
+    - Modified re-negotiation so that server initated re-neg
+      will cause a SSL_read() to return -1 should retry.
+      The danger otherwise was that the server and the
+      client could end up both trying to read when using non-blocking
+      sockets.
+
+4-Dec-97
+    - Lots of small changes
+    - Fix for binaray mode in Windows for the FILE BIO, thanks to
+      Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+    - Quite a few internal cleanups, (removal of errno, and using macros
+      defined in e_os.h).
+    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+      the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+      for x86.
+
+21-Oct-97
+    - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+      has also been improved.  At this point in time, on the pentium,
+      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+      is %62 faster.
+
+12-Oct-97
+    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+      way to set the length value correctly.
+
+10-Oct-97
+    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+      This breaks things again :-(.  This is efficent since I cache
+      the DER encoding of the RDN.
+    - The text DN now puts in the numeric OID instead of UNKNOWN.
+    - req can now process arbitary OIDs in the config file.
+    - I've been implementing md5 in x86 asm, much faster :-).
+    - Started sha1 in x86 asm, needs more work.
+    - Quite a few speedups in the BN stuff.  RSA public operation
+      has been made faster by caching the BN_MONT_CTX structure.
+      The calulating of the Ai where A*Ai === 1 mod m was rather
+      expensive.  Basically a 40-50% speedup on public operations.
+      The RSA speedup is now 15% on pentiums and %20 on pentium
+      pro.
+
+30-Sep-97
+    - After doing some profiling, I added x86 adm for bn_add_words(),
+      which just adds 2 arrays of longs together.  A %10 speedup
+      for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+    - Converted the x86 bignum assembler to us the perl scripts
+      for generation.
+
+23-Sep-97
+    - If SSL_set_session() is passed a NULL session, it now clears the
+      current session-id.
+
+22-Sep-97
+    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+      certificates.
+    - Bug in crypto/evp/encode.c where by decoding of 65 base64
+      encoded lines, one line at a time (via a memory BIO) would report
+      EOF after the first line was decoded.
+    - Fix in X509_find_by_issuer_and_serial() from
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+    - NO_FP_API and NO_STDIO added.
+    - Put in sh config command.  It auto runs Configure with the correct
+      parameters.
+
+18-Sep-97
+    - Fix x509.c so if a DSA cert has different parameters to its parent,
+      they are left in place.  Not tested yet.
+
+16-Sep-97
+    - ssl_create_cipher_list() had some bugs, fixes from
+      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+    - Fixed a bug in the Base64 BIO, where it would return 1 instead
+      of -1 when end of input was encountered but should retry.
+      Basically a Base64/Memory BIO interaction problem.
+    - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+      by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+    - Ugly bug in ssl3_write_bytes().  Basically if application land
+      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+      did not check the size and tried to copy the entire buffer.
+      This would tend to cause memory overwrites since SSLv3 has
+      a maximum packet size of 16k.  If your program uses
+      buffers <= 16k, you would probably never see this problem.
+    - Fixed a new errors that were cause by malloc() not returning
+      0 initialised memory..
+    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+      since this flags stops SSLeay being able to handle client
+      cert requests correctly.
+
+08-Sep-97
+    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+      on, the SSL server routines will not use a SSL_SESSION that is
+      held in it's cache.  This in intended to be used with the session-id
+      callbacks so that while the session-ids are still stored in the
+      cache, the decision to use them and how to look them up can be
+      done by the callbacks.  The are the 'new', 'get' and 'remove'
+      callbacks.  This can be used to determine the session-id
+      to use depending on information like which port/host the connection
+      is coming from.  Since the are also SSL_SESSION_set_app_data() and
+      SSL_SESSION_get_app_data() functions, the application can hold
+      information against the session-id as well.
+
+03-Sep-97
+    - Added lookup of CRLs to the by_dir method,
+      X509_load_crl_file() also added.  Basically it means you can
+      lookup CRLs via the same system used to lookup certificates.
+    - Changed things so that the X509_NAME structure can contain
+      ASN.1 BIT_STRINGS which is required for the unique
+      identifier OID.
+    - Fixed some problems with the auto flushing of the session-id
+      cache.  It was not occuring on the server side.
+
+02-Sep-97
+    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+      which is the maximum number of entries allowed in the
+      session-id cache.  This is enforced with a simple FIFO list.
+      The default size is 20*1024 entries which is rather large :-).
+      The Timeout code is still always operating.
+
+01-Sep-97
+    - Added an argument to all the 'generate private key/prime`
+      callbacks.  It is the last parameter so this should not
+      break existing code but it is needed for C++.
+    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+      BIO.  This lets the BIO read and write base64 encoded data
+      without inserting or looking for '\n' characters.  The '-A'
+      flag turns this on when using apps/enc.c.
+    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
+      very dangerous thing to use, since RSA private key
+      operations without random padding bytes (as PKCS#1 adds) can
+      be attacked such that the private key can be revealed.
+    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)    
+    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+    - RSA_flags() added allowing bypass of pub/priv match check
+      in ssl/ssl_rsa.c - Tim Hudson.
+    - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+    - Server side initated dynamic renegotiation is broken.  I will fix
+      it when I get back from holidays.
+
+15-Jul-97
+    - Quite a few small changes.
+    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+    - Added 2 new values to the SSL info callback.
+      SSL_CB_START which is passed when the SSL protocol is started
+      and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+      that related to DSA public/private keys.
+    - Added all the relevent PEM and normal IO functions to support
+      reading and writing RSAPublic keys.
+    - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+    - Error in ERR_remove_state() that would leave a dangling reference
+      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+    - s_client now prints the X509_NAMEs passed from the server
+      when requesting a client cert.
+    - Added a ssl->type, which is one of SSL_ST_CONNECT or
+      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+      a connect or an accept after the handshake had finished.
+    - SSL_get_client_CA_list(SSL *s) now returns the CA names
+      passed by the server if called by a client side SSL.
+
+05-Jul-97
+    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+    - Fixed some things in X509_NAME_add_entry(), thanks to
+      Matthew Donald <matthew@world.net>.
+    - I had a look at the cipher section and though that it was a
+      bit confused, so I've changed it.
+    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
+      a MS special that appears in exported MS Money.
+    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+      spec.  I was missing the two byte length header for the
+      ClientDiffieHellmanPublic value.  This is a packet sent from
+      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+      option will enable SSLeay server side SSLv3 accept either
+      the correct or my 080 packet format.
+    - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+    - Alias mapping for EVP_get_(digest|cipher)byname is now
+      performed before a lookup for actual cipher.  This means
+      that an alias can be used to 're-direct' a cipher or a
+      digest.
+    - ASN1_read_bio() had a bug that only showed up when using a
+      memory BIO.  When EOF is reached in the memory BIO, it is
+      reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+    - Fixed an error in X509_verify_cert() caused by my
+      miss-understanding how 'do { contine } while(0);' works.
+      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+    - Base64 decoding error.  If the last data line did not end with
+      a '=', sometimes extra data would be returned.
+    - Another 'cut and paste' bug in x509.c related to setting up the
+      STDout BIO.
+
+27-Jun-97
+    - apps/ciphers.c was not printing due to an editing error.
+    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+      a library build error in util/mk1mf.pl
+
+26-Jun-97
+    - Still did not have the auto 'experimental' code removal
+      script correct.
+    - A few header tweaks for Watcom 11.0 under Win32 from
+      Rolf Lindemann <Lindemann@maz-hh.de>
+    - 0 length OCTET_STRING bug in asn1_parse
+    - A minor fix with an non-existent function in the MS .def files.
+    - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+    SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+    use a temporary RSA key.  This is experimental and needs some more work.
+    Fixed a few Win16 build problems.
+
+23-Jun-97
+    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+    correctly. I was taking the SSL->ctx->default_cert when I should
+    have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+    rest of the library. Even though I had the code required to do
+    it correctly, apps/req.c was doing the wrong thing.  I have fixed
+    and tested everything.
+
+    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+    Fixed a bug in the SSLv2 server side first packet handling. When
+    using the non-blocking test BIO, the ssl->s2->first_packet flag
+    was being reset when a would-block failure occurred when reading
+    the first 5 bytes of the first packet. This caused the checking
+    logic to run at the wrong time and cause an error.
+
+    Fixed a problem with specifying cipher. If RC4-MD5 were used,
+    only the SSLv3 version would be picked up.  Now this will pick
+    up both SSLv2 and SSLv3 versions. This required changing the
+    SSL_CIPHER->mask values so that they only mask the ciphers,
+    digests, authentication, export type and key-exchange algorithms.
+
+    I found that when a SSLv23 session is established, a reused
+    session, of type SSLv3 was attempting to write the SSLv2 
+    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+    method has been modified so it will only write out cipher which
+    that method knows about.  
+
+
+ Changes between 0.8.0 and 0.8.1
+
+  *) Mostly bug fixes. 
+     There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+        from simply using the interface in an opaque manner)
+
+#include "bio.h"    - required along with "buffer.h" if you write
+              your own BIO routines as the buffer and bio
+              stuff that was intermixed has been separated
+              out 
+            
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()   - requires an extra method parameter
+              SSL_CTX_new(SSLv23_method()) 
+              SSL_CTX_new(SSLv2_method()) 
+              SSL_CTX_new(SSLv3_method()) 
+
+          OR to only have the server or the client code
+              SSL_CTX_new(SSLv23_server_method()) 
+              SSL_CTX_new(SSLv2_server_method()) 
+              SSL_CTX_new(SSLv3_server_method()) 
+          or  
+              SSL_CTX_new(SSLv23_client_method()) 
+              SSL_CTX_new(SSLv2_client_method()) 
+              SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
+               or provide a buffer and size to copy the
+               result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+          notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_clear_retry_flags(b)
+
+    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+  
+  *) There have been lots of changes, mostly the addition of SSLv3.
+     There have been many additions from people and amongst
+     others, C2Net has assisted greatly.
+ 
+ Changes between 0.7.x and 0.7.x
+
+  *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
 
 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
@@ -57,7 +582,7 @@ The main changes in this release
 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
 - RC2 key setup is now compatable with Netscape.
 - Modifed server side of SSL implementation, big performance difference when
-	  using session-id reuse.
+      using session-id reuse.
 
 0.6.3
 
@@ -186,16 +711,16 @@ The wrappers are easy to write
 
 function_fp(fp,x)
 FILE *fp;
-	{
-	BIO *b;
-	int ret;
+    {
+    BIO *b;
+    int ret;
 
-	if ((b=BIO_new(BIO_s_file())) == NULL) error.....
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=function_bio(b,x);
-	BIO_free(b);
-	return(ret);
-	}
+    if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+    BIO_set_fp(b,fp,BIO_NOCLOSE);
+    ret=function_bio(b,x);
+    BIO_free(b);
+    return(ret);
+    }
 Remember, there are no functions that take FILE * in SSLeay when
 compiled for Windows 3.1 DLL's.
 
@@ -236,8 +761,8 @@ The list of things to read and do
 
 dgst -d
 s_client -state (this uses a callback placed in the SSL state loop and
-		will be used else-where to help debug/monitor what
-		is happening.)
+        will be used else-where to help debug/monitor what
+        is happening.)
 
 doc/why.doc
 doc/bio.doc <- hmmm, needs lots of work.

COPYRIGHT

@@ -1,64 +0,0 @@
-Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with Netscapes SSL.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution, be it the RC4, RSA,
-lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-included with this distribution is covered by the same copyright terms
-except that the holder is Tim Hudson (tjh@cryptsoft.com).
-
-Please note that MD2, MD5 and IDEA are publically available standards
-that contain sample implementations, I have re-coded them in my own
-way but there is nothing special about those implementations.  The DES
-library is another mater :-).
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of the parts of the library used.
-This can be in the form of a textual message at program startup or
-in documentation (online or textual) provided with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   "This product includes cryptographic software written by
-    Eric Young (eay@cryptsoft.com)"
-   The word 'cryptographic' can be left out if the rouines from the library
-   being used are not cryptographic related :-).
-4. If you include any Windows specific code (or a derivative thereof) from 
-   the apps directory (application code) you must include an acknowledgement:
-   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The licence and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distribution licence
-[including the GNU Public Licence.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.

Configure

@@ -1,4 +1,13 @@
-#!/usr/local/bin/perl
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+    if $running_under_some_shell;
+##
+##  Configure -- OpenSSL source tree configuration script
+##
+
+require 5.000;
+use strict;
+
 #
 # see PROBLEMS for instructions on what sort of things to do when 
 # tracking a bug --tjh
@@ -21,41 +30,50 @@
 #		This is used on the DEC Alpha where long is 8 bytes
 #		and int is 4
 # BN_LLONG	use the type 'long long' in crypto/bn/bn.h
-# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md/md2.h
-# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md/md2.h
+# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
 # IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
 # IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
 # RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
 # RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
 # RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_enc.c.  This turns on
+# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
 #		array lookups instead of pointer use.
 # BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
 # BF_PTR2	use a pentium/intel specific version.
+# MD5_ASM	use some extra md5 assember,
+# SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM	use some extra ripemd160 assember,
 
-$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
 # MD2_CHAR slags pentium pros
-$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
+my $x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
 
 # MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
 # Don't worry about these normally
 
-$tcc="cc";
-$tflags="-fast -Xa";
-$tbn_mul="";
-$tlib="-lnsl -lsocket";
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
 #$bits1="SIXTEEN_BIT ";
 #$bits2="THIRTY_TWO_BIT ";
-$bits1="THIRTY_TWO_BIT ";
-$bits2="SIXTY_FOUR_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
 
-# -DB_ENDIAN slows things down on a sparc
+my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+
+# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
 #config-string	CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
 # des_asm:bf_asm
-%table=(
+my %table=(
 #"b",		"$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
 #"bl-4c-2c",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
 #"bl-4c-ri",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
@@ -63,18 +81,19 @@ $bits2="SIXTY_FOUR_BIT ";
 
 # A few of my development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
-"debug",	"gcc:-DREF_CHECK -DCRYPTO_MDEBUG -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -O2 -Wall -Wshadow -Werror -pipe:::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "dist",		"cc:-O -DNOPROTO::::",
 
 # Basic configs that should work on any box
 "gcc",		"gcc:-O3::BN_LLONG:::",
 "cc",		"cc:-O -DNOPROTO -DNOCONST:::::",
 
+
 # My solaris setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:\
-	-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-sol.o:asm/dx86-sol.o asm/cx86-sol.o:asm/bx86-sol.o",
-"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall:\
-	-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
 # DO NOT use /xO[34] on sparc with SC3.0. 
 # It is broken, and will not pass the tests
 "solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
@@ -86,6 +105,8 @@ $bits2="SIXTY_FOUR_BIT ";
 "solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
 	-lsocket -lnsl:\
 	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
+"solaris-sparc-sc4-pic","cc:-xO5 -Xa -DB_ENDIAN -KPIC:-lsocket -lnsl:\
+	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
 
 # Sunos configs, assuming sparc for the gcc one.
 "sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
@@ -94,10 +115,16 @@ $bits2="SIXTY_FOUR_BIT ";
 # SGI configurations.  If the box is rather old (r3000 cpu), you will
 # probably have to remove the '-mips2' flag.  I've only been using
 # IRIX 5.[23].
-#"irix-gcc","gcc:-O2 -mips2::BN_LLONG RC4_INDEX RC4_CHAR:::",
-"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
-"irix-cc", "cc:-O2 -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/r3000.o::",
+# I've recently done 32 and 64 bit mips assember, it make this RSA
+# 3 times faster, use if at all possible.
+#"irix-gcc","gcc:-O2 -mips2::SIXTY_FOUR_BIT BN_LLONG RC4_INDEX RC4_CHAR:::",
+"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:asm/mips1.o::",
+"irix64-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/mips1.o::",
+"irix64-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
 "debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
+# This is the n64 mode build.
+"irix-n64-cc", "cc:-64 -O2 -use_readonly_const -DTERMIOS::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:asm/mips3_64.o::",
 
 # HPUX config.  I've been building on HPUX 9, so the options may be
 # different on version 10.  The pa-risc2.o assember file is 2 times
@@ -108,50 +135,82 @@ $bits2="SIXTY_FOUR_BIT ";
 "hpux-cc",	"cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
 "hpux-kr-cc",	"cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
 "hpux-gcc",	"gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HPUX from www.globus.org
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 
-# Dec Alpha, OSF/1 - the alpha400-cc is the flags for a 21164A with
+# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
-"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
-"alpha-cc", "cc:-O2::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
-"alpha400-cc", "cc:-arch host -tune host -fast -std -O4 -inline speed::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
+"alpha-cc", "cc:-tune host -O4 -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+"alpha164-cc", "cc:-tune host -fast -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
-# x86-lnx.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o",
-"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o",
-"FreeBSD",   "gcc:-DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnxa.o:asm/dx86-out.o asm/cx86-out.o:asm/bx86-out.o",
-#"bsdi-gcc",	"shlicc2:-O3 -ffast-math-m486::RSA_LLONG $x86_gcc_des $x86_gcc_opts:::",
-#"bsdi-gcc",     "gcc:-O3 -ffast-math -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:asm/x86-bsdi.o:asm/dx86bsdi.o asm/cx86bsdi.o:asm/bx86bsdi.o",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:::",
-"nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
+# bn86-elf.o file file since it is hand tweaked assembler.
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-mips",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+-Wuninitialized:::BN_LLONG:",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+#"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
+"nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
 
 # UnixWare 2.0
-"unixware-2.0","cc:-O:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
-"unixware-2.0-pentium","cc:-O -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
+"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
 
+#
+# Cray T90 (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined.  The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede@SDSC.EDU>)
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:asm/x86-lnx.o:asm/dx86-elf.o asm/cx86-elf.o:asm/bx86-elf.o",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 
-# SCO 5
-"sco5-cc",  "cc:-O:-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options?
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+# SCO cc.
+"sco5-cc",  "cc::-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
 
 # Sinix RM400
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
 
 # Windows NT, Microsoft Visual C++ 4.0
 
-# hmm... bug in perl under NT, I need to concatinate :-(
-"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
-"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
+"VC-NT","cl:::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN32","cl:::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
 "VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
 "VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 "VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
@@ -160,22 +219,59 @@ $bits2="SIXTY_FOUR_BIT ";
 # Borland C++ 4.5
 "BC-32","bcc32:::DES_PTR RC4_INDEX:::",
 "BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+
+# CygWin32
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+
+# Our old Ultrix box :-). -O2 breaks some of the bignum stuff (now fixed,
+# it is a compiler bug, look in bug/ultrixcc.c for example code.
+"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:::asm/mips1.o:::",
+
+# Some OpenBSD from Bob Beck <beck@obtuse.com>
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 );
 
-$postfix="org";
-$Makefile="Makefile.ssl";
-$des_locl="crypto/des/des_locl.h";
-$des	="crypto/des/des.h";
-$bn	="crypto/bn/bn.h";
-$md2	="crypto/md/md2.h";
-$rc4	="crypto/rc4/rc4.h";
-$rc4_enc="crypto/rc4/rc4_enc.c";
-$idea	="crypto/idea/idea.h";
-$rc2	="crypto/rc2/rc2.h";
-$bf	="crypto/bf/bf_locl.h";
-$bn_mulw="bn_mulw.o";
-$des_enc="des_enc.o fcrypt_b.o";
-$bf_enc	="bf_enc.o";
+# Miscellaneous hacks: this is designed to allow environments where the "one
+# makefile" option does not auto build all files.
+# The first six fields are the hard coded versions of the stuff generated by
+# ctx_size for pem.h: that is EVP_ENCODE_CTX_SIZE, EVP_MD_SIZE EVP_MD_CTX_SIZE,
+# EVP_CIPHER_SIZE, EVP_CIPHER_CTX_SIZE and EVP_MAX_MD_SIZE respectively.
+# If the seventh field is 1 then auto generate
+# crypto/date.h
+# Need to add Win16 and others here.
+
+my %misc_table = (
+"VC-WIN32", 	"96:60:152:40:4212:20:1",
+"VC-NT", 	"96:60:152:40:4212:20:1"
+);
+
+my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+	BC-16 CygWin32);
+
+my $no_asm=0;
+my $postfix="org";
+my $Makefile="Makefile.ssl";
+my $des_locl="crypto/des/des_locl.h";
+my $des	="crypto/des/des.h";
+my $bn	="crypto/bn/bn.h";
+my $md2	="crypto/md2/md2.h";
+my $rc4	="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea	="crypto/idea/idea.h";
+my $rc2	="crypto/rc2/rc2.h";
+my $bf	="crypto/bf/bf_locl.h";
+my $bn_asm	="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $bf_enc	="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
 
 if ($#ARGV < 0)
 	{
@@ -183,10 +279,14 @@ if ($#ARGV < 0)
 	exit(1);
 	}
 
-$flags="";
+my $flags="";
+my $libs="";
+my $target="";
 foreach (@ARGV)
 	{
-	if ($_ =~ /^-/)
+	if ($_ =~ /^no-asm$/)
+		{ $no_asm=1; }
+	elsif ($_ =~ /^-/)
 		{
 		if ($_ =~ /^-[lL](.*)$/)
 			{
@@ -196,11 +296,19 @@ foreach (@ARGV)
 			{
 			$flags.=$_." ";
 			}
+		elsif ($_ =~ /^-[fK](.*)$/)
+			{
+			$flags.=$_." ";
+			}
 		else
 			{
-			die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n";
+			die "unknown options, only -Dxxx, -Lxxx, -lxxx, -fxxx and -Kxxx are supported\n";
 			}
 		}
+	elsif ($_ =~ /^([^:]+):(.+)$/) {
+		eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+		$target=$1;
+	}
 	else
 		{
 		die "target already defined - $target\n" if ($target ne "");
@@ -219,54 +327,102 @@ if (!defined($table{$target}))
 	exit(1);
 	}
 
-($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj)=
-	split(/\s*:\s*/,$table{$target});
+my $IsWindows=scalar grep /^$target$/,@WinTargets;
+
+print "IsWindows=$IsWindows\n";
+
+(my $cc,my $cflags,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 $lflags="$libs$lflags"if ($libs ne "");
 
-$bn_obj=$bn_mulw unless ($bn_obj =~ /\.o$/);
-$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
-$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
+if ($no_asm)
+	{
+	$bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+	$sha1_obj=$md5_obj=$rmd160_obj="";
+	}
 
-$n=&file_new($Makefile);
-open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n";
-open(OUT,">".$n) || die "unable to read $n:$!\n";
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
+
+$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+	{
+#	$sha1_obj=$sha1_enc;
+	$cflags.=" -DSHA1_ASM";
+	}
+if ($md5_obj =~ /\.o$/)
+	{
+#	$md5_obj=$md5_enc;
+	$cflags.=" -DMD5_ASM";
+	}
+if ($rmd160_obj =~ /\.o$/)
+	{
+#	$rmd160_obj=$rmd160_enc;
+	$cflags.=" -DRMD160_ASM";
+	}
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
 while (<IN>)
 	{
 	chop;
+	s/^PLATFORM=.*$/PLATFORM=$target/;
 	s/^CC=.*$/CC= $cc/;
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
-	s/^BN_MULW=.*$/BN_MULW= $bn_obj/;
+	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	print OUT $_."\n";
 	}
 close(IN);
 close(OUT);
-&Rename($Makefile,&file_old($Makefile));
-&Rename($n,$Makefile);
-print "CC     =$cc\n";
-print "CFLAG  =$cflags\n";
-print "EX_LIBS=$lflags\n";
-print "BN_MULW=$bn_obj\n";
-print "DES_ENC=$des_obj\n";
-print "BF_ENC =$bf_obj\n";
 
-$des_ptr=0;
-$des_risc1=0;
-$des_risc2=0;
-$des_unroll=0;
-$bn_ll=0;
-$def_int=2;
-$rc4_int=$def_int;
-$md2_int=$def_int;
-$idea_int=$def_int;
-$rc2_int=$def_int;
-$rc4_idx=0;
-$bf_ptr=0;
-@type=("char","short","int","long");
-($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+print "CC            =$cc\n";
+print "CFLAG         =$cflags\n";
+print "EX_LIBS       =$lflags\n";
+print "BN_ASM        =$bn_obj\n";
+print "DES_ENC       =$des_obj\n";
+print "BF_ENC        =$bf_obj\n";
+print "CAST_ENC      =$cast_obj\n";
+print "RC4_ENC       =$rc4_obj\n";
+print "RC5_ENC       =$rc5_obj\n";
+print "MD5_OBJ_ASM   =$md5_obj\n";
+print "SHA1_OBJ_ASM  =$sha1_obj\n";
+print "RMD160_OBJ_ASM=$rmd160_obj\n";
+
+my $des_ptr=0;
+my $des_risc1=0;
+my $des_risc2=0;
+my $des_unroll=0;
+my $bn_ll=0;
+my $def_int=2;
+my $rc4_int=$def_int;
+my $md2_int=$def_int;
+my $idea_int=$def_int;
+my $rc2_int=$def_int;
+my $rc4_idx=0;
+my $bf_ptr=0;
+my @type=("char","short","int","long");
+my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+
+my $des_int;
 
 foreach (sort split(/\s+/,$bn_ops))
 	{
@@ -287,15 +443,15 @@ foreach (sort split(/\s+/,$bn_ops))
 	$rc2_int=3 if /RC2_LONG/;
 	$bf_ptr=1 if $_ eq "BF_PTR";
 	$bf_ptr=2 if $_ eq "BF_PTR2";
-	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
+	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
 	}
 
-(($in=$bn) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($bn);
+((my $in=$bn) =~ s/\.([^.]+)/.$postfix/);
+my $n=&file_new($bn);
 open(IN,"<".$in) || die "unable to read $bn:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
@@ -375,9 +531,9 @@ close(OUT);
 &Rename($rc4,&file_old($rc4));
 &Rename($n,$rc4);
 
-(($in=$rc4_enc) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4_enc);
-open(IN,"<".$in) || die "unable to read $rc4_enc:$!\n";
+(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
+$n=&file_new($rc4_locl);
+open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
@@ -388,8 +544,8 @@ while (<IN>)
 	}
 close(IN);
 close(OUT);
-&Rename($rc4_enc,&file_old($rc4_enc));
-&Rename($n,$rc4_enc);
+&Rename($rc4_locl,&file_old($rc4_locl));
+&Rename($n,$rc4_locl);
 
 (($in=$md2) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($md2);
@@ -459,6 +615,50 @@ close(OUT);
 &Rename($bf,&file_old($bf));
 &Rename($n,$bf);
 
+# Now the miscellaneous fixups
+
+if(defined $misc_table{$target}) {
+	my ($enc_ctx, $md_size, $md_ctx_size, $cipher_size, $cipher_ctx_size,
+		$max_md_size, $date_fix) = 
+		split(/\s*:\s*/,$misc_table{$target} . ":", -1);
+
+#print "EVP_ENCODE_CTX_SIZE $enc_ctx\n";
+#print "EVP_MD_SIZE $md_size\n";
+#print "EVP_MD_CTX_SIZE $md_ctx_size\n";
+#print "EVP_CIPHER_SIZE $cipher_size\n";
+#print "EVP_CIPHER_CTX_SIZE $cipher_ctx_size\n";
+#print "EVP_MAX_MD_SIZE $max_md_size\n";
+#printf "Date fix: %s\n", $date_fix ? "Yes" : "No";
+
+# Fix the date
+
+if($date_fix) {
+	open (OUT,">crypto/date.h") || die "Can't open date.h";
+	printf OUT "#define DATE \"%s\"\n", scalar gmtime();
+	close(OUT);
+}
+
+open (IN, "crypto/pem/pem.org") || die "Can't open crypto/pem/pem.org";
+open (OUT, ">crypto/pem/pem.h") || die "Can't create crypto/pem/pem.h";
+
+# Now fix up pem.h
+while(<IN>) {
+	chop;
+	s/^(#define EVP_ENCODE_CTX_SIZE).*$/$1 $enc_ctx/;
+	s/^(#define EVP_MD_SIZE).*$/$1 $md_size/;
+	s/^(#define EVP_MD_CTX_SIZE).*$/$1 $md_ctx_size/;
+	s/^(#define EVP_CIPHER_SIZE).*$/$1 $cipher_size/;
+	s/^(#define EVP_CIPHER_CTX_SIZE).*$/$1 $cipher_ctx_size/;
+	s/^(#define EVP_MAX_MD_SIZE).*$/$1 $max_md_size/;
+	print OUT "$_\n";
+}
+
+close (IN);
+close (OUT);
+
+
+}
+
 print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
 print "SIXTY_FOUR_BIT mode\n" if $b64;
 print "THIRTY_TWO_BIT mode\n" if $b32;
@@ -477,16 +677,19 @@ print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
 print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
 print "BF_PTR used\n" if $bf_ptr == 1; 
 print "BF_PTR2 used\n" if $bf_ptr == 2; 
+
+system 'make -f Makefile.ssl links' if !$IsWindows;
+
 exit(0);
 
 sub bad_target
 	{
 	print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
 	print STDERR "pick os/compiler from:";
-	$j=0;
+	my $j=0;
+	my $i;
 	foreach $i (sort keys %table)
 		{
-		next if /^b-/;
 		print STDERR "\n" if ($j++ % 4) == 0;
 		printf(STDERR "%-18s ",$i);
 		}
@@ -495,11 +698,13 @@ sub bad_target
 
 sub Rename
 	{
-	local($from,$to)=@_;
-
+	my($from,$to)=@_;
 	unlink($to);
-	rename($from,$to) || die "unable to rename $from to $to:$!\n";
+	if(!rename($from,$to))
+	    {
+	     -e $from && die "unable to rename $from to $to:$!\n";
+	    }
 	}
 
-sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
-sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }
+sub file_new { my($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
+sub file_old { my($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }

HISTORY

@@ -1,126 +0,0 @@
-SSLeay 0.8.1 released.
-
-19-Jul-97
-	- Server side initated dynamic renegotiation is broken.  I will fix
-	  it when I get back from holidays.
-
-15-Jul-97
-	- Quite a few small changes.
-	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
-	- Added 2 new values to the SSL info callback.
-	  SSL_CB_START which is passed when the SSL protocol is started
-	  and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
-	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
-	  that related to DSA public/private keys.
-	- Added all the relevent PEM and normal IO functions to support
-	  reading and writing RSAPublic keys.
-	- Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
-	- Error in ERR_remove_state() that would leave a dangling reference
-	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
-	- s_client now prints the X509_NAMEs passed from the server
-	  when requesting a client cert.
-	- Added a ssl->type, which is one of SSL_ST_CONNECT or
-	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
-	  a connect or an accept after the handshake had finished.
-	- SSL_get_client_CA_list(SSL *s) now returns the CA names
-	  passed by the server if called by a client side SSL.
-
-05-Jul-97
-	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
-	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
-	- Fixed some things in X509_NAME_add_entry(), thanks to
-	  Matthew Donald <matthew@world.net>.
-	- I had a look at the cipher section and though that it was a
-	  bit confused, so I've changed it.
-	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
-	  a MS special that appears in exported MS Money.
-	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
-	  spec.  I was missing the two byte length header for the
-	  ClientDiffieHellmanPublic value.  This is a packet sent from
-	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-	  option will enable SSLeay server side SSLv3 accept either
-	  the correct or my 080 packet format.
-	- Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
-	- Alias mapping for EVP_get_(digest|cipher)byname is now
-	  performed before a lookup for actual cipher.  This means
-	  that an alias can be used to 're-direct' a cipher or a
-	  digest.
-	- ASN1_read_bio() had a bug that only showed up when using a
-	  memory BIO.  When EOF is reached in the memory BIO, it is
-	  reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
-	- Fixed an error in X509_verify_cert() caused by my
-	  miss-understanding how 'do { contine } while(0);' works.
-	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
-	- Base64 decoding error.  If the last data line did not end with
-	  a '=', sometimes extra data would be returned.
-	- Another 'cut and paste' bug in x509.c related to setting up the
-	  STDout BIO.
-
-27-Jun-97
-	- apps/ciphers.c was not printing due to an editing error.
-	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
-	  a library build error in util/mk1mf.pl
-
-26-Jun-97
-	- Still did not have the auto 'experimental' code removal
-	  script correct.
-	- A few header tweaks for Watcom 11.0 under Win32 from
-	  Rolf Lindemann <Lindemann@maz-hh.de>
-	- 0 length OCTET_STRING bug in asn1_parse
-	- A minor fix with an non-existent function in the MS .def files.
-	- A few changes to the PKCS7 stuff.
-
-25-Jun-97
-	SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
-	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
-	use a temporary RSA key.  This is experimental and needs some more work.
-	Fixed a few Win16 build problems.
-
-23-Jun-97
-	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
-	correctly. I was taking the SSL->ctx->default_cert when I should
-	have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
-	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
-	rest of the library. Even though I had the code required to do
-	it correctly, apps/req.c was doing the wrong thing.  I have fixed
-	and tested everything.
-
-	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
-	Fixed a bug in the SSLv2 server side first packet handling. When
-	using the non-blocking test BIO, the ssl->s2->first_packet flag
-	was being reset when a would-block failure occurred when reading
-	the first 5 bytes of the first packet. This caused the checking
-	logic to run at the wrong time and cause an error.
-
-	Fixed a problem with specifying cipher. If RC4-MD5 were used,
-	only the SSLv3 version would be picked up.  Now this will pick
-	up both SSLv2 and SSLv3 versions. This required changing the
-	SSL_CIPHER->mask values so that they only mask the ciphers,
-	digests, authentication, export type and key-exchange algorithms.
-
-	I found that when a SSLv23 session is established, a reused
-	session, of type SSLv3 was attempting to write the SSLv2 
-	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
-	method has been modified so it will only write out cipher which
-	that method knows about.  
-

INSTALL

@@ -1,6 +1,135 @@
-# Installation of SSLeay.
-# It depends on perl for a few bits but those steps can be skipped and
-# the top level makefile edited by hand
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].
+
+ To install OpenSSL, you will need:
+
+  * Perl
+  * C compiler
+  * A supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  $ ./config                  [if this fails, go to step 1b below]
+  $ make
+  $ make rehash
+  $ make test
+  $ make install
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ do this after running `sh config':
+
+  $ perl util/ssldir.pl /new/install/path
+
+ If anything goes wrong, follow the detailed instructions below. If your
+ operating system is not (yet) supported by OpenSSL, see the section on
+ porting to a new system.
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+       $ ./config
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Check the first line of output to
+     see if it guessed correctly. If it did not get it correct or you want to
+     use a different compiler then go to step 1b. Otherwise go to step 2.
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to ./Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf
+
+     If your system is not available, you will have to edit the Configure
+     program and add the correct configuration for your system.
+
+     Configure configures various files by converting an existing .org file
+     into the real file. If you edit any files, remember that if a
+     corresponding .org file exists them the next time you run ./Configure
+     your changes will be lost when the file gets re-created from the .org
+     file. The files that are created from .org files are:
+
+       Makefile.ssl
+       crypto/des/des.h
+       crypto/des/des_locl.h
+       crypto/md2/md2.h
+       crypto/rc4/rc4.h
+       crypto/rc4/rc4_enc.c
+       crypto/rc2/rc2.h
+       crypto/bf/bf_locl.h
+       crypto/idea/idea.h
+       crypto/bn/bn.h
+
+  2. Set the install directory
+
+     If the install directory will be the default of /usr/local/ssl, skip to
+     the next stage. Otherwise, run
+
+        $ perl util/ssldir.pl /new/install/path
+
+     This configures the installation location into the "install" target of
+     the top-level Makefile, and also updates some defines in an include file
+     so that the default certificate directory is under the proper
+     installation directory. It also updates a few utility files used in the
+     build process.
+
+  3. Build OpenSSL by running:
+
+       $ make
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+     OpenSSL binary ("openssl"). The libraries will be built in the top-level
+     directory, and the binary will be in the "apps" directory.
+
+  4. After a successful build, the libraries should be tested. Run:
+
+       $ make rehash
+       $ make test
+
+     (The first line makes the test certificates in the "certs" directory
+     accessable via an hash name, which is required for some of the tests).
+
+  5. If everything tests ok, install OpenSSL with
+
+       $ make install
+
+     This will create the installation directory (if it does not exist) and
+     then create the following subdirectories:
+
+       bin            Contains the openssl binary and a few other 
+                      utility programs. 
+       include        Contains the header files needed if you want to
+                      compile programs with libcrypto or libssl.
+       lib            Contains the library files themselves and the
+                      OpenSSL configuration file "openssl.cnf".
+       certs          Initially empty, this is the default location
+                      for certificate files.
+       private        Initially empty, this is the default location
+                      for private key files.
+
+
+--------------------------------------------------------------------------------
+The orignal Unix build instructions from SSLeay follow. 
+Note: some of this may be out of date and no longer applicable
+--------------------------------------------------------------------------------
 
 # When bringing the SSLeay distribution back from the evil intel world
 # of Windows NT, do the following to make it nice again under unix :-)
@@ -38,7 +167,7 @@ make -f Makefile.ssl links
 Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
 crypto/des/des.h	DES_LONG
 crypto/des/des_locl.h	DES_PTR
-crypto/md/md2.h		MD2_INT
+crypto/md2/md2.h	MD2_INT
 crypto/rc4/rc4.h	RC4_INT
 crypto/rc4/rc4_enc.c	RC4_INDEX
 crypto/rc2/rc2.h	RC2_INT
@@ -126,3 +255,8 @@ The examples for solaris and windows NT/95 are in the mt directory.
 have fun
 
 eric 25-Jun-1997
+
+IRIX 5.x will build as a 32 bit system with mips1 assember.
+IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
+to n32 standards. In theory you can compile the 64 bit assember under
+IRIX 5.x but you will have to have the correct system software installed.

INSTALL.W32

@@ -1,3 +1,106 @@
+ 
+ INSTALLATION ON THE WIN32 PLATFORM
+ ----------------------------------
+
+ Heres a few comments about building OpenSSL in Windows environments. Most of
+ this is tested on Win32 but it may also work in Win 3.1 with some
+ modification.  See the end of this file for Eric's original comments.
+
+ Note: the default Win32 environment is to leave out any Windows NT specific
+ features: (currently only BIO_s_log()) if you want NT specific features see
+ the "Tweaks" section later.
+
+ You will need perl for Win32 (which can be got from various sources) and
+ Visual C++. 
+
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Firstly you should run Configure:
+
+ > perl Configure VC-WIN32
+
+ Then rebuild the Win32 Makefiles and friends:
+
+ > ms\do_ms
+
+ If you get errors about things not having numbers assigned then check the
+ troubleshooting section: you probably wont be able to compile it as it
+ stands.
+
+ Then from the VC++ environment at a prompt do:
+
+ > nmake -f ms\ntdll.mak
+
+ If all is well it should compile and you will have some DLLs and executables
+ in out32dll. If you want to try the tests then do:
+ 
+ > cd out32dll
+ > ..\ms\test
+
+ Troubleshooting
+ ---------------
+
+ Since the Win32 build is only occasionally tested it may not always compile
+ cleanly.  If you get an error about functions not having numbers assigned
+ when you run ms\do_ms then this means the Win32 ordinal files are not up to
+ date. You can do:
+
+ > perl util\mkdef.pl crypto ssl update
+
+ then ms\do_ms should not give a warning any more. However the numbers that
+ get assigned by this technique may not match those that eventually get
+ assigned in the CVS tree: so anything linked against this version of the
+ library may need to be recompiled.
+
+ If you get errors about unresolved externals then this means that either you
+ didn't read the note above about functions not having numbers assigned or
+ someone forgot to add a function to the header file.
+
+ In this latter case check out the header file to see if the function is
+ defined in the header file: it should be defined twice: once with ANSI
+ prototypes and once without. If its missing from the non ASNI section then
+ add an entry for it: check that ms\do_ms now reports missing numbers and
+ update the numbers as above.
+
+ If you get warnings in the code then the compilation will halt.
+
+ The default Makefile for Win32 halts whenever any warnings occur. Since VC++
+ has its own ideas about warnings which don't always match up to other
+ environments this can happen. The best fix is to edit the file with the
+ warning in and fix it. Alternatively you can turn off the halt on warnings by
+ editing the CFLAG line in the Makefile and deleting the /WX option.
+
+ You might get compilation errors. Again you will have to fix these or report
+ them.
+
+ One final comment about compiling applications linked to the OpenSSL library.
+ If you don't use the multithreaded DLL runtime library (/MD option) your
+ program will almost certainly crash: see the original SSLeay description
+ below for more details.
+
+ Tweaks
+ ------
+
+ There are various changes you can make to the Win32 compile environment. If
+ you have the MASM assembler 'ml' then you can try the assembly language code.
+ To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
+ here to make a debugging version of the library.
+
+ If you want to enable the NT specific features of OpenSSL (currently only the
+ logging BIO) follow the instructions above but call the batch file do_nt.bat
+ instead of do_ms.bat.
+
+ You can also build a static version of the library using the Makefile
+ ms\nt.mak
+
+--------------------------------------------------------------------------------
+The orignal Windows build instructions from SSLeay follow. 
+Note: some of this may be out of date and no longer applicable
+--------------------------------------------------------------------------------
+
 The Microsoft World.
 
 The good news, to build SSLeay for the Microsft World

LICENSE

@@ -0,0 +1,127 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

MINFO

@@ -1,14 +1,15 @@
 RELATIVE_DIRECTORY=.
 AR=ar r
-BASENAME=SSLeay
+BASENAME=openssl
 BF_ENC=bf_enc.o
-BN_MULW=bn_mulw.o
+BN_ASM=bn_asm.o
+CAST_ENC=c_enc.o
 CC=cc
 CFLAG=-O -DNOPROTO
 DES_ENC=des_enc.o fcrypt_b.o
 DIRS=crypto ssl rsaref apps test tools
-EDIRS=times doc bugs util include certs ms shlib mt demos
-EX_HEADER=
+EDIRS=times doc bugs util include certs ms shlib mt demos perl sf dep
+EXHEADER=e_os.h
 EX_LIBS=
 GENERAL=Makefile
 HEADER=e_os.h
@@ -18,66 +19,98 @@ MAKE=make -f Makefile.ssl
 MAKEFILE=Makefile.ssl
 MAN1=1
 MAN3=3
-MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com
-NAME=SSLeay-0.8.1
+MD5_ASM_OBJ=
+NAME=openssl-0.9.1c
 ONEDIRS=out tmp
 PEX_LIBS=-L. -L.. -L../.. -L../../..
-SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7
+PLATFORM=dist
+RC4_ENC=rc4_enc.o
+RC5_ENC=rc5_enc.o
+RMD160_ASM_OBJ=
+SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp asn1 pem x509 x509v3 conf txt_db pkcs7 comp
+SHA1_ASM_OBJ=
 SHELL=/bin/sh
-TARFILE=SSLeay-0.8.1.tar
+TARFILE=openssl-0.9.1c.tar
 TOP=.
-VERSION=0.8.1
+VERSION=0.9.1c
 WDIRS=windows
-WTARFILE=SSLeay-0.8.1-win.tar
+WTARFILE=openssl-0.9.1c-win.tar
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto
-ALL=Makefile README cryptlib.c mem.c cversion.c cryptlib.h date.h crypto.h cryptall.h
+ALL=Makefile README cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c cryptlib.h date.h crypto.h cryptall.h tmdiff.h
 AR=ar r
 CC=cc
 CFLAG=-g
-CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" "
+CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" " -DPLATFORM=" \"\" "
 DIR=crypto
-EXHEADER=crypto.h cryptall.h
+ERR=crypto
+ERRC=cpt_err
+EXHEADER=crypto.h cryptall.h tmdiff.h
 EX_LIBS=
 GENERAL=Makefile README
-HEADER=cryptlib.h date.h crypto.h cryptall.h
+HEADER=cryptlib.h date.h crypto.h cryptall.h tmdiff.h
 INCLUDE=-I. -I../include
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../libcrypto.a
-LIBOBJ=cryptlib.o mem.o cversion.o
+LIBOBJ=cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
 LIBS=
-LIBSRC=cryptlib.c mem.c cversion.c
+LIBSRC=cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../util/domd ..
 MAKEFILE=Makefile.ssl
 PEX_LIBS=
 RM=/bin/rm -f
-SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7
-SRC=cryptlib.c mem.c cversion.c
+SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp asn1 pem x509 x509v3 conf txt_db pkcs7 comp
+SRC=cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
 TOP=..
 RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md
-ALL=Makefile md2_dgst.c md5_dgst.c md2_one.c md5_one.c md5_locl.h md2.h md5.h
+RELATIVE_DIRECTORY=crypto/md2
+ALL=Makefile md2_dgst.c md2_one.c md2.h
 APPS=
 AR=ar r
 CC=cc
 CFLAG=-g
 CFLAGS= -g
 DIR=md
-EXHEADER=md2.h md5.h
+EXHEADER=md2.h
 GENERAL=Makefile
-HEADER=md5_locl.h md2.h md5.h
+HEADER=md2.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o
-LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+LIBSRC=md2_dgst.c md2_one.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
-TEST=md2test.c md5test.c
+SRC=md2_dgst.c md2_one.c
+TEST=md2test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/md5
+ALL=Makefile md5_dgst.c md5_one.c md5_locl.h md5.h
+APPS=md5.c
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=md5
+EXHEADER=md5.h
+GENERAL=Makefile
+HEADER=md5_locl.h md5.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=md5_dgst.o md5_one.o 
+LIBSRC=md5_dgst.c md5_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+MD5_ASM_OBJ=
+SRC=md5_dgst.c md5_one.c
+TEST=md5test.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/sha
@@ -94,11 +127,12 @@ HEADER=sha_locl.h sha.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o 
 LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
+SHA1_ASM_OBJ=
 SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
 TEST=shatest.c sha1test.c
 TOP=../..
@@ -120,14 +154,62 @@ LIB=../../libcrypto.a
 LIBOBJ=mdc2dgst.o mdc2_one.o
 LIBSRC=mdc2dgst.c mdc2_one.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=mdc2dgst.c mdc2_one.c
 TEST=mdc2test.c
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/hmac
+ALL=Makefile hmac.c hmac.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=hmac
+EXHEADER=hmac.h
+GENERAL=Makefile
+HEADER=hmac.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=hmac.o
+LIBSRC=hmac.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+SRC=hmac.c
+TEST=hmactest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/ripemd
+ALL=Makefile rmd_dgst.c rmd_one.c rmd_locl.h rmdconst.h ripemd.h
+APPS=rmd160.c
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=ripemd
+EXHEADER=ripemd.h
+GENERAL=Makefile
+HEADER=rmd_locl.h rmdconst.h ripemd.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rmd_dgst.o rmd_one.o 
+LIBSRC=rmd_dgst.c rmd_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+RIP_ASM_OBJ=
+SRC=rmd_dgst.c rmd_one.c
+TEST=rmdtest.c
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/des
-ALL=Makefile des.org des_locl.org cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
+ALL=Makefile des.org des_locl.org cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
 APPS=
 AR=ar r
 CC=cc
@@ -142,38 +224,15 @@ HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
-LIBSRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
+LIBOBJ=set_key.o ecb_enc.o cbc_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
+LIBSRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
+SRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
 TEST=destest.c
 TOP=../..
 RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc4
-ALL=Makefile rc4_enc.c rc4.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc4
-EXHEADER=rc4.h
-GENERAL=Makefile
-HEADER=rc4.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc4_enc.o
-LIBSRC=rc4_enc.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rc4_enc.c
-TEST=rc4test.c
-TOP=../..
-RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/rc2
 ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
 APPS=
@@ -191,12 +250,61 @@ LIB=../../libcrypto.a
 LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
 LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
 TEST=rc2test.c
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rc4
+ALL=Makefile rc4_skey.c rc4_enc.c rc4.h rc4_locl.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=rc4
+EXHEADER=rc4.h
+GENERAL=Makefile
+HEADER=rc4.h rc4_locl.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rc4_skey.o rc4_enc.o
+LIBSRC=rc4_skey.c rc4_enc.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+RC4_ENC=rc4_enc.o
+SRC=rc4_skey.c rc4_enc.c
+TEST=rc4test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rc5
+ALL=Makefile rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c rc5_locl.h rc5.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=rc5
+EXHEADER=rc5.h
+GENERAL=Makefile
+HEADER=rc5_locl.h rc5.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rc5_skey.o rc5_ecb.o rc5_enc.o rc5cfb64.o rc5ofb64.o
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+RC5_ENC=rc5_enc.o
+SRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
+TEST=rc5test.c
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/idea
 ALL=Makefile i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h idea.h
 APPS=
@@ -214,14 +322,14 @@ LIB=../../libcrypto.a
 LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
 LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
 TEST=ideatest.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/bf
-ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
+ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
 APPS=
 AR=ar r
 BF_ENC=bf_enc.o
@@ -236,20 +344,45 @@ HEADER=bf_pi.h bf_locl.h blowfish.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cbc.o bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
 TEST=bftest.c
 TOP=../..
 RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bn
-ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_lcl.h bn_prime.h bn.h
+RELATIVE_DIRECTORY=crypto/cast
+ALL=Makefile c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c cast_s.h cast_lcl.h cast.h
 APPS=
 AR=ar r
-BN_MULW=bn_mulw.o
+CAST_ENC=c_enc.o
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=cast
+EXHEADER=cast.h
+GENERAL=Makefile
+HEADER=cast_s.h cast_lcl.h cast.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=c_skey.o c_ecb.o c_enc.o c_cfb64.o c_ofb64.o
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+SRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+TEST=casttest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/bn
+ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_lcl.h bn_prime.h bn.h
+APPS=
+AR=ar r
+BN_ASM=bn_asm.o
 CC=cc
 CFLAG=-g
 CFLAGS=-I.. -I../../include -g
@@ -262,17 +395,17 @@ HEADER=bn_lcl.h bn_prime.h bn.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o
-LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_asm.o bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
 TEST=bntest.c exptest.c
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/rsa
-ALL=Makefile rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa.h
+ALL=Makefile rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c rsa.h
 APPS=
 AR=ar r
 CC=cc
@@ -287,12 +420,12 @@ HEADER=rsa.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o
-LIBSRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+LIBOBJ=rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o rsa_pk1.o rsa_ssl.o rsa_none.o
+LIBSRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+SRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
@@ -315,7 +448,7 @@ LIB=../../libcrypto.a
 LIBOBJ=dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o dsa_err.o
 LIBSRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
 TEST=dsatest.c
@@ -340,7 +473,7 @@ LIB=../../libcrypto.a
 LIBOBJ=dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
 LIBSRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
 TEST=dhtest.c
@@ -365,14 +498,14 @@ LIB=../../libcrypto.a
 LIBOBJ=buffer.o buf_err.o
 LIBSRC=buffer.c buf_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=buffer.c buf_err.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/bio
-ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h
+ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h bss_file.c
 APPS=
 AR=ar r
 CC=cc
@@ -381,16 +514,16 @@ CFLAGS=-I.. -I../../include -g
 DIR=bio
 ERR=bio
 ERRC=bio_err
-EXHEADER=bio.h
+EXHEADER=bio.h bss_file.c
 GENERAL=Makefile
-HEADER=bio.h
+HEADER=bio.h bss_file.c
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
 LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o
 LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
 TEST=
@@ -413,7 +546,7 @@ LIB=../../libcrypto.a
 LIBOBJ=stack.o
 LIBSRC=stack.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=stack.c
 TEST=
@@ -436,14 +569,14 @@ LIB=../../libcrypto.a
 LIBOBJ=lhash.o lh_stats.o
 LIBSRC=lhash.c lh_stats.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=lhash.c lh_stats.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/rand
-ALL=Makefile md_rand.c randfile.c rand.h
+ALL=Makefile md_rand.c randfile.c rand_lib.c rand.h
 APPS=
 AR=ar r
 CC=cc
@@ -456,12 +589,12 @@ HEADER=rand.h
 INCLUDES=
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=md_rand.o randfile.o
-LIBSRC=md_rand.c randfile.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o
+LIBSRC=md_rand.c randfile.c rand_lib.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=md_rand.c randfile.c
+SRC=md_rand.c randfile.c rand_lib.c
 TEST=randtest.c
 TOP=../..
 RELATIVE_DIRECTORY=
@@ -472,7 +605,7 @@ AR=ar r
 CC=cc
 CFLAG=-g
 CFLAGS=-I.. -I../../include -g
-DIR=error
+DIR=err
 EXHEADER=err.h
 GENERAL=Makefile
 HEADER=err.h
@@ -482,14 +615,14 @@ LIB=../../libcrypto.a
 LIBOBJ=err.o err_all.o err_prn.o
 LIBSRC=err.c err_all.c err_prn.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=err.c err_all.c err_prn.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/objects
-ALL=Makefile README obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h
+ALL=Makefile README o_names.c obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h
 APPS=
 AR=ar r
 CC=cc
@@ -504,17 +637,17 @@ HEADER=objects.h obj_dat.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=obj_dat.o obj_lib.o obj_err.o
-LIBSRC=obj_dat.c obj_lib.c obj_err.c
+LIBOBJ=o_names.o obj_dat.o obj_lib.o obj_err.o
+LIBSRC=o_names.c obj_dat.c obj_lib.c obj_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=obj_dat.c obj_lib.c obj_err.c
+SRC=o_names.c obj_dat.c obj_lib.c obj_err.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/evp
-ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp.h
+ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c evp.h
 APPS=
 AR=ar r
 CC=cc
@@ -529,43 +662,17 @@ HEADER=evp.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o
-LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
+LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o m_ripemd.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o evp_lib.o
+LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pem
-ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-CTX_SIZE=ctx_size
-DIR=pem
-ERR=pem
-ERRC=pem_err
-EXHEADER=pem.h
-GENERAL=Makefile
-HEADER=pem.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
-LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/asn1
-ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c asn1.h asn1_mac.h
+ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c asn1.h asn1_mac.h
 APPS=
 AR=ar r
 CC=cc
@@ -580,12 +687,38 @@ HEADER=asn1.h asn1_mac.h
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 LIB=../../libcrypto.a
-LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o
-LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
+LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o nsseq.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o evp_asn1.o
+LIBSRC=a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
-SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
+SRC=a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/pem
+ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h pem2.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+CTX_SIZE=ctx_size
+DIR=pem
+ERR=pem
+ERRC=pem_err
+EXHEADER=pem.h pem2.h
+GENERAL=Makefile
+HEADER=pem.h pem2.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
+LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
@@ -608,12 +741,37 @@ LIB=../../libcrypto.a
 LIBOBJ=x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x509_req.o x509_vfy.o x509_set.o x509rset.o x509_err.o x509name.o x509_v3.o x509_ext.o x509pack.o x509type.o x509_lu.o x_all.o x509_txt.o by_file.o by_dir.o v3_net.o v3_x509.o
 LIBSRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/x509v3
+ALL=Makefile README v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c v3_prn.c v3_utl.c v3err.c x509v3.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=x509v3
+ERR=x509v3
+ERRC=v3err
+EXHEADER=x509v3.h
+GENERAL=Makefile README
+HEADER=x509v3.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o v3_prn.o v3_utl.o v3err.o
+LIBSRC=v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c v3_prn.c v3_utl.c v3err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+SRC=v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c v3_prn.c v3_utl.c v3err.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=crypto/conf
 ALL=Makefile conf.c conf_err.c conf_lcl.h conf.h
 APPS=
@@ -633,7 +791,7 @@ LIB=../../libcrypto.a
 LIBOBJ=conf.o conf_err.o
 LIBSRC=conf.c conf_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=conf.c conf_err.c
 TEST=
@@ -656,7 +814,7 @@ LIB=../../libcrypto.a
 LIBOBJ=txt_db.o
 LIBSRC=txt_db.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=txt_db.c
 TEST=
@@ -681,14 +839,39 @@ LIB=../../libcrypto.a
 LIBOBJ=pk7_lib.o pkcs7err.o pk7_doit.o
 LIBSRC=pk7_lib.c pkcs7err.c pk7_doit.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
 MAKEFILE=Makefile.ssl
 SRC=pk7_lib.c pkcs7err.c pk7_doit.c
 TEST=
 TOP=../..
 RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/comp
+ALL=Makefile comp_lib.c c_rle.c c_zlib.c comp.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=comp
+ERR=comp
+ERRC=comp_err
+EXHEADER=comp.h
+GENERAL=Makefile
+HEADER=comp.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=comp_lib.o c_rle.o c_zlib.o
+LIBSRC=comp_lib.c c_rle.c c_zlib.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=../../util/domd ../..
+MAKEFILE=Makefile.ssl
+SRC=comp_lib.c c_rle.c c_zlib.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=ssl
-ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
+ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
 APPS=
 AR=ar r
 CC=cc
@@ -697,23 +880,23 @@ CFLAGS=-I../crypto -I../include -g
 DIR=ssl
 ERR=ssl
 ERRC=ssl_err
-EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h
+EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h
 GENERAL=Makefile README
-HEADER=ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
+HEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
 INCLUDES=-I../crypto -I../include
 INSTALLTOP=/usr/local/ssl
 LIB=../libssl.a
-LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
-LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
+LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
+LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../util/domd ..
 MAKEFILE=Makefile.ssl
-SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
+SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
 TEST=ssltest.c
 TOP=..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=rsaref
-ALL=Makefile rsaref.c rsar_err.c  rsaref.h
+ALL=Makefile rsaref.c rsar_err.c rsaref.h
 APPS=
 AR=ar r
 CC=cc
@@ -722,23 +905,23 @@ CFLAGS=-I../crypto -I../include -g
 DIR=rsaref
 ERR=rsaref
 ERRC=rsar_err
-EXHEADER=
+EXHEADER=rsaref.h
 GENERAL=Makefile
-HEADER= rsaref.h
+HEADER=rsaref.h
 INCLUDES=-I../crypto -I../include
 INSTALLTOP=/usr/local/ssl
 LIB=../libRSAglue.a
 LIBOBJ=rsaref.o rsar_err.o
 LIBSRC=rsaref.c rsar_err.c
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../util/domd ..
 MAKEFILE=Makefile.ssl
 SRC=rsaref.c rsar_err.c
 TEST=
 TOP=..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=apps
-ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
+ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c nseq.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
 A_OBJ=apps.o
 A_SRC=apps.c
 CC=cc
@@ -747,12 +930,12 @@ CFLAGS=-DMONOLITH -I../include -g -static
 DIR=apps
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
-EXE=ssleay
+EXE=openssl
 EXHEADER=
 EX_LIBS=
-E_EXE=verify asn1pars req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
-E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o gendsa.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
-E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
+E_EXE=verify asn1pars req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa gendsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq
+E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o nseq.o
+E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c nseq.c
 GENERAL=Makefile
 HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h 
 INCLUDES=-I../include
@@ -760,22 +943,23 @@ INSTALLTOP=/usr/local/ssl
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../util/domd ..
 MAKEFILE=Makefile.ssl
 PEX_LIBS=
-PROGS=ssleay.c
+PROGRAM=openssl
+PROGS=openssl.c
 RM=/bin/rm -f
-SCRIPTS=CA.sh der_chop
-SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
-SSLEAY=ssleay
+SCRIPTS=CA.sh CA.pl der_chop
+SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c nseq.c
 S_OBJ=s_cb.o s_socket.o
 S_SRC=s_cb.c s_socket.c
 TOP=..
 RELATIVE_DIRECTORY=
 RELATIVE_DIRECTORY=test
-ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c 
+ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c 
 BFTEST=bftest
 BNTEST=bntest
+CASTTEST=casttest
 CC=cc
 CFLAG=-g
 CFLAGS=-I../include -g
@@ -785,32 +969,35 @@ DIR=test
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 DSATEST=dsatest
-EXE=bntest ideatest md2test md5test rc4test destest shatest sha1test mdc2test randtest dhtest rc2test bftest ssltest exptest dsatest
+EXE=bntest ideatest md2test md5test hmactest rc2test rc4test rc5test destest shatest sha1test mdc2test rmdtest randtest dhtest bftest casttest ssltest exptest dsatest
 EXHEADER=
 EXPTEST=exptest
-EX_LIBS=-lnsl -lsocket
+EX_LIBS=
 GENERAL=Makefile.ssl
 HEADER=
+HMACTEST=hmactest
 IDEATEST=ideatest
 INCLUDES=-I../include
 INSTALLTOP=/usr/local/ssl
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -fMakefile.ssl
+MAKEDEPEND=../util/domd ..
 MAKEFILE=Makefile.ssl
 MD2TEST=md2test
 MD5TEST=md5test
 MDC2TEST=mdc2test
 METHTEST=methtest
-OBJ=bntest.o ideatest.o md2test.o md5test.o rc4test.o destest.o shatest.o sha1test.o mdc2test.o randtest.o dhtest.o rc2test.o bftest.o ssltest.o dsatest.o exptest.o
+OBJ=bntest.o ideatest.o md2test.o md5test.o hmactest.o rc2test.o rc4test.o rc5test.o destest.o shatest.o sha1test.o mdc2test.o rmdtest.o randtest.o dhtest.o casttest.o bftest.o ssltest.o dsatest.o exptest.o
 PEX_LIBS=
 RANDTEST=randtest
 RC2TEST=rc2test
 RC4TEST=rc4test
+RC5TEST=rc5test
+RMDTEST=rmdtest
 SHA1TEST=sha1test
 SHATEST=shatest
-SRC=bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c
+SRC=bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c
 SSLTEST=ssltest
 TOP=..
 RELATIVE_DIRECTORY=
@@ -824,7 +1011,7 @@ GENERAL=Makefile.ssl
 INCLUDES=-I.. -I../../include
 INSTALLTOP=/usr/local/ssl
 MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEDEPEND=../util/domd ..
 MAKEFILE=Makefile.ssl
 TEST=
 TOP=..

Makefile.org

@@ -0,0 +1,304 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION = 0.9.2b
+PLATFORM=dist
+
+# NOCONST - Define for C compilers that don't like the const key word.
+# NOPROTO - Define in if your compiler does not support prototypes.
+# RSAref  - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
+# SSL_ALLOW_ENULL - define if you want the server to be able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS= 
+AR=ar r
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o    # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o    # SGI MIPS cpu
+#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+DIRS=   crypto ssl rsaref apps test tools
+# dirs in crypto to build
+SDIRS=  \
+	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 comp
+
+# Do not edit this manually. Use util/ssldir.pl do change this!
+INSTALLTOP=/usr/local/ssl
+
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a 
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os.h
+HEADER=         e_os.h
+
+all: Makefile.ssl
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ) || exit 1; \
+	done;
+
+sub_all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ) || exit 1; \
+	done;
+
+Makefile.ssl: Makefile.org
+	@echo "Makefile.ssl is older than Makefile.org."
+	@echo "Reconfigure the source tree (via 'perl Configure' or 'sh config')"
+	@echo "and update the error lists (via 'make errors'), please."
+	@false
+
+libclean:
+	rm -f *.a */lib */*/lib
+
+clean:
+	rm -f shlib/*.o *.o core a.out fluff *.map
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making clean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+	rm -f $(LIBS); \
+	done;
+	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	perl util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:  MINFO
+	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making 'files' in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' files ) || exit 1; \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/mklink.sh include $(EXHEADER)
+	@for i in $(DIRS); do \
+	(cd $$i && echo "making links in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' links ) || exit 1; \
+	done;
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+dclean:
+	rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making dclean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' dclean ) || exit 1; \
+	done;
+
+rehash:
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+test:   tests
+
+tests:
+	@(cd test && echo "testing..." && \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+	@apps/openssl version -a
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making dependancies $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' depend ) || exit 1; \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making lint $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making tags $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	done;
+
+errors:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making errors in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' errors ) || exit 1; \
+	done;
+
+tar:
+	@gtar --no-recursion -cvf - \
+		`find * -depth -print | grep -v CVS | grep -v .cvsignore | grep -v STATUS | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	ls -l ../$(TARFILE).gz
+
+dist:   
+	perl Configure dist
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "installing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+	done
+	@for i in $(LIBS) ;\
+	do \
+	(       echo installing $$i; \
+		cp $$i $(INSTALLTOP)/lib; \
+		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALLTOP)/lib/$$i ); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

Makefile.ssl

@@ -1,276 +0,0 @@
-#
-# Makefile for all the SSL related library routines and utilities
-VERSION	= 0.8.1a
-#
-# make install will install:
-#   libraries into $INSTALLTOP/lib
-#   headers   into $INSTALLTOP/include
-#   utilities into $INSTALLTOP/bin
-#
-# By default INSTALLTOP is set to /usr/local/ssl
-# If you want things install elsewere, consider running
-# perl util/ssldir.pl /new/path
-#
-# Interesting Mailing Lists:
-#     ssl-bugs@mincom.oz.au
-#     ssl-users@mincom.oz.au
-#
-# To join the Mailing Lists:
-#     ssl-bugs-request@mincom.oz.au
-#     ssl-users-request@mincom.oz.au
-#
-# If you must get hold of people directly (we much prefer the above
-# lists to be used if the question is of general interest!):
-#	Eric Young <eay@cryptsoft.com>
-#	Tim Hudson <tjh@cryptsoft.com>
-#	or both    <ssleay@cryptsoft.com>
-#
-# The primary distribution of SSLeay is from
-# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
-#
-# NOCONST - Define for C compilers that don't like the const key word.
-# NOPROTO - Define in if your compiler does not support prototypes.
-# RSAref  - Define if we are to link with RSAref.
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#	    system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#	    one.  32 bytes will be read from this when the random
-#	    number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#	    SSLv3 anon-DH ciphers.
-# SSL_ALLOW_ENULL - define if you want the server to be able to use the
-#	    NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#	CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#	call application defined callbacks via CRYPTO_set_mem_functions()
-
-
-CC= cc
-CFLAG= -O -DNOPROTO
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-PEX_LIBS= -L. -L.. -L../.. -L../../..
-EX_LIBS= 
-#EX_LIBS= #-lRSAglue -lrsaref -lnsl -lsocket
-AR=ar r
-
-# Set BN_MULW to bn_mulw.o if you want to use the C version
-#BN_MULW= asm/x86-lnx.o
-BN_MULW= bn_mulw.o
-#BN_MULW= asm/x86-lnx.o		# elf
-#BN_MULW= asm/x86-sol.o		# solaris
-#BN_MULW= asm/x86-lnxa.o	# a.out, FreeBSD
-#BN_MULW= asm/x86-bsdi.o	# bsdi
-#BN_MULW= asm/alpha.o		# DEC Alpha
-#BN_MULW= asm/pa-risc2.o	# HP-UX PA-RISC
-#BN_MULW= asm/r3000.o		# SGI MIPS cpu
-#BN_MULW= asm/sparc.o		# Sun solaris/SunOS
-#BN_MULW= asm/x86nt32.o		# Windows 95/NT
-#BN_MULW= asm/x86w16.o		# 16 bit code for Windows 3.1/DOS
-#BN_MULW= asm/x86w32.o		# 32 bit code for Windows 3.1
-
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-DES_ENC= des_enc.o fcrypt_b.o
-#DES_ENC= des_enc.o fcrypt_b.o		# C
-#DES_ENC= asm/dx86-elf.o asm/cx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/cx86-sol.o	# solaris
-#DES_ENC= asm/dx86-out.o asm/cx86-out.o	# a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/cx86bsdi.o	# bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= bf_enc.o
-#BF_ENC= bf_enc.o	# C
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o	# solaris
-#BF_ENC= asm/bx86-out.o	# a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o	# bsdi
-
-DIRS=	crypto ssl rsaref apps test tools
-# dirs in crypto to build
-SDIRS=  \
-	md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh \
-	buffer bio stack lhash rand err objects \
-	evp pem asn1 x509 conf txt_db pkcs7
-
-# If you change the INSTALLTOP, make sure to also change the values
-# in crypto/location.h
-INSTALLTOP=/usr/local/ssl
-
-MAKEFILE= Makefile.ssl
-MAKE=	  make -f Makefile.ssl
-
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-
-TOP=	.
-ONEDIRS=out tmp
-EDIRS=	times doc bugs util include certs ms shlib mt demos
-MISC=	COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
-	README TODO HISTORY README.066 README.080 \
-	VERSION PROBLEMS MINFO makefile.one e_os.h \
-	MICROSOFT makevms.com
-WDIRS=	windows
-LIBS=	libcrypto.a libssl.a 
-
-GENERAL=	Makefile
-BASENAME=	SSLeay
-NAME=		$(BASENAME)-$(VERSION)
-TARFILE=	$(NAME).tar
-WTARFILE=	$(NAME)-win.tar
-EX_HEADER=
-HEADER=		e_os.h
-
-all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' all ); \
-	done;
-
-sub_all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \
-	done;
-
-clean:
-	/bin/rm -f *.o core a.out fluff *.map
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "cleaning $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' clean ); \
-	/bin/rm -f $(LIBS); \
-	done;
-	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
-	/bin/rm -f $(TARFILE)
-	@for i in $(ONEDIRS) ;\
-	do \
-	/bin/rm -f $$i/*; \
-	done
-
-makefile.one: files
-	perl util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:	MINFO
-	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' files ); \
-	done;
-
-links:
-	/bin/rm -f Makefile;
-	./util/point.sh Makefile.ssl Makefile;
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' links ); \
-	done;
-	# @(cd apps; sh ./mklinks)
-	sh tools/c_rehash certs
-
-dclean:
-	/bin/rm -f *.bak
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "undoing makedepend in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' dclean ); \
-	done;
-
-rehash:
-	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
-
-test:	tests
-
-tests:
-	(cd test; echo "testing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' tests );
-	@apps/ssleay version -a
-
-depend:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making dependancies $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' depend ); \
-	done;
-
-lint:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making lint $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' lint ); \
-	done;
-
-tags:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making tags $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' tags ); \
-	done;
-
-errors:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' errors ); \
-	done;
-
-tar:
-	@(cd ..;\
-	mv $(BASENAME) $(NAME); \
-	export STUFF; \
-	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
-	do \
-		STUFF="$$STUFF $(NAME)/$$i"; \
-	done; \
-	tar cf $(NAME)/$(TARFILE) $$STUFF; \
-	mv $(NAME) $(BASENAME) ) 
-	gzip -f $(TARFILE)
-
-dist:	
-	perl Configure dist
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) SDIRS='${SDIRS}' dclean
-	@(cd apps; sh ./rmlinks)
-	@$(MAKE) makefile.one
-	@$(MAKE) tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
-install: all
-	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "installing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
-	done
-	@for i in $(LIBS) ;\
-	do \
-	(	echo installing $$i; \
-		cp $$i $(INSTALLTOP)/lib; \
-		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
-		chmod 644 $(INSTALLTOP)/lib/$$i ); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -0,0 +1,40 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between SSLeay 0.9.1c and OpenSSL 0.9.2b:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+

PROBLEMS

@@ -1,50 +0,0 @@
-If you have any problems with SSLeay then please take the following 
-steps:
-
-    Remove the ASM version of the BN routines (edit Configure)
-    Remove the compiler optimisation flags
-    Add in the compiler debug flags (-g)
-
-Note: if using gcc then remove -fomit-frame-pointer before you try
-      to debug things.
-
-If you wish to report a bug then please include the following information
-in any bug report:
-
-    SSLeay Details
-	- Version, most of these details can be got from the
-	  'ssleay version -a' command.
-    Operating System Details
-	- OS Name
-	- OS Version
-	- Hardware platform
-    Compiler Details
-	- Name
-	- Version
-    Application Details 
-	- Name 
-	- Version 
-    Problem Description
-	- include steps that will reproduce the problem (if known)
-    Stack Traceback (if the application dumps core)
-
-For example:
-
-    SSLeay-0.5.1a
-    SunOS 5.3, SPARC, SunC 3.0
-    SSLtelnet-0.7
-
-    Core dumps when using telnet with SSL support in bn_mul() with 
-    the following stack trackback 
-	...
-
-
-Report the bug to either
-    ssleay@mincom.oz.au (Eric and Tim)
-or
-    ssl-bugs@mincom.oz.au (mailing list of active developers)
-
-
-Tim Hudson
-tjh@mincom.oz.au
-

README

@@ -1,173 +1,188 @@
-		SSLeay 0.8.1b 29-Jun-1998
-		Copyright (c) 1997, Eric Young
-		All rights reserved.
 
-This directory contains Eric Young's (eay@cryptsoft.com) implementation
-of SSL and supporting libraries.
+ OpenSSL 0.9.2b 22-Mar-1999
 
-The current version of this library is available from
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+ Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
 
-There are patches to a number of internet applications which can be found in
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
+ DESCRIPTION
+ -----------
 
-A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
-can be found at 
-    http://www.psy.uq.oz.au/~ftp/Crypto
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL tookit and its related documentation. 
 
-Additional documentation is being slowly written by Eric Young, and is being
-added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
-available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fullfill the conditions of both licenses. 
 
-This Library and programs are FREE for commercial and non-commercial
-usage.  The only restriction is that I must be attributed with the
-development of this code.  See the COPYRIGHT file for more details.
-Donations would still be accepted :-).
+ OVERVIEW
+ --------
 
-THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
+ The OpenSSL toolkit includes:
 
-The package includes
+ libssl.a:
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.
 
-libssl.a:
-	My implementation of SSLv2, SSLv3 and the required code to support
-	both SSLv2 and SSLv3 in the one server.
+ libcrypto.a:
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     actually logically part of it. It includes routines for the following:
 
-libcrypto.a:
-	General encryption and X509 stuff needed by SSL but not
-	actually logically part of it.  It includes routines for the following:
+     Ciphers
+        libdes - EAY's libdes DES encryption package which has been floating
+                 around the net for a few years.  It includes 15
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
+                 ofb) including desx in cbc mode, a fast crypt(3), and
+                 routines to read passwords from the keyboard.
+        RC4 encryption,
+        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
 
-  Ciphers
-	libdes - My libdes DES encryption package which has been floating
-		around the net for a few years.  It includes 15
-		'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
-		including desx in cbc mode,
-		a fast crypt(3), and routines to read passwords from the
-		keyboard.
-	RC4 encryption,
-	RC2 encryption 		- 4 different modes, ecb, cbc, cfb and ofb.
-	Blowfish encryption	- 4 different modes, ecb, cbc, cfb and ofb.
-	IDEA encryption		- 4 different modes, ecb, cbc, cfb and ofb.
+     Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest. A DES based hash that is polular on smart cards.
 
-  Digests
-	MD5 and MD2 message digest algorithms, fast implementations,
-	SHA (SHA-0) and SHA-1 message digest algorithms,
-	MDC2 message digest.  A DES based hash that is polular on smart cards.
+     Public Key
+        RSA encryption/decryption/generation.  
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.   
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.  
+            There is no limit on the number of bits.
 
-  Public Key
-	RSA encryption/decryption/generation.  There is no limit
-		on the number of bits.
-	DSA encryption/decryption/generation.   There is no limit on the
-		number of bits.
-	Diffie-Hellman key-exchange/key generation.  There is no limit
-		on the number of bits.
+     X.509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+             based ascii-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.
 
-  X509v3 certificates
-	X509 encoding/decoding into/from binary ASN1 and a PEM
-		based ascii-binary encoding which supports encryption with
-		a private key.
-	Program to generate RSA and DSA certificate requests and to
-		generate RSA and DSA certificates.
+     Systems
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
 
-  Systems
-  	The normal digital envelope routines and base64 encoding.
-	Higher level access to ciphers and digests by name.  New ciphers can be
-		loaded at run time.
-	The BIO io system which is a simple non-blocking IO abstraction.
-		Current methods supported are file descriptors, sockets,
-		socket accept, socket connect, memory buffer, buffering,
-		SSL client/server, file pointer, encryption, digest,
-		non-blocking testing and null.
-  Data structures
-  	A dynamically growing hashing system
-	A simple stack.
-	A Configuration loader that uses a format similar to MS .ini files.
+     Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.
 
-Programs in this package include
-	enc	- a general encryption program that can encrypt/decrypt using
-		one of 17 different cipher/mode combinations.  The
-		input/output can also be converted to/from base64
-		ascii encoding.
-	dgst	- a generate message digesting program that will generate
-		message digests for any of md2, md5, sha (sha-0 or sha-1)
-		or mdc2.
-	asn1parse - parse and display the structure of an asn1 encoded
-		binary file.
-	rsa	- Manipulate RSA private keys.
-	dsa	- Manipulate DSA private keys.
-	dh	- Manipulate Diffie-Hellman parameter files.
-	dsaparam- Manipulate and generate DSA parameter files.
-	crl	- Manipulate certificate revocation lists.
-	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
-	x509	- Manipulate x509 certificates, self-sign certificates.
-	req	- Manipulate PKCS#10 certificate requests and also
-		  generate certificate requests.
-	genrsa  - Generates an arbitrary sized RSA private key.
-	gendh	- Generates a set of Diffie-Hellman parameters, the prime
-		  will be a strong prime.
-	ca	- Create certificates from PKCS#10 certificate requests.
-		  This program also maintains a database of certificates
-		  issued.
-	verify	- Check x509 certificate signatures.
-	speed	- Benchmark SSLeay's ciphers.
-	s_server- A test SSL server.
-	s_client- A test SSL client.
-	s_time	- Benchmark SSL performance of SSL server programs.
-	errstr	- Convert from SSLeay hex error codes to a readable form.
-	
-Documents avaliable are
-	A Postscript and html reference manual
-	(written by Tim Hudson tjh@cryptsoft.com).
+ openssl: 
+     A command line tool which provides the following functions:
 
-	A list of text protocol references I used.
-	An initial version of the library manual.
+     enc     - a general encryption program that can encrypt/decrypt using
+               one of 17 different cipher/mode combinations.  The
+               input/output can also be converted to/from base64
+               ascii encoding.
+     dgst    - a generate message digesting program that will generate
+               message digests for any of md2, md5, sha (sha-0 or sha-1)
+               or mdc2.
+     asn1parse - parse and display the structure of an asn1 encoded
+               binary file.
+     rsa     - Manipulate RSA private keys.
+     dsa     - Manipulate DSA private keys.
+     dh      - Manipulate Diffie-Hellman parameter files.
+     dsaparam- Manipulate and generate DSA parameter files.
+     crl     - Manipulate certificate revocation lists.
+     crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+     x509    - Manipulate x509 certificates, self-sign certificates.
+     req     - Manipulate PKCS#10 certificate requests and also
+               generate certificate requests.
+     genrsa  - Generates an arbitrary sized RSA private key.
+     gendsa  - Generates DSA parameters.
+     gendh   - Generates a set of Diffie-Hellman parameters, the prime
+               will be a strong prime.
+     ca      - Create certificates from PKCS#10 certificate requests.
+               This program also maintains a database of certificates
+               issued.
+     verify  - Check x509 certificate signatures.
+     speed   - Benchmark OpenSSL's ciphers.
+     s_server- A test SSL server.
+     s_client- A test SSL client.
+     s_time  - Benchmark SSL performance of SSL server programs.
+     errstr  - Convert from OpenSSL hex error codes to a readable form.
+     nseq    - Netscape certificate sequence utility
+        
+ PATENTS
+ -------
 
-To install this package, read the INSTALL file.
-For the Microsoft word, read MICROSOFT
-This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
-SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
-LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legel by checking if there are any patents in your
+ country.  The file contains some of the patents that we know about or are
+ rumoured to exist. This is not a definitive list.
 
-Multithreading has been tested under Windows NT and Solaris 2.5.1
+ RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licencing conditions. Their web page is
+ http://www.rsa.com/.
 
-Due to time constraints, the current release has only be rigorously tested
-on Solaris 2.[45], Linux and Windows NT.
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission. 
 
-For people in the USA, it is possible to compile SSLeay to use RSA
-Inc.'s public key library, RSAref.  From my understanding, it is
-claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
-Read doc/rsaref.doc on how to build with RSAref.
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+ be contacted if that algorithm is to be used, their web page is
+ http://www.ascom.ch/.
 
-Read the documentation in the doc directory.  It is quite rough,
-but it lists the functions, you will probably have to look at
-the code to work out how to used them.  I will be working on
-documentation.  Look at the example programs.
+ INSTALLATION
+ ------------
 
-There should be a SSL reference manual which is being put together by
-Tim Hudson (tjh@cryptsoft.com) in the same location as this
-distribution.  This contains a lot more information that is very
-useful.  For a description of X509 Certificates, their use, and
-certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
-also goes over the mechanism.
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.
 
-We have setup some mailing lists for use by people that are interested
-in helping develop this code and/or ask questions.
-    ssl-bugs@mincom.oz.au
-    ssl-users@mincom.oz.au
-    ssl-bugs-request@mincom.oz.au
-    ssl-users-request@mincom.oz.au
+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to
+ build with RSAref.
 
-I have recently read about a new form of software, that which is in
-a permanent state of beta release.  Linux and Netscape are 2 good 
-examples of this, and I would also add SSLeay to this category.
-The Current stable release is 0.6.6.  It has a few minor problems.
-0.8.0 is not call compatable so make sure you have the correct version
-of SSLeay to link with.  
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.
 
-eric (Jun 1997)
+ SUPPORT 
+ -------
 
-Eric Young (eay@cryptsoft.com)
-86 Taunton St.
-Annerley 4103.
-Australia.
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Remove ASM versions of libraries
+    - Remove compiler optimisation flags 
+    - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
+      before you try to debug things)
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+    OpenSSL Details
+    - Version, most of these details can be got from the
+      'openssl version -a' command.
+    Operating System Details
+    - OS Name
+    - OS Version
+    - Hardware platform
+    Compiler Details
+    - Name
+    - Version
+    Application Details 
+    - Name 
+    - Version 
+    Problem Description
+    - include steps that will reproduce the problem (if known)
+    Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+    openssl-users@openssl.org
 

README.066

@@ -1,27 +0,0 @@
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
-- assember for x86 DES improvments.
-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
-  loop and the IP/FP modifications are from
-  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
-  contribution.
-- The 'DES macros' introduced in 0.6.5 now have 3 types.
-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
-  is best and there is a summery of mine in crypto/des/options.txt
-- A few bug fixes.
-- Added blowfish.  It is not used by SSL but all the other stuff that
-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
-  the 'Configure' script.
-- There is now a 'get client certificate' callback which can be
-  'non-blocking'.  If more details are required, let me know.  It will
-  documented more in SSLv3 when I finish it.
-- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
-  now tests the ca program.
-- Lots of little things modified and tweaked.
-
-eric

README.080

@@ -1,147 +0,0 @@
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future.  Currently I'm just getting 080 out
-the door.  Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
----
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
----8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
-            too if you are working with BIO internal stuff (as distinct
-	    from simply using the interface in an opaque manner)
-
-#include "bio.h"	- required along with "buffer.h" if you write
-			  your own BIO routines as the buffer and bio
-			  stuff that was intermixed has been separated
-			  out 
-			
-envelope.h -> evp.h  (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new()	- requires an extra method parameter
-		      SSL_CTX_new(SSLv23_method()) 
-		      SSL_CTX_new(SSLv2_method()) 
-		      SSL_CTX_new(SSLv3_method()) 
-
-		  OR to only have the server or the client code
-		      SSL_CTX_new(SSLv23_server_method()) 
-		      SSL_CTX_new(SSLv2_server_method()) 
-		      SSL_CTX_new(SSLv3_server_method()) 
-		  or  
-		      SSL_CTX_new(SSLv23_client_method()) 
-		      SSL_CTX_new(SSLv2_client_method()) 
-		      SSL_CTX_new(SSLv3_client_method()) 
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
-			   or provide a buffer and size to copy the
-			   result into
-
-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
-		  notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using 
-	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_clear_retry_flags(b)
-
-	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some 
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
-			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-

STATUS

@@ -0,0 +1,179 @@
+
+  OpenSSL STATUS                           Last modified at
+  ______________                           $Date: 1999/03/14 01:16:42 $
+
+  DEVELOPMENT STATE
+
+    o  OpenSSL 0.9.2: Freezed!
+       - No more feature commits, please. 
+       - Commit bugfixes and cleanups only, please.
+       - Already successfully tested platform:
+         o  FreeBSD 2.2.7    Ben Laurie            OK
+         o  FreeBSD 3.1      Ralf S. Engelschall   OK
+         o  Solaris 2.6      Ralf S. Engelschall   OK except for ctype warns
+         o  Linux RH 5.1     Steve Henson          OK
+         o  Linux 2.0 RH 5.2 Ralf S. Engelschall   OK
+         o  Linux 2.2 RH 5.2 Peter 'Luna' Altberg  OK
+         o  WinNT,95 VC++ 5  Steve Henson          OK
+
+       Proposed release time: Monday, March 15th 1999
+
+    o  OpenSSL 0.9.1c: Released on December 23th, 1998
+
+  RELEASE SHOWSTOPPERS
+
+    o Compilation warnings: ctype-related int vs. char
+    o Compilation error: "unsigned long*" and "int*" under AIX
+    o Why are NULL ciphers in front of the cipher spec?
+      (see my posting "Bug?!: Cipher Suite and NULL Ciphers" in openssl-dev)
+    o A Linux alpha user reported: "alpha.s does not have bn_div_word()"
+      (see posting "ALPHA error" in openssl-dev)
+    o Undefined BN symbols in assembler stuff on Solaris
+      (see posting "openssl-SNAP-19990308-2130 on Solaris-2.6 SC4" in openssl-dev)
+
+  AVAILABLE PATCHES
+
+    o Solaris AS error (kenji@miyake.org)
+    o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
+    o s3_lib.c - export clients (levitte@stacken.kth.se)
+    o linux dynamic libs (colin@field.medicine.adelaide.edu.au)
+    o MingW support (niklas@canit.se)
+    o crypto/des/enc_read.c bugfix (mike@cs.mun.ca)
+
+  IN PROGRESS
+
+    o Steve is currently working on:
+        X509 V3 extension code including:
+        1. Support for the more common PKIX extensions.
+        2. Proper (or at least usable) certificate chain verification.
+        3. Support in standard applications (req, x509, ca).
+        4. Documentation on how all the above works.
+        Next on the list is probably PKCS#12 integration.
+
+    o Mark is currently working on:
+        Folding in any changes that are in the C2Net code base that were
+        not in the original SSLeay-0.9.1.b release.  Plus other minor
+        tidying.
+
+    o Ralf is currently working on:
+        1. Support for SSL_set_default_verify_paths(),
+           SSL_load_verify_locations(), SSL_get_cert_store() and
+           SSL_set_cert_store() functions which work like their existing
+           SSL_CTX_xxx() variants but on a per connection basis. That's needed
+           to let us provide full-featured per-URL client verification in
+           mod_ssl or Apache-SSL.
+           => It still dumps core, so I suspend this and investigate
+              again for OpenSSL 0.9.3.
+        2. The perl/ stuff to make it really work the first time ;-)
+           => I'll investigate a few more hours for OpenSSL 0.9.2
+        3. The new documentation set in POD format under doc/
+           => I'll investigate a few more hours for OpenSSL 0.9.2
+        4. More cleanups to get rid of obsolete/old/ugly files in the
+           source tree which are not really needed.
+           => Done all which were possible with my personal knowledge
+
+    o Ben is currently working on:
+	1. Function Prototype Thought Police issues.
+	2. Integrated documentation.
+	3. New TLS Ciphersuites.
+	4. Anything else that takes his fancy.
+
+  NEEDS PATCH
+
+  OPEN ISSUES
+
+    o  The Makefile hierarchy and build mechanism is still not a round thing:
+
+       1. The config vs. Configure scripts
+          It's the same nasty situation as for Apache with APACI vs.
+          src/Configure. It confuses.
+          Suggestion: Merge Configure and config into a single configure
+                      script with a Autoconf style interface ;-) and remove
+                      Configure and config. Or even let us use GNU Autoconf
+                      itself. Then we can avoid a lot of those platform checks
+                      which are currently in Configure.
+
+       2. The xxx.org -> xxx.h generation:
+          It's not obvious for which file xxx.org is the source.
+          Suggestion: Rename xxx.org to xxx.h.in (Autoconf style), this way
+                      one sees that xxx.h.in is the input for xxx.h
+
+          Status: Mark +1
+
+    o  The installation under "make install" produces a very
+       installation layout: $prefix/certs and $prefix/private dirs.  That's
+       not nice. Ralf suggests to move the two certs and private dirs either
+       to $prefix/etc/, $prefix/lib/ or $prefix/share. Alternatively
+       we could also not install the certs at all.
+
+       Status: Ralf +1 for both not installing the certs at all and
+                       moving it to $prefix/etc/. +0 for $prefix/lib/
+                       and $prefix/share.
+               Paul: why is it not nice?
+               Ralf: because it messes up the install dir when
+                     $prefix is not a dedicated area like /usr/local/ssl.
+                     When we move them to a standard subdir like
+                     etc/ lib/ or share/ we don't mess up things
+                     when $prefix is /usr or /usr/local, etc.
+                     Additionally it makes package vendors life
+                     easier....
+
+    o  Support for Shared Libraries has to be added at least
+       for the major Unix platforms. The details we can rip from the stuff
+       Ralf has done for the Apache src/Configure script. Ben wants the
+       solution to be really simple.
+
+       Status: Ralf will look how we can easily incorporate the
+               compiler PIC and linker DSO flags from Apache
+               into the OpenSSL Configure script.
+
+    o  The perl/ stuff needs a major overhaul. Currently it's
+       totally obsolete. Either we clean it up and enhance it to be up-to-date
+       with the C code or we also could replace it with the really nice
+       Net::SSLeay package we can find under
+       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
+       longer time and it works fine and is a nice Perl module. Best would be
+       to convince the author to work for the OpenSSL project and create a
+       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
+       us.
+
+       Status: Ralf thinks we should both contact the author of Net::SSLeay
+               and look how much effort it is to bring Eric's perl/ stuff up
+               to date.
+               Paul +1
+
+    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
+      structure for each cipher. This may make sense for things like DES but
+      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
+      use the EVP interface and set up the cipher parameters. The ASN1 stuff
+      is also foo wrt ciphers whose AlgorithmIdentifier has more than just
+      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
+      don't work unless the key length matches the fixed value (some vendors
+      use a key length decided by the size of the RSA encrypted key and expect
+      RC2 to adapt).
+
+    o Properly initialize the PRNG in the absence of /dev/random.
+
+    o > NO_RSA (ejs@bfd.com)
+      > ./Configure -DNO_IDEA -DNO_RC5 -DNO_RC4 -DNO_RC2 -DNO_RSA -DNO_ERR linux-elf
+      > I tried for a whole day to do this and could not get it to work.  Linux
+      > machine, kernel 2.0.36 and 2.2.1, redhat 5.2 latest, gcc and egcs , no
+      > go.  I also noticed the even with -DNO_IDEA, _DNO_RC2, etc. the make
+      > still goes into those subdirectories and 'makes'.
+
+  WISHES
+
+    o  Damien Miller:
+       "How about making the each of the locations compile-time defined. I
+       would like to (for example) put binaries in /usr/bin, configuration
+       data, certs and keys in /etc/openssl/certs and /etc/openssl/keys, etc.
+       This would also be a great boon to binary package makers.  The
+       SSLeay-0.9.1b RPM already includes some patches which do some of this.
+       I can forward them if you wish."
+
+    o  Mats Nilsson <mats.nilsson@xware.se>:
+       "Add reference counting to all substructures of X509 etc. For instance,
+       X509_NAME lacks a reference counter, while EVP_PKEY has one.  I'm
+       making COM-wrappers for selected parts of SSLeay for a project of ours,
+       and has found this inconsistency in copy semantics annoying."
+

TODO

@@ -1,28 +0,0 @@
-- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
-  It will be reworked along with a nice general mechanism for encrypting
-  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
-  still have not done PKCS#8 support.
-
-- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
-  I will probably not get this fixed for a while, it is just there so
-  I could test things.
-
-- Be able to generate DSS certificates.
-
-- Add CRL to the X509 verification stuff, this will probably be added with
-  SSLv3.
-
-+ X509 callback.  I need to callback the application to retrieve certificates
-  and CRL.
-
-*<- designates the things I'm activly working on.
-+<- designates that which I have next in the queue.
-
-====
-
-X509v3 extensions
-verify certificate chains
-X509 cert lookup methods
-RSA/DSA/DH methods mostly for smart cards
-dsa cert generation
-

VERSION

@@ -1,24 +0,0 @@
-SSLeay 0.8.1
-	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
-	  is fixed.
-
-SSLeay 0.8.0
-	- New release, for those that are wondering what happend to
-	  0.7.x, call it our internal development version :-)
-	- There have been lots of changes, mostly the addition of SSLv3.
-	- There have been many additions from people and amongst
-	  others, C2Net has assisted greatly.
-
-SSLeay 0.6.6
-	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
-	if your application requires 0.6.6, use it.  There have been
-	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
-	so use 0.8.0+ in preference.
-
-PORTING 0.6.6 to 0.8.0
-	I'll be documenting this over the next few weeks but as
-	pressures have been increasing for making SSLv3 support
-	available I'm shipping it without this documentation as I
-	basically have not had time to write it (too busy earning a
-	living :-)
-

apps/.cvsignore

@@ -0,0 +1 @@
+openssl

apps/CA.pl

@@ -0,0 +1,153 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+	if ( /^(-\?|-h|-help)$/ ) {
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    exit 0;
+	} elsif (/^-newcert$/) {
+	    # create a certificate
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Certificate (and private key) is in newreq.pem\n"
+	} elsif (/^-newreq$/) {
+	    # create a certificate request
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newca$/) {
+		# if explictly asked for or it doesn't exist then setup the
+		# directory structure that Eric likes to manage things 
+	    $NEW="1";
+	    if ( "$NEW" || ! -f ${CATOP}/serial ) {
+		# create the directory hierarchy
+		mkdir $CATOP, $DIRMODE;
+		mkdir "${CATOP}/certs", $DIRMODE;
+		mkdir "${CATOP}/crl", $DIRMODE ;
+		mkdir "${CATOP}/newcerts", $DIRMODE;
+		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/serial";
+		print OUT "01\n";
+		close OUT;
+		open OUT, ">${CATOP}/index.txt";
+		close OUT;
+	    }
+	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
+		print "CA certificate filename (or enter to create)\n";
+		$FILE = <STDIN>;
+
+		chop $FILE;
+
+		# ask user for existing CA certificate
+		if ($FILE) {
+		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+		    $RET=$?;
+		} else {
+		    print "Making CA certificate ...\n";
+		    system ("$REQ -new -x509 -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+		    $RET=$?;
+		}
+	    }
+	} elsif (/^-xsign$/) {
+	    system ("$CA -policy policy_anything -infiles newreq.pem");
+	    $RET=$?;
+	} elsif (/^(-sign|-signreq)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-signcert$/) {
+	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+								"-out tmp.pem");
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles tmp.pem");
+	    $RET = $?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-verify$/) {
+	    if (shift) {
+		foreach $j (@ARGV) {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+		    $RET=$? if ($? != 0);
+		}
+		exit $RET;
+	    } else {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+		    $RET=$?;
+	    	    exit 0;
+	    }
+	} else {
+	    print STDERR "Unknown arg $_\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    exit 1;
+	}
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+	$flag = 1 if (/^-----BEGIN.*$bound/) ;
+	print OUT $_ if ($flag);
+	if (/^-----END.*$bound/) {
+		close IN;
+		close OUT;
+		return;
+	}
+}
+}
+

apps/CA.sh

@@ -27,14 +27,14 @@
 # tjh@cryptsoft.com
 #
 
-# default ssleay.cnf file has setup as per the following
+# default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
 DAYS="-days 365"
-REQ="ssleay req $SSLEAY_CONFIG"
-CA="ssleay ca $SSLEAY_CONFIG"
-VERIFY="ssleay verify"
-X509="ssleay x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem

apps/Makefile.ssl

@@ -1,5 +1,5 @@
 #
-# SSLeay/apps/Makefile.ssl
+#  apps/Makefile.ssl
 #
 
 DIR=		apps
@@ -9,9 +9,9 @@ INCLUDES=	-I../include
 CFLAG=		-g -static
 INSTALLTOP=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
-RM=		/bin/rm -f
+RM=		rm -f
 
 PEX_LIBS=
 EX_LIBS= 
@@ -25,18 +25,18 @@ DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 
-SSLEAY= ssleay
+PROGRAM= openssl
 
-SCRIPTS=CA.sh der_chop
+SCRIPTS=CA.sh CA.pl der_chop
 
-EXE= $(SSLEAY)
+EXE= $(PROGRAM)
 
-E_EXE=	verify asn1pars req dgst dh enc gendh gendsa errstr ca crl \
+E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
-	x509 genrsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers
+	x509 genrsa gendsa s_server s_client speed \
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq
 
-PROGS= $(SSLEAY).c
+PROGS= $(PROGRAM).c
 
 A_OBJ=apps.o
 A_SRC=apps.c
@@ -44,20 +44,20 @@ S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
-	gendsa.o pkcs7.o crl2p7.o crl.o \
+	pkcs7.o crl2p7.o crl.o \
 	rsa.o dsa.o dsaparam.o \
-	x509.o genrsa.o s_server.o s_client.o speed.o \
+	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o
+	ciphers.o nseq.o
 
 #	pem_mail.o
 
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
-	gendsa.c pkcs7.c crl2p7.c crl.c \
+	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
-	x509.c genrsa.c s_server.c s_client.c speed.c \
+	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
-	ciphers.c
+	ciphers.c nseq.c
 
 #	pem_mail.c
 
@@ -86,18 +86,15 @@ sreq.o: req.c
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-install: mklinks
-	@for i in $(EXE) $(SCRIPTS) mklinks; \
+install:
+	@for i in $(EXE) $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALLTOP)/bin/$$i; \
 	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
 	 done; \
-	cp ssleay.cnf $(INSTALLTOP)/lib
-	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
-	cd $(INSTALLTOP)/bin; \
-	/bin/sh ./mklinks; \
-	/bin/rm -f ./mklinks
+	cp openssl.cnf $(INSTALLTOP)/lib; \
+	chmod 644 $(INSTALLTOP)/lib/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -105,8 +102,7 @@ tags:
 tests:
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -121,8 +117,8 @@ dclean:
 errors:
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	/bin/rm -f req
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+	rm -f req
 
 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
@@ -130,15 +126,326 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))
 
-$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(SSLEAY)
-	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
+	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 
 progs.h:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
-	$(RM) $(SSLEAY).o
-
-mklinks:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
+	perl ./progs.pl $(E_EXE) >progs.h
+	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+apps.o: ../include/bio.h ../include/buffer.h ../include/crypto.h
+apps.o: ../include/e_os.h ../include/opensslv.h ../include/stack.h apps.h
+apps.o: progs.h
+asn1pars.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+asn1pars.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+asn1pars.o: ../include/crypto.h ../include/des.h ../include/dh.h
+asn1pars.o: ../include/dsa.h ../include/e_os.h ../include/err.h
+asn1pars.o: ../include/evp.h ../include/idea.h ../include/md2.h
+asn1pars.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+asn1pars.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+asn1pars.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+asn1pars.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h
+asn1pars.o: ../include/sha.h ../include/stack.h ../include/x509.h
+asn1pars.o: ../include/x509_vfy.h apps.h progs.h
+ca.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+ca.o: ../include/buffer.h ../include/cast.h ../include/conf.h
+ca.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+ca.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+ca.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
+ca.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+ca.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+ca.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
+ca.o: ../include/stack.h ../include/txt_db.h ../include/x509.h
+ca.o: ../include/x509_vfy.h ../include/x509v3.h apps.h progs.h
+ciphers.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+ciphers.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+ciphers.o: ../include/crypto.h ../include/des.h ../include/dh.h
+ciphers.o: ../include/dsa.h ../include/e_os.h ../include/err.h ../include/evp.h
+ciphers.o: ../include/idea.h ../include/lhash.h ../include/md2.h
+ciphers.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+ciphers.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h
+ciphers.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+ciphers.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
+ciphers.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
+ciphers.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
+ciphers.o: progs.h
+crl.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+crl.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
+crl.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
+crl.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
+crl.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+crl.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+crl.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+crl.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
+crl.o: ../include/x509.h ../include/x509_vfy.h ../include/x509v3.h apps.h
+crl.o: progs.h
+crl2p7.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+crl2p7.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+crl2p7.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+crl2p7.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+crl2p7.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+crl2p7.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+crl2p7.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
+crl2p7.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+crl2p7.o: ../include/rsa.h ../include/sha.h ../include/stack.h
+crl2p7.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+dgst.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+dgst.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+dgst.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+dgst.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+dgst.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+dgst.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+dgst.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+dgst.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
+dgst.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
+dgst.o: progs.h
+dh.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+dh.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
+dh.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
+dh.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
+dh.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+dh.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+dh.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+dh.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
+dh.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+dsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+dsa.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
+dsa.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
+dsa.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
+dsa.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+dsa.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+dsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+dsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
+dsa.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+dsaparam.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+dsaparam.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+dsaparam.o: ../include/crypto.h ../include/des.h ../include/dh.h
+dsaparam.o: ../include/dsa.h ../include/e_os.h ../include/err.h
+dsaparam.o: ../include/evp.h ../include/idea.h ../include/md2.h
+dsaparam.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+dsaparam.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+dsaparam.o: ../include/pkcs7.h ../include/rand.h ../include/rc2.h
+dsaparam.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+dsaparam.o: ../include/rsa.h ../include/sha.h ../include/stack.h
+dsaparam.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+enc.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+enc.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
+enc.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
+enc.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
+enc.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+enc.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+enc.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+enc.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
+enc.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+errstr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+errstr.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+errstr.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+errstr.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+errstr.o: ../include/lhash.h ../include/md2.h ../include/md5.h
+errstr.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
+errstr.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+errstr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
+errstr.o: ../include/ssl.h ../include/ssl2.h ../include/ssl23.h
+errstr.o: ../include/ssl3.h ../include/stack.h ../include/tls1.h
+errstr.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+gendh.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+gendh.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+gendh.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+gendh.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+gendh.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+gendh.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+gendh.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
+gendh.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+gendh.o: ../include/rsa.h ../include/sha.h ../include/stack.h ../include/x509.h
+gendh.o: ../include/x509_vfy.h apps.h progs.h
+gendsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+gendsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+gendsa.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+gendsa.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+gendsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+gendsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+gendsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
+gendsa.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
+gendsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
+gendsa.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
+gendsa.o: progs.h
+genrsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+genrsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+genrsa.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+genrsa.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+genrsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+genrsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+genrsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
+genrsa.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
+genrsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
+genrsa.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
+genrsa.o: progs.h
+nseq.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+nseq.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+nseq.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+nseq.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+nseq.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+nseq.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+nseq.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+nseq.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
+nseq.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
+nseq.o: progs.h
+openssl.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+openssl.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+openssl.o: ../include/conf.h ../include/crypto.h ../include/des.h
+openssl.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h
+openssl.o: ../include/evp.h ../include/idea.h ../include/lhash.h
+openssl.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+openssl.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+openssl.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
+openssl.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+openssl.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
+openssl.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
+openssl.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
+openssl.o: progs.h s_apps.h
+pkcs7.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+pkcs7.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+pkcs7.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+pkcs7.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+pkcs7.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+pkcs7.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+pkcs7.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+pkcs7.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
+pkcs7.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
+pkcs7.o: progs.h
+req.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+req.o: ../include/buffer.h ../include/cast.h ../include/conf.h
+req.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+req.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+req.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
+req.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+req.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h ../include/rc2.h
+req.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h ../include/rsa.h
+req.o: ../include/sha.h ../include/stack.h ../include/x509.h
+req.o: ../include/x509_vfy.h ../include/x509v3.h apps.h progs.h
+rsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
+rsa.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
+rsa.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
+rsa.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
+rsa.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+rsa.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+rsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+rsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
+rsa.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+s_cb.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+s_cb.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+s_cb.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+s_cb.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+s_cb.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
+s_cb.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h
+s_cb.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+s_cb.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
+s_cb.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
+s_cb.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
+s_cb.o: progs.h s_apps.h
+s_client.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+s_client.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+s_client.o: ../include/crypto.h ../include/des.h ../include/dh.h
+s_client.o: ../include/dsa.h ../include/e_os.h ../include/err.h
+s_client.o: ../include/evp.h ../include/idea.h ../include/lhash.h
+s_client.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+s_client.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+s_client.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
+s_client.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+s_client.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
+s_client.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
+s_client.o: ../include/stack.h ../include/tls1.h ../include/x509.h
+s_client.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
+s_server.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+s_server.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+s_server.o: ../include/crypto.h ../include/des.h ../include/dh.h
+s_server.o: ../include/dsa.h ../include/e_os.h ../include/err.h
+s_server.o: ../include/evp.h ../include/idea.h ../include/lhash.h
+s_server.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+s_server.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+s_server.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
+s_server.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+s_server.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
+s_server.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
+s_server.o: ../include/stack.h ../include/tls1.h ../include/x509.h
+s_server.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
+s_socket.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+s_socket.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+s_socket.o: ../include/crypto.h ../include/des.h ../include/dh.h
+s_socket.o: ../include/dsa.h ../include/e_os.h ../include/evp.h
+s_socket.o: ../include/idea.h ../include/lhash.h ../include/md2.h
+s_socket.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+s_socket.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h
+s_socket.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+s_socket.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
+s_socket.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
+s_socket.o: ../include/stack.h ../include/tls1.h ../include/x509.h
+s_socket.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
+s_time.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+s_time.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+s_time.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+s_time.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+s_time.o: ../include/lhash.h ../include/md2.h ../include/md5.h
+s_time.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
+s_time.o: ../include/pem.h ../include/pem2.h ../include/pkcs7.h
+s_time.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
+s_time.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
+s_time.o: ../include/ssl.h ../include/ssl2.h ../include/ssl23.h
+s_time.o: ../include/ssl3.h ../include/stack.h ../include/tls1.h
+s_time.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h s_apps.h
+sess_id.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+sess_id.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+sess_id.o: ../include/crypto.h ../include/des.h ../include/dh.h
+sess_id.o: ../include/dsa.h ../include/e_os.h ../include/err.h ../include/evp.h
+sess_id.o: ../include/idea.h ../include/lhash.h ../include/md2.h
+sess_id.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
+sess_id.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
+sess_id.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+sess_id.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h
+sess_id.o: ../include/sha.h ../include/ssl.h ../include/ssl2.h
+sess_id.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
+sess_id.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
+sess_id.o: progs.h
+speed.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+speed.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+speed.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+speed.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/hmac.h
+speed.o: ../include/idea.h ../include/md2.h ../include/md5.h ../include/mdc2.h
+speed.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h
+speed.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
+speed.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
+speed.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h progs.h
+verify.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+verify.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+verify.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+verify.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+verify.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+verify.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+verify.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
+verify.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
+verify.o: ../include/rsa.h ../include/sha.h ../include/stack.h
+verify.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
+version.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+version.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+version.o: ../include/crypto.h ../include/des.h ../include/dh.h
+version.o: ../include/dsa.h ../include/e_os.h ../include/evp.h
+version.o: ../include/idea.h ../include/md2.h ../include/md5.h
+version.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
+version.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
+version.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
+version.o: ../include/stack.h apps.h progs.h
+x509.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
+x509.o: ../include/bn.h ../include/buffer.h ../include/cast.h
+x509.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
+x509.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
+x509.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
+x509.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
+x509.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
+x509.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
+x509.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h
+x509.o: ../include/x509v3.h apps.h progs.h

apps/apps.c

@@ -1,5 +1,5 @@
 /* apps/apps.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -65,13 +65,8 @@
 #include "apps.h"
 #undef NON_MAIN
 
-#ifdef WIN16
-#define APPS_WIN16
-#ifdef FLAT_BUILD
-#include "bss_file.c"
-#else
-#include "../crypto/bio/bss_file.c"
-#endif
+#ifdef WINDOWS
+#  include "bss_file.c"
 #endif
 
 #ifndef NOPROTO

apps/apps.h

@@ -1,5 +1,5 @@
 /* apps/apps.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,18 +59,14 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#ifdef FLAT_INC
 #include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
 
 #include "buffer.h"
 #include "bio.h"
 #include "crypto.h"
 #include "progs.h"
 
-#ifdef WIN16
+#ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif
 

apps/asn1pars.c

@@ -1,5 +1,5 @@
 /* apps/asn1pars.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,6 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
+/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
+ * add the -strparse option which parses nested binary structures
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -65,16 +69,12 @@
 #include "x509.h"
 #include "pem.h"
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -in arg	- input file - default stdin
  * -i		- indent the details by depth
  * -offset	- where in the file to start
  * -length	- how many bytes to use
+ * -oid file	- extra oid decription file
  */
 
 #undef PROG
@@ -84,26 +84,33 @@ int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
-	int i,badops=0,offset=0,ret=1;
+	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
-	long num;
+	long num,tmplen;
 	BIO *in=NULL,*out=NULL,*b64=NULL;
 	int informat,indent=0;
-	char *infile,*str=NULL,*prog;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
+	STACK *osk=NULL;
+	ASN1_TYPE *at=NULL;
 
-	infile=NULL;
 	informat=FORMAT_PEM;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	prog=argv[0];
 	argc--;
 	argv++;
+	if ((osk=sk_new_null()) == NULL)
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto end;
+		}
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
@@ -120,6 +127,11 @@ char **argv;
 			{
 			indent=1;
 			}
+		else if (strcmp(*argv,"-oid") == 0)
+			{
+			if (--argc < 1) goto bad;
+			oidfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-offset") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -131,6 +143,11 @@ char **argv;
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
+		else if (strcmp(*argv,"-strparse") == 0)
+			{
+			if (--argc < 1) goto bad;
+			sk_push(osk,*(++argv));
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -147,10 +164,14 @@ bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   lenth of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
+		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
+		BIO_printf(bio_err," -strparse offset\n");
+		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
+		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
 		goto end;
 		}
 
@@ -163,7 +184,19 @@ bad:
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (oidfile != NULL)
+		{
+		if (BIO_read_filename(in,oidfile) <= 0)
+			{
+			BIO_printf(bio_err,"problems opening %s\n",oidfile);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		OBJ_create_objects(in);
+		}
+
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
@@ -200,6 +233,36 @@ bad:
 		}
 	str=buf->data;
 
+	/* If any structs to parse go through in sequence */
+
+	if (sk_num(osk))
+		{
+		tmpbuf=(unsigned char *)str;
+		tmplen=num;
+		for (i=0; i<sk_num(osk); i++)
+			{
+			j=atoi(sk_value(osk,i));
+			if (j == 0)
+				{
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+				continue;
+				}
+			tmpbuf+=j;
+			tmplen-=j;
+			if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
+				{
+				BIO_printf(bio_err,"Error parsing structure\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			/* hmm... this is a little evil but it works */
+			tmpbuf=at->value.asn1_string->data;
+			tmplen=at->value.asn1_string->length;
+			}
+		str=(char *)tmpbuf;
+		num=tmplen;
+		}
+
 	if (length == 0) length=(unsigned int)num;
 	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
@@ -214,6 +277,9 @@ end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
+	if (at != NULL) ASN1_TYPE_free(at);
+	if (osk != NULL) sk_free(osk);
+	OBJ_cleanup();
 	EXIT(ret);
 	}
 

apps/ca-cert.srl

@@ -1 +1 @@
-03
+05

apps/ca.c

@@ -1,5 +1,5 @@
 /* apps/ca.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -70,6 +70,7 @@
 #include "txt_db.h"
 #include "evp.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "objects.h"
 #include "pem.h"
 #include "conf.h"
@@ -82,7 +83,7 @@
 #define PROG ca_main
 
 #define BASE_SECTION	"ca"
-#define CONFIG_FILE "lib/ssleay.cnf"
+#define CONFIG_FILE "lib/openssl.cnf"
 
 #define ENV_DEFAULT_CA		"default_ca"
 
@@ -97,12 +98,14 @@
 #define ENV_PRIVATE_KEY		"private_key"
 #define ENV_RANDFILE		"RANDFILE"
 #define ENV_DEFAULT_DAYS 	"default_days"
+#define ENV_DEFAULT_STARTDATE 	"default_startdate"
 #define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
 #define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
 #define ENV_DEFAULT_MD		"default_md"
 #define ENV_PRESERVE		"preserve"
 #define ENV_POLICY      	"policy"
 #define ENV_EXTENSIONS      	"x509_extensions"
+#define ENV_CRLEXT      	"crl_extensions"
 #define ENV_MSIE_HACK		"msie_hack"
 
 #define ENV_DATABASE		"database"
@@ -133,15 +136,16 @@ static char *ca_usage[]={
 " -policy arg     - The CA 'policy' to support\n",
 " -keyfile arg    - PEM private key file\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
-" -cert           - The CA certificate\n",
+" -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
 " -out file       - Where to put the output file(s)\n",
 " -outdir dir     - Where to put output certificates\n",
 " -infiles ....   - The last argument, requests to process\n",
 " -spkac file     - File contains DN and signed public key and challenge\n",
+" -ss_cert file   - File contains a self signed cert to sign\n",
 " -preserveDN     - Don't re-order the DN\n",
 " -batch	  - Don't ask questions\n",
-" -msie_hack	  - msie modifications to handle all thos universal strings\n",
+" -msie_hack	  - msie modifications to handle all those universal strings\n",
 NULL
 };
 
@@ -152,7 +156,7 @@ extern int EF_ALIGNMENT;
 #endif
 
 #ifndef NOPROTO
-static STACK *load_extensions(char *section);
+static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static int MS_CALLBACK key_callback(char *buf,int len,int verify);
 static unsigned long index_serial_hash(char **a);
@@ -163,19 +167,23 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days,
-	int batch, STACK *extensions,int verbose);
+	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+	int days, int batch, char *ext_sect, LHASH *conf,int verbose);
+static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+	int days,int batch,char *ext_sect, LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days,
-	STACK *extensions,int verbose);
+	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
+	int days,char *ext_sect,LHASH *conf,int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
-	STACK *policy, TXT_DB *db, BIGNUM *serial, int days, int batch,
-	int verbose, X509_REQ *req, STACK *extensions);
+	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
+	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,
+	LHASH *conf);
 static int check_time_format(char *str);
 #else
-static STACK *load_extensions();
+static int add_oid_section();
 static void lookup_fail();
 static int MS_CALLBACK key_callback();
 static unsigned long index_serial_hash();
@@ -187,6 +195,7 @@ static int fix_data();
 static BIGNUM *load_serial();
 static int save_serial();
 static int certify();
+static int certify_cert();
 static int certify_spkac();
 static void write_new_certificate();
 static int do_body();
@@ -221,13 +230,16 @@ char **argv;
 	char *certfile=NULL;
 	char *infile=NULL;
 	char *spkac_file=NULL;
+	char *ss_cert_file=NULL;
 	EVP_PKEY *pkey=NULL;
 	int output_der = 0;
 	char *outfile=NULL;
 	char *outdir=NULL;
 	char *serialfile=NULL;
 	char *extensions=NULL;
+	char *crl_ext=NULL;
 	BIGNUM *serial=NULL;
+	char *startdate=NULL;
 	int days=0;
 	int batch=0;
 	X509 *x509=NULL;
@@ -243,7 +255,6 @@ char **argv;
 	long l;
 	EVP_MD *dgst=NULL;
 	STACK *attribs=NULL;
-	STACK *extensions_sk=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
 #undef BSIZE
@@ -258,12 +269,12 @@ EF_ALIGNMENT=0;
 
 	apps_startup();
 
-	X509v3_add_netscape_extensions();
+	X509V3_add_standard_extensions();
 
 	preserve=0;
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argc--;
 	argv++;
@@ -281,6 +292,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			section= *(++argv);
 			}
+		else if (strcmp(*argv,"-startdate") == 0)
+			{
+			if (--argc < 1) goto bad;
+			startdate= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -352,6 +368,12 @@ EF_ALIGNMENT=0;
 			req=1;
 			break;
 			}
+		else if (strcmp(*argv, "-ss_cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ss_cert_file = *(++argv);
+			req=1;
+			}
 		else if (strcmp(*argv, "-spkac") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -412,6 +434,34 @@ bad:
 			}
 		}
 
+	if (conf != NULL)
+		{
+		p=CONF_get_string(conf,NULL,"oid_file");
+		if (p != NULL)
+			{
+			BIO *oid_bio;
+
+			oid_bio=BIO_new_file(p,"r");
+			if (oid_bio == NULL) 
+				{
+				/*
+				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+				ERR_print_errors(bio_err);
+				*/
+				ERR_clear_error();
+				}
+			else
+				{
+				OBJ_create_objects(oid_bio);
+				BIO_free(oid_bio);
+				}
+			}
+		}
+		if(!add_oid_section(conf)) {
+			ERR_print_errors(bio_err);
+			goto err;
+		}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	Sout=BIO_new(BIO_s_file());
@@ -471,6 +521,12 @@ bad:
 		goto err;
 		}
 
+	if (!X509_check_private_key(x509,pkey))
+		{
+		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+		goto err;
+		}
+
 	f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		preserve=1;
@@ -570,7 +626,7 @@ bad:
 		}
 	if (verbose)
 		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE); /* cannot fail */
+		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
@@ -605,7 +661,7 @@ bad:
 				}
 			}
 		else
-			BIO_set_fp(Sout,stdout,BIO_NOCLOSE);
+			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
 		}
 
 	if (req)
@@ -640,12 +696,33 @@ bad:
 			goto err;
 			}
 
-		if ((extensions=CONF_get_string(conf,section,ENV_EXTENSIONS))
-			!= NULL)
-			{
-			if ((extensions_sk=load_extensions(extensions)) == NULL)
+		extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+		if(extensions) {
+			/* Check syntax of file */
+			if(!X509V3_EXT_check_conf(conf, extensions)) {
+				BIO_printf(bio_err,
+				 "Error Loading extension section %s\n",
+								 extensions);
+				ret = 1;
 				goto err;
 			}
+		}
+
+		if (startdate == NULL)
+			{
+			startdate=(char *)CONF_get_string(conf,section,
+				ENV_DEFAULT_STARTDATE);
+			if (startdate == NULL)
+				startdate="today";
+			else
+				{
+				if (!ASN1_UTCTIME_set_string(NULL,startdate))
+					{
+					BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
+					goto err;
+					}
+				}
+			}
 
 		if (days == 0)
 			{
@@ -665,7 +742,7 @@ bad:
 			}
 		if (verbose)
 			{
-			if ((f=BN_bn2ascii(serial)) == NULL) goto err;
+			if ((f=BN_bn2hex(serial)) == NULL) goto err;
 			BIO_printf(bio_err,"next serial number is %s\n",f);
 			Free(f);
 			}
@@ -685,7 +762,7 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,days,extensions_sk,verbose);
+				serial,startdate,days,extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -704,11 +781,31 @@ bad:
 					}
 				}
 			}
+		if (ss_cert_file != NULL)
+			{
+			total++;
+			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
+				db,serial,startdate,days,batch,
+				extensions,conf,verbose);
+			if (j < 0) goto err;
+			if (j > 0)
+				{
+				total_done++;
+				BIO_printf(bio_err,"\n");
+				if (!BN_add_word(serial,1)) goto err;
+				if (!sk_push(cert_sk,(char *)x))
+					{
+					BIO_printf(bio_err,"Malloc failure\n");
+					goto err;
+					}
+				}
+			}
 		if (infile != NULL)
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
-				serial,days,batch,extensions_sk,verbose);
+				serial,startdate,days,batch,
+				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -726,7 +823,8 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
-				serial,days,batch,extensions_sk,verbose);
+				serial,startdate,days,batch,
+				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -798,7 +896,7 @@ bad:
 				{
 				for (k=0; k<j; k++)
 					{
-					sprintf((char *)n,"%02X",*(p++));
+					sprintf((char *)n,"%02X",(unsigned char)*(p++));
 					n+=2;
 					}
 				}
@@ -870,6 +968,17 @@ bad:
 	/*****************************************************************/
 	if (gencrl)
 		{
+		crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+		if(crl_ext) {
+			/* Check syntax of file */
+			if(!X509V3_EXT_check_conf(conf, crl_ext)) {
+				BIO_printf(bio_err,
+				 "Error Loading CRL extension section %s\n",
+								 crl_ext);
+				ret = 1;
+				goto err;
+			}
+		}
 		if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
 
 		if (!crldays && !crlhours)
@@ -893,6 +1002,8 @@ bad:
 		if (ci->issuer == NULL) goto err;
 
 		X509_gmtime_adj(ci->lastUpdate,0);
+		if (ci->nextUpdate == NULL)
+			ci->nextUpdate=ASN1_UTCTIME_new();
 		X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
 
 		for (i=0; i<sk_num(db->data); i++)
@@ -925,7 +1036,7 @@ bad:
 			r->sequence=i;
 			}
 
-		/* we how have a CRL */
+		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
 		if (md != NULL)
 			{
@@ -936,7 +1047,32 @@ bad:
 				}
 			}
 		else
+		    {
+#ifndef NO_DSA
+		    if (pkey->type == EVP_PKEY_DSA) 
+			dgst=EVP_dss1();
+		    else
+#endif
 			dgst=EVP_md5();
+		    }
+
+		/* Add any extensions asked for */
+
+		if(crl_ext) {
+		    X509V3_CTX crlctx;
+		    if (ci->version == NULL)
+		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
+		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
+		    crlctx.crl = crl;
+		    crlctx.issuer_cert = x509;
+		    crlctx.subject_cert = NULL;
+		    crlctx.subject_req = NULL;
+		    crlctx.flags = 0;
+
+		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+						 crl_ext, crl)) goto err;
+		}
+
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
 		PEM_write_bio_X509_CRL(Sout,crl);
@@ -944,24 +1080,23 @@ bad:
 	/*****************************************************************/
 	ret=0;
 err:
-	if (hex != NULL) BIO_free(hex);
-	if (Cout != NULL) BIO_free(Cout);
-	if (Sout != NULL) BIO_free(Sout);
-	if (out != NULL) BIO_free(out);
-	if (in != NULL) BIO_free(in);
+	BIO_free(hex);
+	BIO_free(Cout);
+	BIO_free(Sout);
+	BIO_free(out);
+	BIO_free(in);
 
-	if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
-	if (extensions_sk != NULL)
-		sk_pop_free(extensions_sk,X509_EXTENSION_free);
+	sk_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
-	if (serial != NULL) BN_free(serial);
-	if (db != NULL) TXT_DB_free(db);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (x509 != NULL) X509_free(x509);
-	if (crl != NULL) X509_CRL_free(crl);
-	if (conf != NULL) CONF_free(conf);
-	X509v3_cleanup_extensions();
+	BN_free(serial);
+	TXT_DB_free(db);
+	EVP_PKEY_free(pkey);
+	X509_free(x509);
+	X509_CRL_free(crl);
+	CONF_free(conf);
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
 	EXIT(ret);
 	}
 
@@ -1092,8 +1227,8 @@ err:
 	return(ret);
 	}
 
-static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,days,
-	batch,extensions,verbose)
+static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
+		   batch,ext_sect,lconf,verbose)
 X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
@@ -1102,9 +1237,11 @@ EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
+char *startdate;
 int days;
 int batch;
-STACK *extensions;
+char *ext_sect;
+LHASH *lconf;
 int verbose;
 	{
 	X509_REQ *req=NULL;
@@ -1130,21 +1267,13 @@ int verbose;
 
 	BIO_printf(bio_err,"Check that the request matches the signature\n");
 
-	if (	(req->req_info == NULL) ||
-		(req->req_info->pubkey == NULL) ||
-		(req->req_info->pubkey->public_key == NULL) ||
-		(req->req_info->pubkey->public_key->data == NULL))
-		{
-		BIO_printf(bio_err,"The certificate request appears to corrupted\n");
-		BIO_printf(bio_err,"It does not contain a public key\n");
-		goto err;
-		}
 	if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
 		{
 		BIO_printf(bio_err,"error unpacking public key\n");
 		goto err;
 		}
 	i=X509_REQ_verify(req,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (i < 0)
 		{
 		ok=0;
@@ -1160,8 +1289,8 @@ int verbose;
 	else
 		BIO_printf(bio_err,"Signature ok\n");
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req,
-		extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+		days,batch,verbose,req,ext_sect,lconf);
 
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -1169,8 +1298,83 @@ err:
 	return(ok);
 	}
 
-static int do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req,
-	extensions)
+static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
+			days,batch,ext_sect,lconf,verbose)
+X509 **xret;
+char *infile;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+char *startdate;
+int days;
+int batch;
+char *ext_sect;
+LHASH *lconf;
+int verbose;
+	{
+	X509 *req=NULL;
+	X509_REQ *rreq=NULL;
+	BIO *in=NULL;
+	EVP_PKEY *pktmp=NULL;
+	int ok= -1,i;
+
+	in=BIO_new(BIO_s_file());
+
+	if (BIO_read_filename(in,infile) <= 0)
+		{
+		perror(infile);
+		goto err;
+		}
+	if ((req=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+		{
+		BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+		goto err;
+		}
+	if (verbose)
+		X509_print(bio_err,req);
+
+	BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+	if ((pktmp=X509_get_pubkey(req)) == NULL)
+		{
+		BIO_printf(bio_err,"error unpacking public key\n");
+		goto err;
+		}
+	i=X509_verify(req,pktmp);
+	EVP_PKEY_free(pktmp);
+	if (i < 0)
+		{
+		ok=0;
+		BIO_printf(bio_err,"Signature verification problems....\n");
+		goto err;
+		}
+	if (i == 0)
+		{
+		ok=0;
+		BIO_printf(bio_err,"Signature did not match the certificate\n");
+		goto err;
+		}
+	else
+		BIO_printf(bio_err,"Signature ok\n");
+
+	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
+		goto err;
+
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+		batch,verbose,rreq,ext_sect,lconf);
+
+err:
+	if (rreq != NULL) X509_REQ_free(rreq);
+	if (req != NULL) X509_free(req);
+	if (in != NULL) BIO_free(in);
+	return(ok);
+	}
+
+static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+		   batch,verbose,req,ext_sect,lconf)
 X509 **xret;
 EVP_PKEY *pkey;
 X509 *x509;
@@ -1178,21 +1382,22 @@ EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
+char *startdate;
 int days;
 int batch;
 int verbose;
 X509_REQ *req;
-STACK *extensions;
+char *ext_sect;
+LHASH *lconf;
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
-	ASN1_UTCTIME *tm;
+	ASN1_UTCTIME *tm,*tmptm;
 	ASN1_STRING *str,*str2;
 	ASN1_OBJECT *obj;
 	X509 *ret=NULL;
 	X509_CINF *ci;
 	X509_NAME_ENTRY *ne;
 	X509_NAME_ENTRY *tne,*push;
-	X509_EXTENSION *ex=NULL;
 	EVP_PKEY *pktmp;
 	int ok= -1,i,j,last,nid;
 	char *p;
@@ -1200,6 +1405,13 @@ STACK *extensions;
 	char *row[DB_NUMBER],**rrow,**irow=NULL;
 	char buf[25],*pbuf;
 
+	tmptm=ASN1_UTCTIME_new();
+	if (tmptm == NULL)
+		{
+		BIO_printf(bio_err,"malloc error\n");
+		return(0);
+		}
+
 	for (i=0; i<DB_NUMBER; i++)
 		row[i]=NULL;
 
@@ -1399,7 +1611,7 @@ again2:
 		BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
 
 	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-	row[DB_serial]=BN_bn2ascii(serial);
+	row[DB_serial]=BN_bn2hex(serial);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
 		BIO_printf(bio_err,"Malloc failure\n");
@@ -1471,19 +1683,30 @@ again2:
 		goto err;
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
-	X509_gmtime_adj(X509_get_notBefore(ret),0);
-	X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+	if (strcmp(startdate,"today") == 0)
+		{
+		X509_gmtime_adj(X509_get_notBefore(ret),0);
+		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+		}
+	else
+		{
+		/*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
+		ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+		}
 	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
 	BIO_printf(bio_err," (%d days)\n",days);
 
 	if (!X509_set_subject_name(ret,subject)) goto err;
 
 	pktmp=X509_REQ_get_pubkey(req);
-	if (!X509_set_pubkey(ret,pktmp)) goto err;
+	i = X509_set_pubkey(ret,pktmp);
+	EVP_PKEY_free(pktmp);
+	if (!i) goto err;
 
 	/* Lets add the extensions, if there are any */
-	if ((extensions != NULL) && (sk_num(extensions) > 0))
+	if (ext_sect)
 		{
+		X509V3_CTX ctx;
 		if (ci->version == NULL)
 			if ((ci->version=ASN1_INTEGER_new()) == NULL)
 				goto err;
@@ -1494,17 +1717,16 @@ again2:
 		if (ci->extensions != NULL)
 			sk_pop_free(ci->extensions,X509_EXTENSION_free);
 
-		if ((ci->extensions=sk_new_null()) == NULL)
-			goto err;
+		ci->extensions = NULL;
+
+		ctx.subject_cert = ret;
+		ctx.issuer_cert = x509;
+		ctx.subject_req = req;
+		ctx.crl = NULL;
+		ctx.flags = 0;
+
+		if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 
-		/* Lets 'copy' in the new ones */
-		for (i=0; i<sk_num(extensions); i++)
-			{
-			ex=X509_EXTENSION_dup((X509_EXTENSION *)
-				sk_value(extensions,i));
-			if (ex == NULL) goto err;
-			if (!sk_push(ci->extensions,(char *)ex)) goto err;
-			}
 		}
 
 
@@ -1522,11 +1744,14 @@ again2:
 			}
 		}
 
+
 #ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
         pktmp=X509_get_pubkey(ret);
         if (EVP_PKEY_missing_parameters(pktmp) &&
 		!EVP_PKEY_missing_parameters(pkey))
 		EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_free(pktmp);
 #endif
 
 	if (!X509_sign(ret,pkey,dgst))
@@ -1623,8 +1848,8 @@ int output_der;
 	BIO_puts(bp,"\n");
 	}
 
-static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,days,
-	extensions,verbose)
+static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
+			 startdate,days,ext_sect,lconf,verbose)
 X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
@@ -1633,8 +1858,10 @@ EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
+char *startdate;
 int days;
-STACK *extensions;
+char *ext_sect;
+LHASH *lconf;
 int verbose;
 	{
 	STACK *sk=NULL;
@@ -1778,8 +2005,9 @@ int verbose;
 	BIO_printf(bio_err,"Signature ok\n");
 
 	X509_REQ_set_pubkey(req,pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,1,verbose,req,
-		extensions);
+	EVP_PKEY_free(pktmp);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+		   days,1,verbose,req,ext_sect,lconf);
 err:
 	if (req != NULL) X509_REQ_free(req);
 	if (parms != NULL) CONF_free(parms);
@@ -1807,102 +2035,6 @@ int *type;
 	return(1);
 	}
 
-
-static STACK *load_extensions(sec)
-char *sec;
-	{
-	STACK *ext;
-	STACK *ret=NULL;
-	CONF_VALUE *cv;
-	ASN1_OCTET_STRING *str=NULL;
-	ASN1_STRING *tmp=NULL;
-	X509_EXTENSION *x;
-	BIO *mem=NULL;
-	BUF_MEM *buf=NULL;
-	int i,nid,len;
-	unsigned char *ptr;
-	int pack_type;
-	int data_type;
-
-	if ((ext=CONF_get_section(conf,sec)) == NULL)
-		{
-		BIO_printf(bio_err,"unable to find extension section called '%s'\n",sec);
-		return(NULL);
-		}
-
-	if ((ret=sk_new_null()) == NULL) return(NULL);
-
-	for (i=0; i<sk_num(ext); i++)
-		{
-		cv=(CONF_VALUE *)sk_value(ext,i); /* get the object id */
-		if ((nid=OBJ_txt2nid(cv->name)) == NID_undef)
-			{
-			BIO_printf(bio_err,"%s:unknown object type in section, '%s'\n",sec,cv->name);
-			goto err;
-			}
-
-		pack_type=X509v3_pack_type_by_NID(nid);
-		data_type=X509v3_data_type_by_NID(nid);
-
-		/* pack up the input bytes */
-		ptr=(unsigned char *)cv->value;
-		len=strlen((char *)ptr);
-		if ((len > 2) && (cv->value[0] == '0') &&
-			(cv->value[1] == 'x'))
-			{
-			if (data_type == V_ASN1_UNDEF)
-				{
-				BIO_printf(bio_err,"data type for extension %s is unknown\n",cv->name);
-				goto err;
-				}
-			if (mem == NULL)
-				if ((mem=BIO_new(BIO_s_mem())) == NULL)
-					goto err;
-			if (((buf=BUF_MEM_new()) == NULL) ||
-				!BUF_MEM_grow(buf,128))
-				goto err;
-			if ((tmp=ASN1_STRING_new()) == NULL) goto err;
-
-			BIO_reset(mem);
-			BIO_write(mem,(char *)&(ptr[2]),len-2);
-			if (!a2i_ASN1_STRING(mem,tmp,buf->data,buf->max))
-				goto err;
-			len=tmp->length;
-			ptr=tmp->data;
-			}
-
-		switch (pack_type)
-			{
-		case X509_EXT_PACK_STRING:
-			if ((str=X509v3_pack_string(&str,
-				data_type,ptr,len)) == NULL)
-				goto err;
-			break;
-		case X509_EXT_PACK_UNKNOWN:
-		default:
-			BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
-			goto err;
-			break;
-			}
-
-		if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)
-			goto err;
-		sk_push(ret,(char *)x);
-		}
-
-	if (0)
-		{
-err:
-		if (ret != NULL) sk_pop_free(ret,X509_EXTENSION_free);
-		ret=NULL;
-		}
-	if (str != NULL) ASN1_OCTET_STRING_free(str);
-	if (tmp != NULL) ASN1_STRING_free(tmp);
-	if (buf != NULL) BUF_MEM_free(buf);
-	if (mem != NULL) BIO_free(mem);
-	return(ret);
-	}
-
 static int check_time_format(str)
 char *str;
 	{
@@ -1914,3 +2046,25 @@ char *str;
 	return(ASN1_UTCTIME_check(&tm));
 	}
 
+static int add_oid_section(hconf)
+LHASH *hconf;
+{	
+	char *p;
+	STACK *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(hconf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_num(sktmp); i++) {
+		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}

apps/cert.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----

apps/ciphers.c

@@ -1,5 +1,5 @@
 /* apps/ciphers.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"

apps/crl.c

@@ -1,5 +1,5 @@
 /* apps/crl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -63,6 +63,7 @@
 #include "bio.h"
 #include "err.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "pem.h"
 
 #undef PROG
@@ -71,11 +72,6 @@
 #undef POSTFIX
 #define	POSTFIX	".rvk"
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
@@ -109,15 +105,14 @@ char **argv;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	char *str=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	char **pp,buf[256];
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
@@ -148,10 +143,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-text") == 0)
-			{
-			outformat=FORMAT_TEXT;
-			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -162,6 +153,8 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -182,14 +175,6 @@ char **argv;
 		argv++;
 		}
 
-	if (outformat == FORMAT_TEXT)
-		{
-		num=0;
-		issuer= ++num;
-		lastupdate= ++num;
-		nextupdate= ++num;
-		}
-
 	if (badops)
 		{
 bad:
@@ -199,6 +184,7 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
 
@@ -209,25 +195,28 @@ bad:
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",str);
+				BIO_printf(bio_out,"issuer= %s\n",buf);
 				}
 
 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
+				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"lastUpdate=");
+				ASN1_TIME_print(bio_out,x->crl->lastUpdate);
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"nextUpdate=");
+				if (x->crl->nextUpdate != NULL)
+					ASN1_TIME_print(bio_out,x->crl->nextUpdate);
+				else
+					BIO_printf(bio_out,"NONE");
+				BIO_printf(bio_out,"\n");
 				}
 			}
 		}
@@ -252,24 +241,11 @@ bad:
 			}
 		}
 
+	if (text) X509_CRL_print(out, x);
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-	else if (outformat == FORMAT_TEXT)
-		{
-		X509_REVOKED *r;
-
-		while ((r=(X509_REVOKED *)sk_pop(x->crl->revoked)) != NULL)
-			{
-			fprintf(stdout,"revoked: serialNumber=");
-			i2a_ASN1_INTEGER(out,r->serialNumber);
-			fprintf(stdout," revocationDate=");
-			ASN1_UTCTIME_print(bio_out,r->revocationDate);
-			fprintf(stdout,"\n");
-			}
-		i=1;
-		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -278,9 +254,10 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
+	BIO_free(out);
+	BIO_free(bio_out);
+	X509_CRL_free(x);
+	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
@@ -324,7 +301,7 @@ int format;
 		}
 	
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}
 

apps/crl2p7.c

@@ -1,5 +1,5 @@
 /* apps/crl2p7.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -98,6 +98,7 @@ char **argv;
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
+	STACK *certflst=NULL;
 	STACK *crl_stack=NULL;
 	STACK *cert_stack=NULL;
 	int ret=1,nocrl=0;
@@ -106,13 +107,12 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
-	certfile=NULL;
 
 	prog=argv[0];
 	argc--;
@@ -146,7 +146,8 @@ char **argv;
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			certfile= *(++argv);
+			if(!certflst) certflst = sk_new(NULL);
+			sk_push(certflst,*(++argv));
 			}
 		else
 			{
@@ -165,9 +166,10 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		EXIT(1);
 		}
@@ -229,15 +231,17 @@ bad:
 	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;
 
-	if (certfile != NULL) 
-		{
+	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
+		certfile = sk_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
-			BIO_printf(bio_err,"error loading certificates\n");
+			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-		}
+	}
+
+	sk_free(certflst);
 
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -297,19 +301,23 @@ char *certfile;
 
 	if ((stat(certfile,&st) != 0))
 		{
-		BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
 	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
 		{
+		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
 
 	/* This loads from a file, a stack of x509/crl/pkey sets */
 	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
-	if (sk == NULL) goto end;
+	if (sk == NULL) {
+		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+		goto end;
+	}
 
 	/* scan over it and pull out the CRL's */
 	while (sk_num(sk))

apps/der_chop

@@ -42,13 +42,13 @@ $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 
 # this was the 0.5.x way of doing things ...
-$cmd="ssleay asn1parse";
-$x509_cmd="ssleay x509";
-$crl_cmd="ssleay crl";
-$rc4_cmd="ssleay rc4";
-$md2_cmd="ssleay md2";
-$md4_cmd="ssleay md4";
-$rsa_cmd="ssleay rsa -des -inform der ";
+$cmd="openssl asn1parse";
+$x509_cmd="openssl x509";
+$crl_cmd="openssl crl";
+$rc4_cmd="openssl rc4";
+$md2_cmd="openssl md2";
+$md4_cmd="openssl md4";
+$rsa_cmd="openssl rsa -des -inform der ";
 
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;

apps/dgst.c

@@ -1,5 +1,5 @@
 /* apps/dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -103,7 +103,7 @@ char **argv;
 		}
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
         program_name(argv[0],pname,PROG_NAME_SIZE);
@@ -135,17 +135,19 @@ char **argv;
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
 		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-c   to output debug info\n");
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm (default)\n",
+		BIO_printf(bio_err,"-d   to output debug info\n");
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
-		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
 		}

apps/dh.c

@@ -1,5 +1,5 @@
 /* apps/dh.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -95,7 +95,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -152,10 +152,10 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         check the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;

apps/dsa-ca.pem

@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

apps/dsa-pca.pem

@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

apps/dsa.c

@@ -1,5 +1,5 @@
 /* apps/dsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,7 +99,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -154,7 +154,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");

apps/dsap.pem

@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----

apps/dsaparam.c

@@ -1,5 +1,5 @@
 /* apps/dsaparam.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,10 +80,11 @@
  * -text
  * -C
  * -noout
+ * -genkey
  */
 
 #ifndef NOPROTO
-static void MS_CALLBACK dsa_cb(int p, int n);
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
 #else
 static void MS_CALLBACK dsa_cb();
 #endif
@@ -97,14 +98,14 @@ char **argv;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog,*inrand=NULL;
-	int numbits= -1,num;
+	int numbits= -1,num,genkey=0;
 	char buffer[200],*randfile=NULL;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -140,6 +141,8 @@ char **argv;
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
+		else if (strcmp(*argv,"-genkey") == 0)
+			genkey=1;
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -169,7 +172,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -text         check the DSA parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
@@ -217,7 +220,8 @@ bad:
 
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,dsa_cb);
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
+			dsa_cb,(char *)bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -314,6 +318,22 @@ bad:
 			goto end;
 			}
 		}
+	if (genkey)
+		{
+		DSA *dsakey;
+
+		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+		if (!DSA_generate_key(dsakey)) goto end;
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DSAPrivateKey_bio(out,dsakey);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		DSA_free(dsakey);
+		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
@@ -322,9 +342,10 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n)
+static void MS_CALLBACK dsa_cb(p, n, arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -332,8 +353,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif

apps/eay.c

@@ -1,5 +1,5 @@
 /* apps/eay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -88,7 +88,7 @@
 
 #define MONOLITH
 
-#include "ssleay.c"
+#include "openssl.c"
 #include "apps.c"
 #include "asn1pars.c"
 #ifndef NO_RSA

apps/enc.c

@@ -1,5 +1,5 @@
 /* apps/enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -96,7 +96,7 @@ char **argv;
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
-	int debug=0;
+	int debug=0,olb64=0;
 	EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
@@ -107,7 +107,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
         program_name(argv[0],pname,PROG_NAME_SIZE);
@@ -148,6 +148,8 @@ char **argv;
 			debug=1;
 		else if	(strcmp(*argv,"-P") == 0)
 			printkey=2;
+		else if	(strcmp(*argv,"-A") == 0)
+			olb64=1;
 		else if	(strcmp(*argv,"-a") == 0)
 			base64=1;
 		else if	(strcmp(*argv,"-base64") == 0)
@@ -280,6 +282,18 @@ bad:
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
+#endif
+#ifndef NO_BLOWFISH
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_cast5_ecb, LN_cast5_cbc,
+				LN_cast5_cfb64, LN_cast5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
+#endif
+#ifndef NO_BLOWFISH
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_rc5_ecb, LN_rc5_cbc,
+				LN_rc5_cfb64, LN_rc5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
 			goto end;
 			}
@@ -463,6 +477,8 @@ bad:
 			BIO_set_callback(b64,BIO_debug_callback);
 			BIO_set_callback_arg(b64,bio_err);
 			}
+		if (olb64)
+			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
 		if (enc)
 			wbio=BIO_push(b64,wbio);
 		else

apps/errstr.c

@@ -1,5 +1,5 @@
 /* apps/errstr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -80,7 +80,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	SSL_load_error_strings();
 

apps/f

@@ -1,5 +0,0 @@
-586
-2481
-
-1400
-2064

apps/g_ssleay.pl

@@ -1,110 +0,0 @@
-#!/usr/local/bin/perl
-
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
-
-grep(s/^asn1pars$/asn1parse/,@ARGV);
-
-foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
-
-print <<'EOF';
-
-#ifdef SSLEAY_SRC
-
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-
-typedef struct {
-	int type;
-	char *name;
-	int (*func)();
-	} FUNCTION;
-
-FUNCTION functions[] = {
-EOF
-
-foreach (@ARGV)
-	{
-	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
-	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
-		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
-	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
-		{ print "#ifndef NO_DH\n${str}#endif\n"; }
-	else
-		{ print $str; }
-	}
-
-foreach ("md2","md5","sha","sha1","mdc2")
-	{
-	push(@files,$_);
-	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
-	}
-
-foreach (
-	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
-	"des-ecb", "des-ede",    "des-ede3",
-	"des-cbc", "des-ede-cbc","des-ede3-cbc",
-	"des-cfb", "des-ede-cfb","des-ede3-cfb",
-	"des-ofb", "des-ede-ofb","des-ede3-ofb",
-	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
-	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
-	{
-	push(@files,$_);
-
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
-	print $t;
-	}
-
-print "\t{0,NULL,NULL}\n\t};\n";
-print "#endif\n\n";
-
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);

apps/gendh.c

@@ -1,5 +1,5 @@
 /* apps/gendh.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -74,7 +74,7 @@
 #define PROG gendh_main
 
 #ifndef NOPROTO
-static void MS_CALLBACK dh_cb(int p, int n);
+static void MS_CALLBACK dh_cb(int p, int n, char *arg);
 static long dh_load_rand(char *names);
 #else
 static void MS_CALLBACK dh_cb();
@@ -97,7 +97,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argv++;
 	argc--;
@@ -171,7 +171,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb);
+	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
 		
 	if (dh == NULL) goto end;
 
@@ -191,9 +191,10 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dh_cb(p, n)
+static void MS_CALLBACK dh_cb(p,n,arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -201,8 +202,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif

apps/gendsa.c

@@ -1,5 +1,5 @@
 /* apps/gendsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -85,16 +85,17 @@ char **argv;
 	{
 	char buffer[200];
 	DSA *dsa=NULL;
-	int ret=1,num=DEFBITS;
+	int ret=1;
 	char *outfile=NULL;
 	char *inrand=NULL,*randfile,*dsaparams=NULL;
 	BIO *out=NULL,*in=NULL;
+	EVP_CIPHER *enc=NULL;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argv++;
 	argc--;
@@ -117,6 +118,16 @@ char **argv;
 			{
 			dsaparams= *argv;
 			}
+#ifndef NO_DES
+		else if (strcmp(*argv,"-des") == 0)
+			enc=EVP_des_cbc();
+		else if (strcmp(*argv,"-des3") == 0)
+			enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+		else if (strcmp(*argv,"-idea") == 0)
+			enc=EVP_idea_cbc();
+#endif
 		else
 			goto bad;
 		argv++;
@@ -126,16 +137,25 @@ char **argv;
 	if (dsaparams == NULL)
 		{
 bad:
-		BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
-		BIO_printf(bio_err," -out file - output the key to 'file\n");
+		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
+		BIO_printf(bio_err," -out file - output the key to 'file'\n");
+#ifndef NO_DES
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#endif
+#ifndef NO_IDEA
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
+#endif
 		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
+		BIO_printf(bio_err," dsaparam-file\n");
+		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,"r")))
+	if (!(BIO_read_filename(in,dsaparams)))
 		{
 		perror(dsaparams);
 		goto end;
@@ -174,8 +194,8 @@ bad:
 			dsa_load_rand(inrand));
 		}
 
-	BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-	BIO_printf(bio_err,"This could take some time\n");
+	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+							BN_num_bits(dsa->p));
 	if (!DSA_generate_key(dsa)) goto end;
 
 	if (randfile == NULL)
@@ -183,7 +203,7 @@ bad:
 	else
 		RAND_write_file(randfile);
 
-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
+	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL))
 		goto end;
 	ret=0;
 end:

apps/genrsa.c

@@ -1,5 +1,5 @@
 /* apps/genrsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -75,7 +75,7 @@
 #define PROG genrsa_main
 
 #ifndef NOPROTO
-static void MS_CALLBACK genrsa_cb(int p, int n);
+static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
 static long gr_load_rand(char *names);
 #else
 static void MS_CALLBACK genrsa_cb();
@@ -101,7 +101,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to creat BIO for output\n");
@@ -201,7 +201,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb);
+	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
 		
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
@@ -234,9 +234,10 @@ err:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK genrsa_cb(p, n)
+static void MS_CALLBACK genrsa_cb(p, n, arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -244,8 +245,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif

apps/mklinks

@@ -1,7 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done

apps/nseq.c

@@ -0,0 +1,182 @@
+/* nseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "pem.h"
+#include "err.h"
+#include "apps.h"
+
+#undef PROG
+#define PROG nseq_main
+
+#ifdef NOPROTO
+static int dump_cert_text(BIO *out, X509 *x);
+#else
+static int dump_cert_text();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+{
+	char **args, *infile = NULL, *outfile = NULL;
+	BIO *in = NULL, *out = NULL;
+	int toseq = 0;
+	X509 *x509 = NULL;
+	NETSCAPE_CERT_SEQUENCE *seq = NULL;
+	int i, ret = 1;
+	int badarg = 0;
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	ERR_load_crypto_strings();
+        SSLeay_add_all_algorithms();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp (*args, "-toseq")) toseq = 1;
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
+		BIO_printf (bio_err, "Usage nseq [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+                BIO_printf (bio_err, "-in file  input file\n");
+                BIO_printf (bio_err, "-out file output file\n");
+                BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+		EXIT(1);
+	}
+
+	if (infile) {
+		if (!(in = BIO_new_file (infile, "r"))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			goto end;
+		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "w"))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			goto end;
+		}
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	if (toseq) {
+		seq = NETSCAPE_CERT_SEQUENCE_new();
+		seq->certs = sk_new(NULL);
+		while((x509 = PEM_read_bio_X509(in, NULL, NULL))) 
+					sk_push(seq->certs, (char *)x509);
+
+		if(!sk_num(seq->certs))
+		{
+			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+		ret = 0;
+		goto end;
+	}
+
+	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) {
+		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	for(i = 0; i < sk_num(seq->certs); i++) {
+		x509 = (X509 *) sk_value(seq->certs, i);
+		dump_cert_text(out, x509);
+		PEM_write_bio_X509(out, x509);
+	}
+	ret = 0;
+end:
+	BIO_free(in);
+	BIO_free(out);
+	NETSCAPE_CERT_SEQUENCE_free(seq);
+
+	EXIT(ret);
+}
+
+static int dump_cert_text(out, x)
+BIO *out;
+X509 *x;
+{
+        char buf[256];
+        X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+        BIO_puts(out,"subject=");
+        BIO_puts(out,buf);
+
+        X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+        BIO_puts(out,"\nissuer= ");
+        BIO_puts(out,buf);
+        BIO_puts(out,"\n");
+        return 0;
+}
+

apps/oid.cnf

@@ -0,0 +1,6 @@
+2.99999.1       SET.ex1         SET x509v3 extension 1
+2.99999.2       SET.ex2         SET x509v3 extension 2
+2.99999.3       SET.ex3         SET x509v3 extension 3
+2.99999.4       SET.ex4         SET x509v3 extension 4
+2.99999.5       SET.ex5         SET x509v3 extension 5
+2.99999.6       SET.ex6         SET x509v3 extension 6

apps/openssl.c

@@ -1,5 +1,5 @@
-/* apps/ssleay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* apps/openssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,14 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#define DEBUG
+#ifndef DEBUG
+#undef DEBUG
+#endif
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
 #include "bio.h"
 #include "crypto.h"
 #include "lhash.h"
@@ -78,19 +77,22 @@
 #include "s_apps.h"
 #include "err.h"
 
+/*
+#ifdef WINDOWS
+#include "bss_file.c"
+#endif
+*/
 
 #ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-static void sig_stop(int i);
 #else
 static unsigned long MS_CALLBACK hash();
 static int MS_CALLBACK cmp();
 static LHASH *prog_init();
 static int do_cmd();
-static void sig_stop();
 #endif
 
 LHASH *config=NULL;
@@ -143,19 +145,21 @@ char *Argv[];
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
 	ERR_load_crypto_strings();
 
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
 		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
 
@@ -189,7 +193,7 @@ char *Argv[];
 		goto end;
 		}
 
-	/* ok, lets enter the old 'SSLeay>' mode */
+	/* ok, lets enter the old 'OpenSSL>' mode */
 	
 	for (;;)
 		{
@@ -202,7 +206,7 @@ char *Argv[];
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else	prompt="SSLeay>";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -224,6 +228,7 @@ char *Argv[];
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
+		BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
@@ -238,6 +243,7 @@ end:
 	ERR_remove_state(0);
 
 	EVP_cleanup();
+	ERR_free_strings();
 
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
@@ -274,10 +280,10 @@ char *argv[];
 		}
 	else
 		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
+		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
-		fp=functions;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
@@ -295,27 +301,43 @@ char *argv[];
 					{
 					i=1;
 					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
+						"\nMessage Digest commands (see the `dgst' command for more details)\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
-		BIO_printf(bio_err,"\nquit\n");
+		BIO_printf(bio_err,"\n\n");
 		ret=0;
 		}
 end:
 	return(ret);
 	}
 
+static int SortFnByName(const void *_f1,const void *_f2)
+    {
+    const FUNCTION *f1=_f1;
+    const FUNCTION *f2=_f2;
+
+    if(f1->type != f2->type)
+	return f1->type-f2->type;
+    return strcmp(f1->name,f2->name);
+    }
+
 static LHASH *prog_init()
 	{
 	LHASH *ret;
 	FUNCTION *f;
+	int i;
+
+	/* Purely so it looks nice when the user hits ? */
+	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+	    ;
+	qsort(functions,i,sizeof *functions,SortFnByName);
 
 	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
 

apps/openssl.cnf

@@ -1,9 +1,19 @@
 #
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 
 RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
 
 ####################################################################
 [ ca ]
@@ -24,7 +34,8 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
+crl_extensions	= crl_ext		# Extensions to add to CRL
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
@@ -62,6 +73,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@@ -79,7 +91,7 @@ localityName			= Locality Name (eg, city)
 
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
+#1.organizationName_default	= World Wide Web Pty Ltd
 
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
@@ -90,6 +102,8 @@ commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_max		= 40
 
+# SET-ex3			= SET extension number 3
+
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
@@ -97,20 +111,89 @@ challengePassword_max		= 20
 
 unstructuredName		= An optional company name
 
-[ x509v3_extensions ]
+[ usr_cert ]
 
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
+# These extensions are added when 'ca' signs a request.
 
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
 
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+#nsCertType			= server
+
+# For an object signing certificate this would be used.
+#nsCertType = objsign
+
+# For normal client use this is typical
+#nsCertType = client, email
+
+# This is typical also
+
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# Import the email address.
+
+subjectAltName=email:copy
+
+# Copy subject details
+
+issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
 
+[ v3_ca]
+
+# Extensions for a typical CA
+
+# It's a CA certificate
+basicConstraints = CA:true
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+
+# Key usage: again this should really be critical.
+keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+#nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+subjectAltName=email:copy
+# Copy issuer details
+issuerAltName=issuer:copy
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

apps/pem_mail.c

@@ -1,5 +1,5 @@
 /* apps/pem_mail.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written

apps/pkcs7.c

@@ -1,5 +1,5 @@
 /* apps/pkcs7.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -87,7 +87,9 @@ char **argv;
 	{
 	PKCS7 *p7=NULL;
 	int i,badops=0;
+#if !defined(NO_DES) || !defined(NO_IDEA)
 	EVP_CIPHER *enc=NULL;
+#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog,buf[256];
@@ -98,7 +100,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -159,7 +161,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
@@ -275,9 +277,9 @@ bad:
 				BIO_puts(out,buf);
 
 				BIO_puts(out,"\nlast update=");
-				ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+				ASN1_TIME_print(out,crl->crl->lastUpdate);
 				BIO_puts(out,"\nnext update=");
-				ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+				ASN1_TIME_print(out,crl->crl->nextUpdate);
 				BIO_puts(out,"\n");
 
 				PEM_write_bio_X509_CRL(out,crl);

apps/privkey.pem

@@ -1,15 +1,18 @@
------BEGIN DSA PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,2221AF3DAA41AB24
+DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
 
-IOx3ubYOV2SETDSWiuG4bsioEl7jA2CulYKAJvIfy8z5GI+08NwptNOUqbMhDV1s
-156KhUvBvG48uz9mxcOyHjZRD0HNixGNMXDaFJSajINFoGtmYZRc20DEoY6buzsi
-E76GK95cJHsjJsdNrdggIJRTaiLayLzsMFVDrKhmaJVTKlBpcdnFM4BEKSyD2H5N
-OllrfK6GgmlH+WVXU9AlXoy5Jm0YXT7i5bPCB5eDDL/GkTISFHZsnEYpHCrMARsw
-5V15dYEwFc6NA/psBGk1qS2CHVIOYNcfCfndR90+UCos+rMBkcQDfvxI95+L8dbS
-ONJJrUqiCHV/zYSE+aXZN001mJJLvHOW65YbgdwSOfiowcv7HPbFrGdwOOJvSEx2
-d571YvqfsaDojwR5KLgfFDSwVBwzo/mfcFeVrT9Q8LwPL4/dwwoElWTmYbSaW0uZ
-Ov73xRUbVGa5LTJoGbFVMvjpmEO2qtBsx7vq9AT8v8gDzYSuEafyC7d0h85EIfTJ
-wPlIN3xKTiqFpp/eFCkdKqNn826NoC1TgQuoCBIrJ8gZsIr1l8R+iAuGxKGPASoF
-cyqnpcqGgaaTrxnk9cX4dQ==
------END DSA PRIVATE KEY-----
+6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
+Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
+F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
+XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
+jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
+vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
+JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
+PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
+POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
+gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
+8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
+Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
+dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
+-----END RSA PRIVATE KEY-----

apps/progs.h

@@ -6,7 +6,6 @@ extern int dgst_main(int argc,char *argv[]);
 extern int dh_main(int argc,char *argv[]);
 extern int enc_main(int argc,char *argv[]);
 extern int gendh_main(int argc,char *argv[]);
-extern int gendsa_main(int argc,char *argv[]);
 extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
@@ -15,6 +14,7 @@ extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
 extern int s_server_main(int argc,char *argv[]);
 extern int s_client_main(int argc,char *argv[]);
 extern int speed_main(int argc,char *argv[]);
@@ -24,6 +24,7 @@ extern int pkcs7_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
+extern int nseq_main(int argc,char *argv[]);
 #else
 extern int verify_main();
 extern int asn1parse_main();
@@ -32,7 +33,6 @@ extern int dgst_main();
 extern int dh_main();
 extern int enc_main();
 extern int gendh_main();
-extern int gendsa_main();
 extern int errstr_main();
 extern int ca_main();
 extern int crl_main();
@@ -41,6 +41,7 @@ extern int dsa_main();
 extern int dsaparam_main();
 extern int x509_main();
 extern int genrsa_main();
+extern int gendsa_main();
 extern int s_server_main();
 extern int s_client_main();
 extern int speed_main();
@@ -50,6 +51,7 @@ extern int pkcs7_main();
 extern int crl2pkcs7_main();
 extern int sess_id_main();
 extern int ciphers_main();
+extern int nseq_main();
 #endif
 
 #ifdef SSLEAY_SRC
@@ -67,9 +69,7 @@ typedef struct {
 FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"verify",verify_main},
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"req",req_main},
-#endif
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
@@ -77,14 +77,9 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
-#endif
-#ifndef NO_DSA
-	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
@@ -95,12 +90,13 @@ FUNCTION functions[] = {
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#endif
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
+#ifndef NO_DSA
+	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
@@ -118,11 +114,13 @@ FUNCTION functions[] = {
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
+	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
 	{FUNC_TYPE_MD,"sha1",dgst_main},
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
+	{FUNC_TYPE_MD,"rmd160",dgst_main},
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
@@ -145,6 +143,12 @@ FUNCTION functions[] = {
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5",enc_main},
+#endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
@@ -216,6 +220,33 @@ FUNCTION functions[] = {
 #endif
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
+#endif
+#ifndef NO_CAST
+	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
+#endif
+#ifndef NO_RC5
+	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
 	};

apps/progs.pl

@@ -1,8 +1,5 @@
 #!/usr/local/bin/perl
 
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
 print "#ifndef NOPROTO\n";
 
 grep(s/^asn1pars$/asn1parse/,@ARGV);
@@ -38,8 +35,7 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
 		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -49,7 +45,7 @@ foreach (@ARGV)
 		{ print $str; }
 	}
 
-foreach ("md2","md5","sha","sha1","mdc2")
+foreach ("md2","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
 	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
@@ -57,14 +53,16 @@ foreach ("md2","md5","sha","sha1","mdc2")
 
 foreach (
 	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
+	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
+	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
+	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
 	{
 	push(@files,$_);
 
@@ -74,37 +72,11 @@ foreach (
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
 	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
+	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 
 print "\t{0,NULL,NULL}\n\t};\n";
 print "#endif\n\n";
 
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);

apps/req.c

@@ -1,5 +1,5 @@
 /* apps/req.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -71,6 +71,7 @@
 #include "err.h"
 #include "asn1.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "objects.h"
 #include "pem.h"
 
@@ -80,6 +81,7 @@
 #define KEYFILE		"default_keyfile"
 #define DISTINGUISHED_NAME	"distinguished_name"
 #define ATTRIBUTES	"attributes"
+#define V3_EXTENSIONS	"x509_extensions"
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
@@ -111,14 +113,18 @@ static int add_attribute_object(STACK *n, char *text, char *def,
 	char *value, int nid,int min,int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-static void MS_CALLBACK req_cb(int p,int n);
+static void MS_CALLBACK req_cb(int p,int n,char *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
+static int check_end(char *str, char *end);
+static int add_oid_section(LHASH *conf);
 #else
 static int make_REQ();
 static int add_attribute_object();
 static int add_DN_object();
 static void MS_CALLBACK req_cb();
 static int req_fix_data();
+static int check_end();
+static int add_oid_section();
 #endif
 
 #ifndef MONOLITH
@@ -135,7 +141,9 @@ int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
+#ifndef NO_DSA
 	DSA *dsa_params=NULL;
+#endif
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
@@ -145,6 +153,7 @@ char **argv;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+	char *extensions = NULL;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
 	char *p;
@@ -160,7 +169,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -219,16 +228,21 @@ char **argv;
 			}
 		else if (strcmp(*argv,"-newkey") == 0)
 			{
+			int is_numeric;
+
 			if (--argc < 1) goto bad;
 			p= *(++argv);
-			if ((strncmp("rsa:",p,4) == 0) ||
-				((p[0] >= '0') && (p[0] <= '9')))
+			is_numeric = p[0] >= '0' && p[0] <= '9';
+			if (strncmp("rsa:",p,4) == 0 || is_numeric)
 				{
 				pkey_type=TYPE_RSA;
-				p+=4;
+				if(!is_numeric)
+				    p+=4;
 				newkey= atoi(p);
 				}
-			else if (strncmp("dsa:",p,4) == 0)
+			else
+#ifndef NO_DSA
+				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
 				EVP_PKEY *dtmp;
@@ -249,27 +263,32 @@ char **argv;
 						BIO_printf(bio_err,"unable to load DSA parameters from file\n");
 						goto end;
 						}
+
 					dtmp=X509_get_pubkey(xtmp);
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+					EVP_PKEY_free(dtmp);
 					X509_free(xtmp);
 					if (dsa_params == NULL)
 						{
 						BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
 						goto end;
 						}
-					
 					}
 				BIO_free(in);
 				newkey=BN_num_bits(dsa_params->p);
 				in=NULL;
 				}
-			else if (strncmp("dh:",p,4) == 0)
+			else 
+#endif
+#ifndef NO_DH
+				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
 				p+=3;
 				}
 			else
+#endif
 				pkey_type=TYPE_RSA;
 
 			newreq=1;
@@ -319,7 +338,7 @@ bad:
 		BIO_printf(bio_err,"where options  are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");
 		BIO_printf(bio_err," -noout         do not output REQ\n");
@@ -333,7 +352,7 @@ bad:
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
 
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
-		BIO_printf(bio_err," -config file   request templace file.\n");
+		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
 		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
@@ -344,15 +363,18 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 
 #ifndef MONOLITH
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
 		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
         default_config_file=p;
@@ -382,6 +404,30 @@ bad:
 			}
 		}
 
+	if (req_conf != NULL)
+		{
+		p=CONF_get_string(req_conf,NULL,"oid_file");
+		if (p != NULL)
+			{
+			BIO *oid_bio;
+
+			oid_bio=BIO_new_file(p,"r");
+			if (oid_bio == NULL) 
+				{
+				/*
+				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+				ERR_print_errors(bio_err);
+				*/
+				}
+			else
+				{
+				OBJ_create_objects(oid_bio);
+				BIO_free(oid_bio);
+				}
+			}
+		}
+		if(!add_oid_section(req_conf)) goto end;
+
 	if ((md_alg == NULL) &&
 		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
 		{
@@ -389,6 +435,16 @@ bad:
 			digest=md_alg;
 		}
 
+	extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+	if(extensions) {
+		/* Check syntax of file */
+		if(!X509V3_EXT_check_conf(req_conf, extensions)) {
+			BIO_printf(bio_err,
+			 "Error Loading extension section %s\n", extensions);
+			goto end;
+		}
+	}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -463,7 +519,8 @@ bad:
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
-				RSA_generate_key(newkey,0x10001,req_cb)))
+				RSA_generate_key(newkey,0x10001,
+					req_cb,(char *)bio_err)))
 				goto end;
 			}
 		else
@@ -559,8 +616,10 @@ loop:
 
 	if (newreq || x509)
 		{
+#ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
+#endif
 
 		if (pkey == NULL)
 			{
@@ -586,12 +645,12 @@ loop:
 			}
 		if (x509)
 			{
+			EVP_PKEY *tmppkey;
+			X509V3_CTX ext_ctx;
 			if ((x509ss=X509_new()) == NULL) goto end;
 
-			/* don't set the version number, for starters
-			 * the field is null and second, null is v0 
-			 * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
-			 */
+			/* Set version to V3 */
+			if(!X509_set_version(x509ss, 2)) goto end;
 			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
 
 			X509_set_issuer_name(x509ss,
@@ -601,7 +660,27 @@ loop:
 				(long)60*60*24*days);
 			X509_set_subject_name(x509ss,
 				X509_REQ_get_subject_name(req));
-			X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+			tmppkey = X509_REQ_get_pubkey(req);
+			X509_set_pubkey(x509ss,tmppkey);
+			EVP_PKEY_free(tmppkey);
+
+			/* Set up V3 context struct */
+
+			ext_ctx.issuer_cert = x509ss;
+			ext_ctx.subject_cert = x509ss;
+			ext_ctx.subject_req = NULL;
+			ext_ctx.crl = NULL;
+			ext_ctx.flags = 0;
+
+			/* Add extensions */
+			if(extensions && !X509V3_EXT_add_conf(req_conf, 
+				 	&ext_ctx, extensions, x509ss))
+			    {
+			    BIO_printf(bio_err,
+				       "Error Loading extension section %s\n",
+				       extensions);
+			    goto end;
+			    }
 
 			if (!(i=X509_sign(x509ss,pkey,digest)))
 				goto end;
@@ -625,7 +704,10 @@ loop:
 			}
 
 		i=X509_REQ_verify(req,pkey);
-		if (tmp) pkey=NULL;
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}
 
 		if (i < 0)
 			{
@@ -682,9 +764,11 @@ loop:
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
 		if (pubkey->type == EVP_PKEY_RSA)
 			BN_print(out,pubkey->pkey.rsa->n);
 		else
+#endif
 			fprintf(stdout,"Wrong Algorithm type");
 		fprintf(stdout,"\n");
 		}
@@ -728,12 +812,16 @@ end:
 		ERR_print_errors(bio_err);
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (req != NULL) X509_REQ_free(req);
-	if (x509ss != NULL) X509_free(x509ss);
+	BIO_free(in);
+	BIO_free(out);
+	EVP_PKEY_free(pkey);
+	X509_REQ_free(req);
+	X509_free(x509ss);
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
+#ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
+#endif
 	EXIT(ex);
 	}
 
@@ -742,8 +830,8 @@ X509_REQ *req;
 EVP_PKEY *pkey;
 int attribs;
 	{
-	int ret=0,i,j;
-	unsigned char *p;
+	int ret=0,i;
+	unsigned char *p,*q;
 	X509_REQ_INFO *ri;
 	char buf[100];
 	int nid,min,max;
@@ -800,20 +888,23 @@ start:		for (;;)
 			if ((int)sk_num(sk) <= i) break;
 
 			v=(CONF_VALUE *)sk_value(sk,i);
-			p=NULL;
+			p=q=NULL;
 			type=v->name;
-			for (j=0; type[j] != '\0'; j++)
-				{
-				if (	(type[j] == ':') ||
-					(type[j] == ',') ||
-					(type[j] == '.'))
-					p= (unsigned char *)&(type[j+1]);
+			if(!check_end(type,"_min") || !check_end(type,"_max") ||
+				!check_end(type,"_default") ||
+					 !check_end(type,"_value")) continue;
+			/* Skip past any leading X. X: X, etc to allow for
+			 * multiple instances 
+			 */
+			for(p = v->name; *p ; p++) 
+				if ((*p == ':') || (*p == ',') ||
+							 (*p == '.')) {
+					p++;
+					if(*p) type = p;
+					break;
 				}
-			if (p != NULL)
-				type=(char *)p;
-			if ((nid=OBJ_txt2nid(type)) == NID_undef)
-				goto start;
-
+			/* If OBJ not recognised ignore it */
+			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
 				def="";
@@ -1044,9 +1135,10 @@ err:
 	return(0);
 	}
 
-static void MS_CALLBACK req_cb(p, n)
+static void MS_CALLBACK req_cb(p,n,arg)
 int p;
 int n;
+char *arg;
 	{
 	char c='*';
 
@@ -1054,8 +1146,8 @@ int n;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(bio_err,&c,1);
-	BIO_flush(bio_err);
+	BIO_write((BIO *)arg,&c,1);
+	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
@@ -1095,3 +1187,40 @@ int len,min,max;
 		}
 	return(1);
 	}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(str, end)
+char *str;
+char *end;
+{
+	int elen, slen;	
+	char *tmp;
+	elen = strlen(end);
+	slen = strlen(str);
+	if(elen > slen) return 1;
+	tmp = str + slen - elen;
+	return strcmp(tmp, end);
+}
+
+static int add_oid_section(conf)
+LHASH *conf;
+{	
+	char *p;
+	STACK *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(conf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_num(sktmp); i++) {
+		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}

apps/req.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----

apps/rmlinks

@@ -1,6 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
-do
-echo removing $i
-/bin/rm -f $i
-done

apps/rsa.c

@@ -1,5 +1,5 @@
 /* apps/rsa.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -99,7 +99,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	infile=NULL;
 	outfile=NULL;
@@ -154,7 +154,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");

apps/rsa/01.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----

apps/rsa/1.txt

@@ -0,0 +1,50 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : May 18 23:59:59 1999 GMT
+        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
+                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
+                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
+                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
+                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
+                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
+                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
+                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
+                    b0:91:2d:85:ad:2a:1c:e7:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
+        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
+        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
+        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
+        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
+        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
+        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----

apps/rsa/SecureServer.pem

@@ -0,0 +1,47 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----

apps/rsa/s.txt

@@ -0,0 +1,49 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----

apps/s_apps.h

@@ -1,5 +1,5 @@
 /* apps/s_apps.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -62,7 +62,7 @@
 
 #ifndef NOPROTO
 int do_accept(int acc_sock, int *sock, char **host);
-int do_server(int port, int *ret, int (*cb) ());
+int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #else
@@ -79,9 +79,8 @@ int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
 int nbio_sock_error(int sock);
 int spawn(int argc, char **argv, int *in, int *out);
 int init_server(int *sock, int port);
+int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
-int sock_err(void );
-int socket_ioctl(int, long,unsigned long *);
 void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
@@ -108,8 +107,6 @@ int nbio_sock_error();
 int spawn();
 int init_server();
 int should_retry();
-int sock_err();
-int socket_ioctl();
 void sock_cleanup();
 int extract_port();
 int extract_host_port();

apps/s_cb.c

@@ -1,5 +1,5 @@
 /* apps/s_cb.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,7 +71,6 @@
 int verify_depth=0;
 int verify_error=X509_V_OK;
 
-/* should be X509 * but we can just have them as char *. */
 int MS_CALLBACK verify_callback(ok, ctx)
 int ok;
 X509_STORE_CTX *ctx;
@@ -110,13 +109,13 @@ X509_STORE_CTX *ctx;
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 		BIO_printf(bio_err,"notBefore=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 	case X509_V_ERR_CERT_HAS_EXPIRED:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		BIO_printf(bio_err,"notAfter=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 		}
@@ -131,13 +130,15 @@ char *key_file;
 	{
 	if (cert_file != NULL)
 		{
+		/*
 		SSL *ssl;
 		X509 *x509;
+		*/
 
 		if (SSL_CTX_use_certificate_file(ctx,cert_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
-			BIO_printf(bio_err,"unable to set certificate file\n");
+			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
@@ -145,18 +146,25 @@ char *key_file;
 		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
-			BIO_printf(bio_err,"unable to set public key file\n");
+			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
 
+		/*
+		In theory this is no longer needed 
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
 
-		if (x509 != NULL)
-			EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
-				SSL_get_privatekey(ssl));
+		if (x509 != NULL) {
+			EVP_PKEY *pktmp;
+			pktmp = X509_get_pubkey(x509);
+			EVP_PKEY_copy_parameters(pktmp,
+						SSL_get_privatekey(ssl));
+			EVP_PKEY_free(pktmp);
+		}
 		SSL_free(ssl);
+		*/
 
 		/* If we are using DSA, we can copy the parameters from
 		 * the private key */

apps/s_client.c

@@ -1,5 +1,5 @@
 /* apps/s_client.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <string.h>
 #define USE_SOCKETS
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -104,7 +104,7 @@ static int c_quiet=0;
 
 static void sc_usage()
 	{
-	BIO_printf(bio_err,"usage: client args\n");
+	BIO_printf(bio_err,"usage: s_client args\n");
 	BIO_printf(bio_err,"\n");
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
@@ -127,9 +127,11 @@ static void sc_usage()
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
+	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
-	BIO_printf(bio_err,"                 command to se what is available\n");
+	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
+	BIO_printf(bio_err,"                 command to see what is available\n");
 
 	}
 
@@ -137,6 +139,7 @@ int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
+	int off=0;
 	SSL *con=NULL,*con2=NULL;
 	int s,k,width,state=0;
 	char *cbuf=NULL,*sbuf=NULL;
@@ -165,6 +168,7 @@ char **argv;
 #endif
 
 	apps_startup();
+	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
 
@@ -234,6 +238,10 @@ char **argv;
 #ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
+#endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			meth=TLSv1_client_method();
 #endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
@@ -256,6 +264,12 @@ char **argv;
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-no_tls1") == 0)
+			off|=SSL_OP_NO_TLSv1;
+		else if (strcmp(*argv,"-no_ssl3") == 0)
+			off|=SSL_OP_NO_SSLv3;
+		else if (strcmp(*argv,"-no_ssl2") == 0)
+			off|=SSL_OP_NO_SSLv2;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -302,7 +316,10 @@ bad:
 		goto end;
 		}
 
-	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+	if (bugs)
+		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+	else
+		SSL_CTX_set_options(ctx,off);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
@@ -319,20 +336,21 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		BIO_printf(bio_err,"error seting default verify locations\n");
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	SSL_load_error_strings();
 
 	con=(SSL *)SSL_new(ctx);
+/*	SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
 
 	if (init_client(&s,host,port) == 0)
 		{
-		BIO_printf(bio_err,"connect:errno=%d\n",errno);
+		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
 		goto end;
 		}
@@ -343,7 +361,11 @@ re_start:
 		{
 		unsigned long l=1;
 		BIO_printf(bio_c_out,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&l);
+		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
@@ -386,7 +408,7 @@ re_start:
 		FD_ZERO(&readfds);
 		FD_ZERO(&writefds);
 
-		if (SSL_in_init(con))
+		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
 			{
 			in_init=1;
 			tty_on=0;
@@ -427,11 +449,11 @@ re_start:
 /*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
 			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 
-/*		printf("pending=%d\n",SSL_pending(con)); */
 		i=select(width,&readfds,&writefds,NULL,NULL);
 		if ( i < 0)
 			{
-			BIO_printf(bio_err,"bad select %d\n",sock_err());
+			BIO_printf(bio_err,"bad select %d\n",
+				get_last_socket_error());
 			goto shut;
 			/* goto end; */
 			}
@@ -489,7 +511,7 @@ re_start:
 				if ((k != 0) || (cbuf_len != 0))
 					{
 					BIO_printf(bio_err,"write:errno=%d\n",
-						errno);
+						get_last_socket_error());
 					goto shut;
 					}
 				else
@@ -526,7 +548,18 @@ re_start:
 #endif
 		else if (FD_ISSET(SSL_get_fd(con),&readfds))
 			{
-			k=SSL_read(con,sbuf,BUFSIZZ);
+#ifdef RENEG
+{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+#endif
+#if 1
+			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+#else
+/* Demo for pending and peek :-) */
+			k=SSL_read(con,sbuf,16);
+{ char zbuf[10240]; 
+printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
+}
+#endif
 
 			switch (SSL_get_error(con,k))
 				{
@@ -555,7 +588,7 @@ re_start:
 				BIO_printf(bio_c_out,"read X BLOCK\n");
 				break;
 			case SSL_ERROR_SYSCALL:
-				BIO_printf(bio_err,"read:errno=%d\n",errno);
+				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
 				goto shut;
 			case SSL_ERROR_ZERO_RETURN:
 				BIO_printf(bio_c_out,"closed\n");
@@ -563,7 +596,7 @@ re_start:
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
-				break;
+				/* break; */
 				}
 			}
 
@@ -619,7 +652,7 @@ BIO *bio;
 SSL *s;
 int full;
 	{
-	X509 *peer;
+	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
@@ -633,7 +666,7 @@ int full;
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
-			BIO_printf(bio,"---\nCertficate chain\n");
+			BIO_printf(bio,"---\nCertificate chain\n");
 			for (i=0; i<sk_num(sk); i++)
 				{
 				X509_NAME_oneline(X509_get_subject_name((X509 *)
@@ -657,7 +690,6 @@ int full;
 			X509_NAME_oneline(X509_get_issuer_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"issuer=%s\n",buf);
-			X509_free(peer);
 			}
 		else
 			BIO_printf(bio,"no peer certificate available\n");
@@ -687,7 +719,7 @@ int full;
 				{
 				if (*p == ':')
 					{
-					BIO_write(bio,space,15-j);
+					BIO_write(bio,space,15-j%25);
 					i++;
 					j=0;
 					BIO_write(bio,((i%3)?" ":"\n"),1);
@@ -711,7 +743,16 @@ int full;
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
+	if (peer != NULL) {
+		EVP_PKEY *pktmp;
+		pktmp = X509_get_pubkey(peer);
+		BIO_printf(bio,"Server public key is %d bit\n",
+							 EVP_PKEY_bits(pktmp));
+		EVP_PKEY_free(pktmp);
+	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
+	if (peer != NULL)
+		X509_free(peer);
 	}
 

apps/s_server.c

@@ -1,5 +1,5 @@
 /* apps/s_server.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -61,7 +61,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "lhash.h"
@@ -75,15 +75,18 @@
 #include "s_apps.h"
 
 #ifndef NOPROTO
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
-static int sv_body(char *hostname, int s);
-static int www_body(char *hostname, int s);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
+static int sv_body(char *hostname, int s, char *context);
+static int www_body(char *hostname, int s, char *context);
 static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
+#ifndef NO_DH
 static DH *load_dh_param(void );
 static DH *get_dh512(void);
+#endif
+/* static void s_server_init(void);*/
 #else
 static RSA MS_CALLBACK *tmp_rsa_cb();
 static int sv_body();
@@ -92,15 +95,19 @@ static void close_accept_socket();
 static void sv_usage();
 static int init_ssl_connection();
 static void print_stats();
+#ifndef NO_DH
 static DH *load_dh_param();
 static DH *get_dh512();
 #endif
+/* static void s_server_init(); */
+#endif
 
 
 #ifndef S_ISDIR
 #define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
 #endif
 
+#ifndef NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -117,20 +124,20 @@ static DH *get_dh512()
 	{
 	DH *dh=NULL;
 
-#ifndef NO_DH
 	if ((dh=DH_new()) == NULL) return(NULL);
 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		return(NULL);
-#endif
 	return(dh);
 	}
+#endif
 
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
-#define BUFSIZZ	8*1024
+#define BUFSIZZ	16*1024
+static int bufsize=32;
 static int accept_socket= -1;
 
 #define TEST_CERT	"server.pem"
@@ -142,8 +149,9 @@ static int accept_socket= -1;
 extern int verify_depth;
 
 static char *cipher=NULL;
-int verify=SSL_VERIFY_NONE;
-char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static int s_server_verify=SSL_VERIFY_NONE;
+static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
@@ -155,17 +163,42 @@ static BIO *bio_s_out=NULL;
 static int s_debug=0;
 static int s_quiet=0;
 
+#if 0
+static void s_server_init()
+	{
+	cipher=NULL;
+	s_server_verify=SSL_VERIFY_NONE;
+	s_dcert_file=NULL;
+	s_dkey_file=NULL;
+	s_cert_file=TEST_CERT;
+	s_key_file=NULL;
+#ifdef FIONBIO
+	s_nbio=0;
+#endif
+	s_nbio_test=0;
+	ctx=NULL;
+	www=0;
+
+	bio_s_out=NULL;
+	s_debug=0;
+	s_quiet=0;
+	}
+#endif
+
 static void sv_usage()
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accpet arg   - port to accept on (default is %d\n",PORT);
+	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
+	BIO_printf(bio_err," -context arg  - set session ID context\n");
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
 	BIO_printf(bio_err," -key arg      - RSA file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
+	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
+	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
@@ -175,19 +208,23 @@ static void sv_usage()
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
-	BIO_printf(bio_err," -cipher arg   - play with 'ssleay ciphers' to see what goes here\n");
+	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
+	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
+	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
+	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
+	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
-	BIO_printf(bio_err," -WWW          - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
+	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	}
 
-static int local_argc;
+static int local_argc=0;
 static char **local_argv;
-static int hack;
+static int hack=0;
 
 int MAIN(argc, argv)
 int argc;
@@ -195,12 +232,16 @@ char *argv[];
 	{
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
+	char *context = NULL;
 	int badop=0,bugs=0;
 	int ret=1;
+	int off=0;
 	int no_tmp_rsa=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+#ifndef NO_DH
 	DH *dh=NULL;
+#endif
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
@@ -240,19 +281,24 @@ char *argv[];
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
-			verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
 			}
 		else if	(strcmp(*argv,"-Verify") == 0)
 			{
-			verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
 				SSL_VERIFY_CLIENT_ONCE;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
 			}
+		else if	(strcmp(*argv,"-context") == 0)
+			{
+			if (--argc < 1) goto bad;
+			context= *(++argv);
+			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -263,6 +309,16 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			s_key_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-dcert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			s_dcert_file= *(++argv);
+			}
+		else if	(strcmp(*argv,"-dkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			s_dkey_file= *(++argv);
+			}
 		else if (strcmp(*argv,"-nocert") == 0)
 			{
 			nocert=1;
@@ -309,6 +365,12 @@ char *argv[];
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
+		else if	(strcmp(*argv,"-no_ssl2") == 0)
+			{ off|=SSL_OP_NO_SSLv2; }
+		else if	(strcmp(*argv,"-no_ssl3") == 0)
+			{ off|=SSL_OP_NO_SSLv3; }
+		else if	(strcmp(*argv,"-no_tls1") == 0)
+			{ off|=SSL_OP_NO_TLSv1; }
 #ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
@@ -316,6 +378,10 @@ char *argv[];
 #ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
+#endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			{ meth=TLSv1_server_method(); }
 #endif
 		else
 			{
@@ -352,6 +418,8 @@ bad:
 		{
 		s_cert_file=NULL;
 		s_key_file=NULL;
+		s_dcert_file=NULL;
+		s_dkey_file=NULL;
 		}
 
 	SSL_load_error_strings();
@@ -364,12 +432,16 @@ bad:
 		goto end;
 		}
 
+	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+	SSL_CTX_set_options(ctx,off);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 
+	SSL_CTX_sess_set_cache_size(ctx,128);
+
 #if 0
 	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
 #endif
@@ -385,9 +457,9 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		BIO_printf(bio_err,"X509_load_verify_locations\n");
+		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 #ifndef NO_DH
@@ -410,6 +482,11 @@ bad:
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 		goto end;
+	if (s_dcert_file != NULL)
+		{
+		if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
+			goto end;
+		}
 
 #if 1
 	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -435,15 +512,15 @@ bad:
 
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
-	SSL_CTX_set_verify(ctx,verify,verify_callback);
+	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
 
-	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
-		do_server(port,&accept_socket,www_body);
+		do_server(port,&accept_socket,www_body, context);
 	else
-		do_server(port,&accept_socket,sv_body);
+		do_server(port,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
@@ -464,21 +541,29 @@ SSL_CTX *ssl_ctx;
 		SSL_CTX_sess_number(ssl_ctx));
 	BIO_printf(bio,"%4d client connects (SSL_connect())\n",
 		SSL_CTX_sess_connect(ssl_ctx));
+	BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
+		SSL_CTX_sess_connect_renegotiate(ssl_ctx));
 	BIO_printf(bio,"%4d client connects that finished\n",
 		SSL_CTX_sess_connect_good(ssl_ctx));
 	BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
 		SSL_CTX_sess_accept(ssl_ctx));
+	BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
+		SSL_CTX_sess_accept_renegotiate(ssl_ctx));
 	BIO_printf(bio,"%4d server accepts that finished\n",
 		SSL_CTX_sess_accept_good(ssl_ctx));
 	BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
 	BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
 	BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
 	BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+	BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
+		SSL_CTX_sess_cache_full(ssl_ctx),
+		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
 
-static int sv_body(hostname, s)
+static int sv_body(hostname, s, context)
 char *hostname;
 int s;
+char *context;
 	{
 	char *buf=NULL;
 	fd_set readfds;
@@ -488,7 +573,7 @@ int s;
 	SSL *con=NULL;
 	BIO *sbio;
 
-	if ((buf=Malloc(BUFSIZZ)) == NULL)
+	if ((buf=Malloc(bufsize)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto err;
@@ -500,12 +585,16 @@ int s;
 
 		if (!s_quiet)
 			BIO_printf(bio_err,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&sl);
+		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+			ERR_print_errors(bio_err);
 		}
 #endif
 
-	if (con == NULL)
+	if (con == NULL) {
 		con=(SSL *)SSL_new(ctx);
+		if(context)
+		      SSL_set_session_id_context(con, context, strlen(context));
+	}
 	SSL_clear(con);
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
@@ -539,7 +628,7 @@ int s;
 		if (i <= 0) continue;
 		if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),buf,BUFSIZZ);
+			i=read(fileno(stdin),buf,bufsize);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -558,21 +647,27 @@ int s;
 					ret= -11;*/
 					goto err;
 					}
-				if (buf[0] == 'r')
+				if ((buf[0] == 'r') && 
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /*13; */
 					continue;
-					strcpy(buf,"server side RE-NEGOTIATE\n");
+					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
-				if (buf[0] == 'R')
+				if ((buf[0] == 'R') &&
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
 					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /* 13; */
 					continue;
-					strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n");
+					/* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
 					}
 				if (buf[0] == 'P')
 					{
@@ -588,19 +683,27 @@ int s;
 			for (;;)
 				{
 				/* should do a select for the write */
-				k=SSL_write(con,&(buf[l]),(unsigned int)i);
-				if (
-#ifdef FIONBIO
-					s_nbio &&
+#ifdef RENEG
+{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
 #endif
-					BIO_sock_should_retry(k))
+				k=SSL_write(con,&(buf[l]),(unsigned int)i);
+				switch (SSL_get_error(con,k))
 					{
+				case SSL_ERROR_NONE:
+					break;
+				case SSL_ERROR_WANT_WRITE:
+				case SSL_ERROR_WANT_READ:
+				case SSL_ERROR_WANT_X509_LOOKUP:
 					BIO_printf(bio_s_out,"Write BLOCK\n");
-					continue;
-					}
-				if (k <= 0)
-					{
+					break;
+				case SSL_ERROR_SYSCALL:
+				case SSL_ERROR_SSL:
+					BIO_printf(bio_s_out,"ERROR\n");
 					ERR_print_errors(bio_err);
+					ret=1;
+					goto err;
+					/* break; */
+				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
@@ -629,25 +732,31 @@ int s;
 				}
 			else
 				{
-				i=SSL_read(con,(char *)buf,BUFSIZZ);
-				if ((i <= 0) &&
-#ifdef FIONBIO
-					s_nbio &&
-#endif
-					BIO_sock_should_retry(i))
+again:	
+				i=SSL_read(con,(char *)buf,bufsize);
+				switch (SSL_get_error(con,i))
 					{
+				case SSL_ERROR_NONE:
+					write(fileno(stdout),buf,
+						(unsigned int)i);
+					if (SSL_pending(con)) goto again;
+					break;
+				case SSL_ERROR_WANT_WRITE:
+				case SSL_ERROR_WANT_READ:
+				case SSL_ERROR_WANT_X509_LOOKUP:
 					BIO_printf(bio_s_out,"Read BLOCK\n");
-					}
-				else if (i <= 0)
-					{
+					break;
+				case SSL_ERROR_SYSCALL:
+				case SSL_ERROR_SSL:
+					BIO_printf(bio_s_out,"ERROR\n");
 					ERR_print_errors(bio_err);
+					ret=1;
+					goto err;
+				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
 					goto err;
 					}
-				else
-					write(fileno(stdout),buf,
-						(unsigned int)i);
 				}
 			}
 		}
@@ -662,7 +771,7 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZZ);
+		memset(buf,0,bufsize);
 		Free(buf);
 		}
 	if (ret >= 0)
@@ -685,7 +794,7 @@ SSL *con;
 	int i;
 	char *str;
 	X509 *peer;
-	int verify_error;
+	long verify_error;
 	MS_STATIC char buf[BUFSIZ];
 
 	if ((i=SSL_accept(con)) <= 0)
@@ -727,23 +836,27 @@ SSL *con;
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
+		TLS1_FLAGS_TLS_PADDING_BUG)
+		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
+
 	return(1);
 	}
 
+#ifndef NO_DH
 static DH *load_dh_param()
 	{
 	DH *ret=NULL;
 	BIO *bio;
 
-#ifndef NO_DH
 	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
 		goto err;
 	ret=PEM_read_bio_DHparams(bio,NULL,NULL);
 err:
 	if (bio != NULL) BIO_free(bio);
-#endif
 	return(ret);
 	}
+#endif
 
 #if 0
 static int load_CA(ctx,file)
@@ -768,18 +881,22 @@ char *file;
 	}
 #endif
 
-static int www_body(hostname, s)
+static int www_body(hostname, s, context)
 char *hostname;
 int s;
+char *context;
 	{
-	char buf[1024];
+	char *buf=NULL;
 	int ret=1;
 	int i,j,k,blank,dot;
 	struct stat st_buf;
 	SSL *con;
 	SSL_CIPHER *c;
 	BIO *io,*ssl_bio,*sbio;
+	long total_bytes;
 
+	buf=Malloc(bufsize);
+	if (buf == NULL) return(0);
 	io=BIO_new(BIO_f_buffer());
 	ssl_bio=BIO_new(BIO_f_ssl());
 	if ((io == NULL) || (ssl_bio == NULL)) goto err;
@@ -787,18 +904,20 @@ int s;
 #ifdef FIONBIO	
 	if (s_nbio)
 		{
-		unsigned int long sl=1;
+		unsigned long sl=1;
 
 		if (!s_quiet)
 			BIO_printf(bio_err,"turning on non blocking io\n");
-		socket_ioctl(s,FIONBIO,&sl);
+		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+			ERR_print_errors(bio_err);
 		}
 #endif
 
 	/* lets make the output buffer a reasonable size */
-	if (!BIO_set_write_buffer_size(io,16*1024)) goto err;
+	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
 	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+	if(context) SSL_set_session_id_context(con, context, strlen(context));
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (s_nbio_test)
@@ -842,14 +961,14 @@ int s;
 			case SSL_ERROR_ZERO_RETURN:
 				ret=1;
 				goto err;
-				break;
+				/* break; */
 				}
 
 			SSL_renegotiate(con);
 			SSL_write(con,NULL,0);
 			}
 
-		i=BIO_gets(io,buf,sizeof(buf)-1);
+		i=BIO_gets(io,buf,bufsize-1);
 		if (i < 0) /* error */
 			{
 			if (!BIO_should_retry(io))
@@ -875,14 +994,15 @@ int s;
 
 		/* else we have data */
 		if (	((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
-			((www == 2) && (strncmp("GET stats ",buf,10) == 0)))
+			((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
 			{
 			char *p;
 			X509 *peer;
 			STACK *sk;
-			static char *space="                ";
+			static char *space="                          ";
 
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+			BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
 			BIO_puts(io,"<pre>\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
 			BIO_puts(io,"\n");
@@ -901,14 +1021,14 @@ int s;
 			for (i=0; i<j; i++)
 				{
 				c=(SSL_CIPHER *)sk_value(sk,i);
-				BIO_printf(io,"%s:%-25s",
+				BIO_printf(io,"%-11s:%-25s",
 					SSL_CIPHER_get_version(c),
 					SSL_CIPHER_get_name(c));
-				if ((((i+1)%3) == 0) && (i+1 != j))
+				if ((((i+1)%2) == 0) && (i+1 != j))
 					BIO_puts(io,"\n");
 				}
 			BIO_puts(io,"\n");
-			p=SSL_get_shared_ciphers(con,buf,sizeof(buf));
+			p=SSL_get_shared_ciphers(con,buf,bufsize);
 			if (p != NULL)
 				{
 				BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
@@ -917,7 +1037,7 @@ int s;
 					{
 					if (*p == ':')
 						{
-						BIO_write(io,space,15-j);
+						BIO_write(io,space,26-j);
 						i++;
 						j=0;
 						BIO_write(io,((i%3)?" ":"\n"),1);
@@ -935,7 +1055,7 @@ int s;
 				?"---\nReused, "
 				:"---\nNew, "));
 			c=SSL_get_current_cipher(con);
-			BIO_printf(io,"SSLv%d, Cipher is %s\n",
+			BIO_printf(io,"%s, Cipher is %s\n",
 				SSL_CIPHER_get_version(c),
 				SSL_CIPHER_get_name(c));
 			SSL_SESSION_print(io,SSL_get_session(con));
@@ -951,6 +1071,7 @@ int s;
 				}
 			else
 				BIO_puts(io,"no client certificate available\n");
+			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
 		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
@@ -969,6 +1090,7 @@ int s;
 					(strncmp(&(e[-1]),"/../",4) == 0))
 					dot=1;
 				}
+			
 
 			if (*e == '\0')
 				{
@@ -1028,18 +1150,33 @@ int s;
 			else
 				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
 			/* send the file */
+			total_bytes=0;
 			for (;;)
 				{
-				i=BIO_read(file,buf,1024);
+				i=BIO_read(file,buf,bufsize);
 				if (i <= 0) break;
 
+#ifdef RENEG
+				total_bytes+=i;
+				fprintf(stderr,"%d\n",i);
+				if (total_bytes > 3*1024)
+					{
+					total_bytes=0;
+					fprintf(stderr,"RENEGOTIATE\n");
+					SSL_renegotiate(con);
+					}
+#endif
+
 				for (j=0; j<i; )
 					{
+#ifdef RENEG
+{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
+#endif
 					k=BIO_write(io,&(buf[j]),i-j);
 					if (k <= 0)
 						{
 						if (!BIO_should_retry(io))
-							break;
+							goto write_error;
 						else
 							{
 							BIO_printf(bio_s_out,"rwrite W BLOCK\n");
@@ -1051,6 +1188,7 @@ int s;
 						}
 					}
 				}
+write_error:
 			BIO_free(file);
 			break;
 			}
@@ -1068,12 +1206,13 @@ int s;
 			break;
 		}
 end:
-#if 0
+#if 1
 	/* make sure we re-use sessions */
 	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
 	/* This kills performace */
-	SSL_shutdown(con);
+/*	SSL_shutdown(con); A shutdown gets sent in the
+ *	BIO_free_all(io) procession */
 #endif
 
 err:
@@ -1081,14 +1220,16 @@ err:
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
 
+	if (buf != NULL) Free(buf);
 	if (io != NULL) BIO_free_all(io);
-/*	if (ssl_bio != NULL) BIO_free(ssl_bio); */
+/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
 	return(ret);
 	}
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength)
 SSL *s;
 int export;
+int keylength;
 	{
 	static RSA *rsa_tmp=NULL;
 
@@ -1096,11 +1237,11 @@ int export;
 		{
 		if (!s_quiet)
 			{
-			BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
 			BIO_flush(bio_err);
 			}
 #ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL);
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 #endif
 		if (!s_quiet)
 			{

apps/s_socket.c

@@ -1,5 +1,5 @@
 /* apps/s_socket.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -262,7 +262,7 @@ int port;
 		*sock=s;
 
 #ifdef FIONBIO
-		socket_ioctl(s,FIONBIO,&l);
+		BIO_socket_ioctl(s,FIONBIO,&l);
 #endif
 		}
 	else
@@ -280,10 +280,11 @@ int port;
 		return(1);
 	}
 
-int do_server(port, ret, cb)
+int do_server(port, ret, cb, context)
 int port;
 int *ret;
 int (*cb)();
+char *context;
 	{
 	int sock;
 	char *name;
@@ -304,20 +305,21 @@ int (*cb)();
 			SHUTDOWN(accept_socket);
 			return(0);
 			}
-		i=(*cb)(name,sock);
+		i=(*cb)(name,sock, context);
 		if (name != NULL) Free(name);
-		SHUTDOWN(sock);
+		SHUTDOWN2(sock);
 		if (i < 0)
 			{
-			SHUTDOWN(accept_socket);
+			SHUTDOWN2(accept_socket);
 			return(i);
 			}
 		}
 	}
 
-int init_server(sock, port)
+int init_server_long(sock, port, ip)
 int *sock;
 int port;
+char *ip;
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -328,7 +330,15 @@ int port;
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
 	server.sin_port=htons((unsigned short)port);
-	server.sin_addr.s_addr=INADDR_ANY;
+	if (ip == NULL)
+		server.sin_addr.s_addr=INADDR_ANY;
+	else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
+		memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+		memcpy(&server.sin_addr,ip,4);
+#endif
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;
@@ -339,7 +349,8 @@ int port;
 #endif
 		goto err;
 		}
-	if (listen(s,5) == -1) goto err;
+	/* Make it 128 for linux */
+	if (listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
@@ -351,6 +362,13 @@ err:
 	return(ret);
 	}
 
+int init_server(sock,port)
+int *sock;
+int port;
+	{
+	return(init_server_long(sock, port, NULL));
+	}
+
 int do_accept(acc_sock, sock, host)
 int acc_sock;
 int *sock;
@@ -399,9 +417,14 @@ redoit:
 */
 
 	if (host == NULL) goto end;
+#ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
 	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
 		sizeof(from.sin_addr.s_addr),AF_INET);
+#else
+	h1=gethostbyaddr((char *)&from.sin_addr,
+		sizeof(struct in_addr),AF_INET);
+#endif
 	if (h1 == NULL)
 		{
 		BIO_printf(bio_err,"bad gethostbyaddr\n");
@@ -435,38 +458,6 @@ end:
 	return(1);
 	}
 
-int socket_ioctl(fd,type,arg)
-int fd;
-long type;
-unsigned long *arg;
-	{
-	int i,err;
-#ifdef WINDOWS
-	i=ioctlsocket(fd,type,arg);
-#else
-	i=ioctl(fd,type,arg);
-#endif
-	if (i < 0)
-		{
-#ifdef WINDOWS
-		err=WSAGetLastError();
-#else
-		err=errno;
-#endif
-		BIO_printf(bio_err,"ioctl on socket failed:error %d\n",err);
-		}
-	return(i);
-	}
-
-int sock_err()
-	{
-#ifdef WINDOWS
-	return(WSAGetLastError());
-#else
-	return(errno);
-#endif
-	}
-
 int extract_host_port(str,host_ptr,ip,port_ptr)
 char *str;
 char **host_ptr;

apps/s_time.c

@@ -1,5 +1,5 @@
 /* apps/s_time.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -56,10 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#undef NO_SHUTDOWN
+#define NO_SHUTDOWN
 
 /*-----------------------------------------
-   cntime - SSL client connection timer program
+   s_time - SSL client connection timer program
    Written and donated by Larry Streepy <streepy@healthcare.com>
   -----------------------------------------*/
 
@@ -67,7 +67,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "x509.h"
@@ -111,7 +111,8 @@ struct tms {
 #include <sys/select.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
@@ -154,10 +155,12 @@ extern int verify_error;
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
+static void s_time_init(void);
 #else
 static void s_time_usage();
 static int parseArgs();
 static SSL *doConnection();
+static void s_time_init();
 #endif
 
 
@@ -180,15 +183,38 @@ static char *s_www_path=NULL;
 static long bytes_read=0; 
 static int st_bugs=0;
 static int perform=0;
-
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-
 #ifdef WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
+static void s_time_init()
+	{
+	host=SSL_CONNECT_NAME;
+	t_cert_file=NULL;
+	t_key_file=NULL;
+	CApath=NULL;
+	CAfile=NULL;
+	tm_cipher=NULL;
+	tm_verify = SSL_VERIFY_NONE;
+	maxTime = SECONDS;
+	tm_ctx=NULL;
+	s_time_meth=NULL;
+	s_www_path=NULL;
+	bytes_read=0; 
+	st_bugs=0;
+	perform=0;
+
+#ifdef FIONBIO
+	t_nbio=0;
+#endif
+#ifdef WIN32
+	exitNow = 0;		/* Set when it's time to exit main */
+#endif
+	}
+
 /***********************************************************************
  * usage - display usage message
  */
@@ -198,13 +224,13 @@ static void s_time_usage()
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
--key arg      - RSA file to use, PEM format assumed, in cert file if\n\
-                not specified but cert fill is.\n\
+-key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
+                file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
--cipher       - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+-cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
 
-	printf( "usage: client <args>\n\n" );
+	printf( "usage: s_time <args>\n\n" );
 
 	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
@@ -237,6 +263,7 @@ char **argv;
 #endif
 
 	apps_startup();
+	s_time_init();
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -396,6 +423,7 @@ char **argv;
 	long finishtime=0;
 	int ret=1,i;
 	MS_STATIC char buf[1024*8];
+	int ver;
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	s_time_meth=SSLv23_client_method();
@@ -412,6 +440,8 @@ char **argv;
 	SSLeay_add_ssl_algorithms();
 	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
 
+	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+
 	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
 	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
 	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
@@ -422,9 +452,9 @@ char **argv;
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
-		BIO_printf(bio_err,"error seting default verify locations\n");
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
-		goto end;
+		/* goto end; */
 		}
 
 	if (tm_cipher == NULL)
@@ -471,11 +501,24 @@ char **argv;
 #else
 		SSL_shutdown(scon);
 #endif
-		SHUTDOWN(SSL_get_fd(scon));
+		SHUTDOWN2(SSL_get_fd(scon));
 
 		nConn += 1;
-		fputc(SSL_session_reused(scon)?'r':
-			(SSL_version(scon))+'0', stdout );
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
 		fflush(stdout);
 
 		SSL_free( scon );
@@ -512,7 +555,7 @@ next:
 #else
 	SSL_shutdown(scon);
 #endif
-	SHUTDOWN(SSL_get_fd(scon));
+	SHUTDOWN2(SSL_get_fd(scon));
 
 	nConn = 0;
 	totalTime = 0.0;
@@ -551,11 +594,24 @@ next:
 #else
 		SSL_shutdown(scon);
 #endif
-		SHUTDOWN(SSL_get_fd(scon));
+		SHUTDOWN2(SSL_get_fd(scon));
 	
 		nConn += 1;
-		fputc(SSL_session_reused(scon)?'r':
-			(SSL_version(scon))+'0', stdout );
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
 		fflush(stdout);
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
@@ -595,8 +651,8 @@ SSL *scon;
 	if ((conn=BIO_new(BIO_s_connect())) == NULL)
 		return(NULL);
 
-/*	BIO_set_port(conn,port);*/
-	BIO_set_hostname(conn,host);
+/*	BIO_set_conn_port(conn,port);*/
+	BIO_set_conn_hostname(conn,host);
 
 	if (scon == NULL)
 		serverCon=(SSL *)SSL_new(tm_ctx);

apps/sc.c

@@ -0,0 +1,784 @@
+/* apps/s_client.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#define USE_SOCKETS
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#include "pem.h"
+#include "s_apps.h"
+
+#ifdef WINDOWS
+/* Most of the #if(n)def WINDOWS put in by Gerrit van Niekerk 
+   <gerritvn@osi.co.za> to support the keyboard under Windows.
+   Tested using Win95, *should* work with NT and Win3.x
+*/
+#include <conio.h>
+#endif
+
+#undef PROG
+#define PROG	s_client_main
+
+/*#define SSL_HOST_NAME	"www.netscape.com" */
+/*#define SSL_HOST_NAME	"193.118.187.102" */
+#define SSL_HOST_NAME	"localhost"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+
+extern int verify_depth;
+extern int verify_error;
+
+#ifdef FIONBIO
+static int c_nbio=0;
+#endif
+static int c_Pause=0;
+static int c_debug=0;
+
+#ifndef NOPROTO
+static void sc_usage(void);
+static void print_stuff(BIO *berr,SSL *con,int full);
+#else
+static void sc_usage();
+static void print_stuff();
+#endif
+
+static BIO *bio_c_out=NULL;
+static int c_quiet=0;
+
+static void sc_usage()
+	{
+	BIO_printf(bio_err,"usage: client args\n");
+	BIO_printf(bio_err,"\n");
+	BIO_printf(bio_err," -host host     - use -connect instead\n");
+	BIO_printf(bio_err," -port port     - use -connect instead\n");
+	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+
+	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
+	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
+	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
+	BIO_printf(bio_err,"                 not specified but cert file is.\n");
+	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
+	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
+	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -debug        - extra output\n");
+	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
+	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
+#ifdef FIONBIO
+	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
+#endif
+	BIO_printf(bio_err," -quiet        - no s_client output\n");
+	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
+	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
+	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
+	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
+	BIO_printf(bio_err,"                 command to see what is available\n");
+
+	}
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+	{
+	int off=0;
+	SSL *con=NULL,*con2=NULL;
+	int s,k,width,state=0;
+	char *cbuf=NULL,*sbuf=NULL;
+	int cbuf_len,cbuf_off;
+	int sbuf_len,sbuf_off;
+	fd_set readfds,writefds;
+	short port=PORT;
+	int full_log=1;
+	char *host=SSL_HOST_NAME;
+	char *cert_file=NULL,*key_file=NULL;
+	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
+	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
+	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+	SSL_CTX *ctx=NULL;
+	int ret=1,in_init=1,i,nbio_test=0;
+	SSL_METHOD *meth=NULL;
+	BIO *sbio;
+	/*static struct timeval timeout={10,0};*/
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+	meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+	meth=SSLv2_client_method();
+#endif
+
+	apps_startup();
+	c_Pause=0;
+	c_quiet=0;
+	c_debug=0;
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
+		((sbuf=Malloc(BUFSIZZ)) == NULL))
+		{
+		BIO_printf(bio_err,"out of memory\n");
+		goto end;
+		}
+
+	verify_depth=0;
+	verify_error=X509_V_OK;
+#ifdef FIONBIO
+	c_nbio=0;
+#endif
+#ifdef WINDOWS
+	c_nbio = 1;
+#endif
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if	(strcmp(*argv,"-host") == 0)
+			{
+			if (--argc < 1) goto bad;
+			host= *(++argv);
+			}
+		else if	(strcmp(*argv,"-port") == 0)
+			{
+			if (--argc < 1) goto bad;
+			port=atoi(*(++argv));
+			if (port == 0) goto bad;
+			}
+		else if (strcmp(*argv,"-connect") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!extract_host_port(*(++argv),&host,NULL,&port))
+				goto bad;
+			}
+		else if	(strcmp(*argv,"-verify") == 0)
+			{
+			verify=SSL_VERIFY_PEER;
+			if (--argc < 1) goto bad;
+			verify_depth=atoi(*(++argv));
+			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+			}
+		else if	(strcmp(*argv,"-cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			cert_file= *(++argv);
+			}
+		else if	(strcmp(*argv,"-quiet") == 0)
+			c_quiet=1;
+		else if	(strcmp(*argv,"-pause") == 0)
+			c_Pause=1;
+		else if	(strcmp(*argv,"-debug") == 0)
+			c_debug=1;
+		else if	(strcmp(*argv,"-nbio_test") == 0)
+			nbio_test=1;
+		else if	(strcmp(*argv,"-state") == 0)
+			state=1;
+#ifndef NO_SSL2
+		else if	(strcmp(*argv,"-ssl2") == 0)
+			meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+		else if	(strcmp(*argv,"-ssl3") == 0)
+			meth=SSLv3_client_method();
+#endif
+#ifndef NO_TLS1
+		else if	(strcmp(*argv,"-tls1") == 0)
+			meth=TLSv1_client_method();
+#endif
+		else if (strcmp(*argv,"-bugs") == 0)
+			bugs=1;
+		else if	(strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			key_file= *(++argv);
+			}
+		else if	(strcmp(*argv,"-reconnect") == 0)
+			{
+			reconnect=5;
+			}
+		else if	(strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CApath= *(++argv);
+			}
+		else if	(strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-no_tls1") == 0)
+			off|=SSL_OP_NO_TLSv1;
+		else if (strcmp(*argv,"-no_ssl3") == 0)
+			off|=SSL_OP_NO_SSLv3;
+		else if (strcmp(*argv,"-no_ssl2") == 0)
+			off|=SSL_OP_NO_SSLv2;
+		else if	(strcmp(*argv,"-cipher") == 0)
+			{
+			if (--argc < 1) goto bad;
+			cipher= *(++argv);
+			}
+#ifdef FIONBIO
+		else if (strcmp(*argv,"-nbio") == 0)
+			{ c_nbio=1; }
+#endif
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badop=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+	if (badop)
+		{
+bad:
+		sc_usage();
+		goto end;
+		}
+
+	if (bio_c_out == NULL)
+		{
+		if (c_quiet)
+			{
+			bio_c_out=BIO_new(BIO_s_null());
+			}
+		else
+			{
+			if (bio_c_out == NULL)
+				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+			}
+		}
+
+	SSLeay_add_ssl_algorithms();
+	ctx=SSL_CTX_new(meth);
+	if (ctx == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (bugs)
+		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+	else
+		SSL_CTX_set_options(ctx,off);
+
+	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+	if (cipher != NULL)
+		SSL_CTX_set_cipher_list(ctx,cipher);
+#if 0
+	else
+		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
+#endif
+
+	SSL_CTX_set_verify(ctx,verify,verify_callback);
+	if (!set_cert_stuff(ctx,cert_file,key_file))
+		goto end;
+
+	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(ctx)))
+		{
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		ERR_print_errors(bio_err);
+		/* goto end; */
+		}
+
+	SSL_load_error_strings();
+
+	con=(SSL *)SSL_new(ctx);
+/*	SSL_set_cipher_list(con,"RC4-MD5"); */
+
+re_start:
+
+	if (init_client(&s,host,port) == 0)
+		{
+		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+		SHUTDOWN(s);
+		goto end;
+		}
+	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
+
+#ifdef FIONBIO
+	if (c_nbio)
+		{
+		unsigned long l=1;
+		BIO_printf(bio_c_out,"turning on non blocking io\n");
+		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+#endif                                              
+	if (c_Pause & 0x01) con->debug=1;
+	sbio=BIO_new_socket(s,BIO_NOCLOSE);
+
+	if (nbio_test)
+		{
+		BIO *test;
+
+		test=BIO_new(BIO_f_nbio_test());
+		sbio=BIO_push(test,sbio);
+		}
+
+	if (c_debug)
+		{
+		con->debug=1;
+		BIO_set_callback(sbio,bio_dump_cb);
+		BIO_set_callback_arg(sbio,bio_c_out);
+		}
+
+	SSL_set_bio(con,sbio,sbio);
+	SSL_set_connect_state(con);
+
+	/* ok, lets connect */
+	width=SSL_get_fd(con)+1;
+
+	read_tty=1;
+	write_tty=0;
+	tty_on=0;
+	read_ssl=1;
+	write_ssl=1;
+	
+	cbuf_len=0;
+	cbuf_off=0;
+	sbuf_len=0;
+	sbuf_off=0;
+
+	for (;;)
+		{
+		FD_ZERO(&readfds);
+		FD_ZERO(&writefds);
+
+		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
+			{
+			in_init=1;
+			tty_on=0;
+			}
+		else
+			{
+			tty_on=1;
+			if (in_init)
+				{
+				in_init=0;
+				print_stuff(bio_c_out,con,full_log);
+				if (full_log > 0) full_log--;
+
+				if (reconnect)
+					{
+					reconnect--;
+					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
+					SSL_shutdown(con);
+					SSL_set_connect_state(con);
+					SHUTDOWN(SSL_get_fd(con));
+					goto re_start;
+					}
+				}
+			}
+
+#ifndef WINDOWS
+		if (tty_on)
+			{
+			if (read_tty)  FD_SET(fileno(stdin),&readfds);
+			if (write_tty) FD_SET(fileno(stdout),&writefds);
+			}
+#endif
+		if (read_ssl)
+			FD_SET(SSL_get_fd(con),&readfds);
+		if (write_ssl)
+			FD_SET(SSL_get_fd(con),&writefds);
+
+/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
+			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+
+#ifndef WINDOWS
+		i=select(width,&readfds,&writefds,NULL,NULL);
+		if ( i < 0)
+			{
+			BIO_printf(bio_err,"bad select %d\n",
+				get_last_socket_error());
+			goto shut;
+			/* goto end; */
+			}
+
+		if (FD_ISSET(SSL_get_fd(con),&writefds))
+#else
+		if (write_ssl)
+#endif
+			{
+			k=SSL_write(con,&(cbuf[cbuf_off]),
+				(unsigned int)cbuf_len);
+			switch (SSL_get_error(con,k))
+				{
+			case SSL_ERROR_NONE:
+				cbuf_off+=k;
+				cbuf_len-=k;
+				if (k <= 0) goto end;
+				/* we have done a  write(con,NULL,0); */
+				if (cbuf_len <= 0)
+					{
+					read_tty=1;
+					write_ssl=0;
+					}
+				else /* if (cbuf_len > 0) */
+					{
+					read_tty=0;
+					write_ssl=1;
+					}
+				break;
+			case SSL_ERROR_WANT_WRITE:
+#ifndef WINDOWS
+				BIO_printf(bio_c_out,"write W BLOCK\n");
+#endif
+				write_ssl=1;
+				read_tty=0;
+				break;
+			case SSL_ERROR_WANT_READ:
+#ifndef WINDOWS
+				BIO_printf(bio_c_out,"write R BLOCK\n");
+#endif
+				write_tty=0;
+				read_ssl=1;
+				write_ssl=0;
+				break;
+			case SSL_ERROR_WANT_X509_LOOKUP:
+				BIO_printf(bio_c_out,"write X BLOCK\n");
+				break;
+			case SSL_ERROR_ZERO_RETURN:
+				if (cbuf_len != 0)
+					{
+					BIO_printf(bio_c_out,"shutdown\n");
+					goto shut;
+					}
+				else
+					{
+					read_tty=1;
+					write_ssl=0;
+					break;
+					}
+				
+			case SSL_ERROR_SYSCALL:
+				if ((k != 0) || (cbuf_len != 0))
+					{
+					BIO_printf(bio_err,"write:errno=%d\n",
+						get_last_socket_error());
+					goto shut;
+					}
+				else
+					{
+					read_tty=1;
+					write_ssl=0;
+					}
+				break;
+			case SSL_ERROR_SSL:
+				ERR_print_errors(bio_err);
+				goto shut;
+				}
+			}
+#ifndef WINDOWS
+		else if (FD_ISSET(fileno(stdout),&writefds))
+#else
+		else if (tty_on && write_tty)
+#endif
+			{
+			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
+
+			if (i <= 0)
+				{
+				BIO_printf(bio_c_out,"DONE\n");
+				goto shut;
+				/* goto end; */
+				}
+
+			sbuf_len-=i;;
+			sbuf_off+=i;
+			if (sbuf_len <= 0)
+				{
+				read_ssl=1;
+				write_tty=0;
+				}
+			}
+#ifndef WINDOWS
+		else if (FD_ISSET(SSL_get_fd(con),&readfds))
+#else
+		if (read_ssl)
+#endif
+			{
+#ifdef RENEG
+{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+#endif
+			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+
+			switch (SSL_get_error(con,k))
+				{
+			case SSL_ERROR_NONE:
+				if (k <= 0)
+					goto end;
+				sbuf_off=0;
+				sbuf_len=k;
+
+				read_ssl=0;
+				write_tty=1;
+				break;
+			case SSL_ERROR_WANT_WRITE:
+#ifndef WINDOWS
+				BIO_printf(bio_c_out,"read W BLOCK\n");
+#endif
+				write_ssl=1;
+				read_tty=0;
+				break;
+			case SSL_ERROR_WANT_READ:
+#ifndef WINDOWS
+				BIO_printf(bio_c_out,"read R BLOCK\n");
+#endif
+				write_tty=0;
+				read_ssl=1;
+				if ((read_tty == 0) && (write_ssl == 0))
+					write_ssl=1;
+				break;
+			case SSL_ERROR_WANT_X509_LOOKUP:
+				BIO_printf(bio_c_out,"read X BLOCK\n");
+				break;
+			case SSL_ERROR_SYSCALL:
+				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
+				goto shut;
+			case SSL_ERROR_ZERO_RETURN:
+				BIO_printf(bio_c_out,"closed\n");
+				goto shut;
+			case SSL_ERROR_SSL:
+				ERR_print_errors(bio_err);
+				goto shut;
+				break;
+				}
+			}
+
+#ifndef WINDOWS
+		else if (FD_ISSET(fileno(stdin),&readfds))
+			{
+			i=read(fileno(stdin),cbuf,BUFSIZZ);
+#else
+		if (tty_on && read_tty && _kbhit())
+			{
+			i = 1;
+			cbuf[0] = _getch();
+#endif
+
+			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
+				{
+				BIO_printf(bio_err,"DONE\n");
+				goto shut;
+				}
+
+			if ((!c_quiet) && (cbuf[0] == 'R'))
+				{
+				SSL_renegotiate(con);
+				read_tty=0;
+				write_ssl=1;
+				}
+			else
+				{
+				cbuf_len=i;
+				cbuf_off=0;
+				}
+
+			read_tty=0;
+			write_ssl=1;
+			}
+		}
+shut:
+	SSL_shutdown(con);
+	SHUTDOWN(SSL_get_fd(con));
+	ret=0;
+end:
+	if (con != NULL) SSL_free(con);
+	if (con2 != NULL) SSL_free(con2);
+	if (ctx != NULL) SSL_CTX_free(ctx);
+	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
+	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
+	if (bio_c_out != NULL)
+		{
+		BIO_free(bio_c_out);
+		bio_c_out=NULL;
+		}
+	EXIT(ret);
+	}
+
+
+static void print_stuff(bio,s,full)
+BIO *bio;
+SSL *s;
+int full;
+	{
+	X509 *peer=NULL;
+	char *p;
+	static char *space="                ";
+	char buf[BUFSIZ];
+	STACK *sk;
+	SSL_CIPHER *c;
+	X509_NAME *xn;
+	int j,i;
+
+	if (full)
+		{
+		sk=SSL_get_peer_cert_chain(s);
+		if (sk != NULL)
+			{
+			BIO_printf(bio,"---\nCertificate chain\n");
+			for (i=0; i<sk_num(sk); i++)
+				{
+				X509_NAME_oneline(X509_get_subject_name((X509 *)
+					sk_value(sk,i)),buf,BUFSIZ);
+				BIO_printf(bio,"%2d s:%s\n",i,buf);
+				X509_NAME_oneline(X509_get_issuer_name((X509 *)
+					sk_value(sk,i)),buf,BUFSIZ);
+				BIO_printf(bio,"   i:%s\n",buf);
+				}
+			}
+
+		BIO_printf(bio,"---\n");
+		peer=SSL_get_peer_certificate(s);
+		if (peer != NULL)
+			{
+			BIO_printf(bio,"Server certificate\n");
+			PEM_write_bio_X509(bio,peer);
+			X509_NAME_oneline(X509_get_subject_name(peer),
+				buf,BUFSIZ);
+			BIO_printf(bio,"subject=%s\n",buf);
+			X509_NAME_oneline(X509_get_issuer_name(peer),
+				buf,BUFSIZ);
+			BIO_printf(bio,"issuer=%s\n",buf);
+			}
+		else
+			BIO_printf(bio,"no peer certificate available\n");
+
+		sk=SSL_get_client_CA_list(s);
+		if ((sk != NULL) && (sk_num(sk) > 0))
+			{
+			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
+			for (i=0; i<sk_num(sk); i++)
+				{
+				xn=(X509_NAME *)sk_value(sk,i);
+				X509_NAME_oneline(xn,buf,sizeof(buf));
+				BIO_write(bio,buf,strlen(buf));
+				BIO_write(bio,"\n",1);
+				}
+			}
+		else
+			{
+			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
+			}
+		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+		if (p != NULL)
+			{
+			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
+			j=i=0;
+			while (*p)
+				{
+				if (*p == ':')
+					{
+					BIO_write(bio,space,15-j%25);
+					i++;
+					j=0;
+					BIO_write(bio,((i%3)?" ":"\n"),1);
+					}
+				else
+					{
+					BIO_write(bio,p,1);
+					j++;
+					}
+				p++;
+				}
+			BIO_write(bio,"\n",1);
+			}
+
+		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+			BIO_number_read(SSL_get_rbio(s)),
+			BIO_number_written(SSL_get_wbio(s)));
+		}
+	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
+	c=SSL_get_current_cipher(s);
+	BIO_printf(bio,"%s, Cipher is %s\n",
+		SSL_CIPHER_get_version(c),
+		SSL_CIPHER_get_name(c));
+	if (peer != NULL)
+	{
+		EVP_PKEY *pktmp;
+		BIO_printf(bio,"Server public key is %d bit\n",
+							EVP_PKEY_bits(pktmp));
+		EVP_PKEY_free(pktmp);
+	}
+	SSL_SESSION_print(bio,SSL_get_session(s));
+	BIO_printf(bio,"---\n");
+	if (peer != NULL)
+		X509_free(peer);
+	}
+

apps/server.pem

@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
+MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
+JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
+IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
+FUGcPZf9ND22Etc+AQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

apps/server.srl

@@ -0,0 +1 @@
+01

apps/sess_id.c

@@ -1,5 +1,5 @@
 /* apps/sess_id.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -69,21 +69,17 @@
 #undef PROG
 #define PROG	sess_id_main
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 static char *sess_id_usage[]={
-"usage: crl args\n",
+"usage: sess_id args\n",
 "\n",
 " -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -text           - print ssl session id details\n",
-" -cert           - output certificaet \n",
+" -cert           - output certificate \n",
 " -noout          - no CRL output\n",
+" -context arg    - set the session ID context\n",
 NULL
 };
 
@@ -101,7 +97,7 @@ char **argv;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
-	char *infile=NULL,*outfile=NULL;
+	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
 	char **pp;
 
@@ -109,7 +105,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -145,6 +141,11 @@ char **argv;
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
+		    context=*++argv;
+		    }
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -167,6 +168,17 @@ bad:
 	x=load_sess_id(infile,informat);
 	if (x == NULL) { goto end; }
 
+	if(context)
+	    {
+	    x->sid_ctx_length=strlen(context);
+	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		BIO_printf(bio_err,"Context too long\n");
+		goto end;
+		}
+	    memcpy(x->sid_ctx,context,x->sid_ctx_length);
+	    }
+
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{

apps/speed.c

@@ -1,5 +1,5 @@
 /* apps/speed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -60,8 +60,8 @@
 
 #undef SECONDS
 #define SECONDS		3	
-#define RSA_SECONDS	10	
-#define DSA_SECONDS	10	
+#define RSA_SECONDS	10
+#define DSA_SECONDS	10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -73,8 +73,9 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
+#include <math.h>
 #include "apps.h"
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "crypto.h"
@@ -106,7 +107,8 @@ struct tms {
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
@@ -122,13 +124,21 @@ struct tms {
 #endif
 #ifndef NO_MD5
 #include "md5.h"
+#include "hmac.h"
+#include "evp.h"
 #endif
-#if !defined(NO_SHA) && !defined(NO_SHA1)
+#ifndef NO_SHA1
 #include "sha.h"
 #endif
+#ifndef NO_RMD160
+#include "ripemd.h"
+#endif
 #ifndef NO_RC4
 #include "rc4.h"
 #endif
+#ifndef NO_RC5
+#include "rc5.h"
+#endif
 #ifndef NO_RC2
 #include "rc2.h"
 #endif
@@ -138,6 +148,9 @@ struct tms {
 #ifndef NO_BLOWFISH
 #include "blowfish.h"
 #endif
+#ifndef NO_CAST
+#include "cast.h"
+#endif
 #ifndef NO_RSA
 #include "rsa.h"
 #endif
@@ -165,7 +178,7 @@ struct tms {
 #endif
 
 #undef BUFSIZE
-#define BUFSIZE	((long)1024*8)
+#define BUFSIZE	((long)1024*8+1)
 int run=0;
 
 #ifndef NOPROTO
@@ -248,13 +261,12 @@ char **argv;
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
 	int ret=1;
-#define ALGOR_NUM	11
+#define ALGOR_NUM	14
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
 	long count,rsa_count;
 	int i,j,k,rsa_num,rsa_num2;
-	unsigned int kk;
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
@@ -263,13 +275,20 @@ char **argv;
 #endif
 #ifndef NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
+	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
+#ifndef NO_SHA1
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
+#ifndef NO_RMD160
+	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+#endif
 #ifndef NO_RC4
 	RC4_KEY rc4_ks;
 #endif
+#ifndef NO_RC5
+	RC5_32_KEY rc5_ks;
+#endif
 #ifndef NO_RC2
 	RC2_KEY rc2_ks;
 #endif
@@ -278,6 +297,9 @@ char **argv;
 #endif
 #ifndef NO_BLOWFISH
 	BF_KEY bf_ks;
+#endif
+#ifndef NO_CAST
+	CAST_KEY cast_ks;
 #endif
 	static unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
@@ -292,21 +314,24 @@ char **argv;
 #define	D_MD2		0
 #define	D_MDC2		1
 #define	D_MD5		2
-#define	D_SHA		3
+#define	D_HMAC		3
 #define	D_SHA1		4
-#define	D_RC4		5
-#define	D_CBC_DES	6
-#define	D_EDE3_DES	7
-#define	D_CBC_IDEA	8
-#define	D_CBC_RC2	9
-#define	D_CBC_BF	10
+#define D_RMD160	5
+#define	D_RC4		6
+#define	D_CBC_DES	7
+#define	D_EDE3_DES	8
+#define	D_CBC_IDEA	9
+#define	D_CBC_RC2	10
+#define	D_CBC_RC5	11
+#define	D_CBC_BF	12
+#define	D_CBC_CAST	13
 	double d,results[ALGOR_NUM][SIZE_NUM];
 	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
 	long c[ALGOR_NUM][SIZE_NUM];
 	static char *names[ALGOR_NUM]={
-		"md2","mdc2","md5","sha","sha1","rc4",
+		"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
 		"des cbc","des ede3","idea cbc",
-		"rc2 cbc","blowfish cbc"};
+		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define	R_DSA_512	0
 #define	R_DSA_1024	1
 #define	R_DSA_2048	2
@@ -315,35 +340,41 @@ char **argv;
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
 	RSA *rsa_key[RSA_NUM];
-	DSA *dsa_key[DSA_NUM];
 	long rsa_c[RSA_NUM][2];
-	long dsa_c[DSA_NUM][2];
 #ifndef NO_RSA
 	double rsa_results[RSA_NUM][2];
-#endif
-#ifndef NO_DSA
-	double dsa_results[DSA_NUM][2];
-#endif
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
-	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 	static unsigned char *rsa_data[RSA_NUM]=
 		{test512,test1024,test2048,test4096};
 	static int rsa_data_length[RSA_NUM]={
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
-	int doit[ALGOR_NUM];
+#endif
+#ifndef NO_DSA
+	DSA *dsa_key[DSA_NUM];
+	long dsa_c[DSA_NUM][2];
+	double dsa_results[DSA_NUM][2];
+	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+#endif
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
+	int doit[ALGOR_NUM];
 	int pr_header=0;
 
 	apps_startup();
+#ifdef NO_DSA
+	memset(dsa_key,0,sizeof(dsa_key));
+#endif
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+#ifndef NO_RSA
+	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
+#endif
 
 	if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
@@ -383,13 +414,23 @@ char **argv;
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef NO_SHA
-			if (strcmp(*argv,"sha") == 0) doit[D_SHA]=1;
+#ifndef NO_MD5
+			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
 #ifndef NO_SHA1
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
+			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
+		else
+#endif
+#ifndef NO_RMD160
+			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
+		else
+			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
+		else
+			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+		else
 #endif
 #ifndef NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
@@ -409,7 +450,7 @@ char **argv;
 			}
 		else
 #endif
-			if (strcmp(*argv,"ssleay") == 0) 
+			if (strcmp(*argv,"openssl") == 0) 
 			{
 			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
@@ -429,6 +470,11 @@ char **argv;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
+#ifndef NO_RC5
+		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
+		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+		else
+#endif
 #ifndef NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
@@ -437,6 +483,13 @@ char **argv;
 #ifndef NO_BLOWFISH
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
+		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+		else
+#endif
+#ifndef NO_CAST
+		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
+		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
+		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
 #ifndef NO_DES
@@ -467,17 +520,20 @@ char **argv;
 #endif
 			{
 			BIO_printf(bio_err,"bad value, pick one of\n");
-			BIO_printf(bio_err,"md2      mdc2	md5      sha      sha1\n");
+			BIO_printf(bio_err,"md2      mdc2	md5      hmac      sha1    rmd160\n");
 #ifndef NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
 #ifndef NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef NO_RC2
+#ifndef NO_RC5
+			BIO_printf(bio_err,"rc5-cbc  ");
+#endif
+#ifndef NO_BLOWFISH
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH)
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
@@ -527,6 +583,14 @@ char **argv;
 			BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
 			goto end;
 			}
+#if 0
+		else
+			{
+			BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+			BN_print(bio_err,rsa_key[i]->e);
+			BIO_printf(bio_err,"\n");
+			}
+#endif
 		}
 #endif
 
@@ -537,9 +601,9 @@ char **argv;
 #endif
 
 #ifndef NO_DES
-	des_set_key((C_Block *)key,sch);
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	des_set_key(key,sch);
+	des_set_key(key2,sch2);
+	des_set_key(key3,sch3);
 #endif
 #ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
@@ -550,9 +614,15 @@ char **argv;
 #ifndef NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
+#ifndef NO_RC5
+	RC5_32_set_key(&rc5_ks,16,key16,12);
+#endif
 #ifndef NO_BLOWFISH
 	BF_set_key(&bf_ks,16,key16);
 #endif
+#ifndef NO_CAST
+	CAST_set_key(&cast_ks,16,key16);
+#endif
 
 	memset(rsa_c,0,sizeof(rsa_c));
 #ifndef SIGALRM
@@ -563,29 +633,32 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
-				&(sch[0]),DES_ENCRYPT);
+			des_ecb_encrypt(buf,buf, &(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
 	c[D_MD5][0]=count;
-	c[D_SHA][0]=count;
+	c[D_HMAC][0]=count;
 	c[D_SHA1][0]=count;
+	c[D_RMD160][0]=count;
 	c[D_RC4][0]=count*5;
 	c[D_CBC_DES][0]=count;
 	c[D_EDE3_DES][0]=count/3;
 	c[D_CBC_IDEA][0]=count;
 	c[D_CBC_RC2][0]=count;
+	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
+	c[D_CBC_CAST][0]=count;
 
 	for (i=1; i<SIZE_NUM; i++)
 		{
 		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
 		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
 		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
-		c[D_SHA][i]=c[D_SHA][0]*4*lengths[0]/lengths[i];
+		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
+		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
 		}
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -598,7 +671,9 @@ char **argv;
 		c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
 		c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
 		c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
+		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
+		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
@@ -610,7 +685,7 @@ char **argv;
 			rsa_doit[i]=0;
 		else
 			{
-			if (rsa_c[i] == 0)
+			if (rsa_c[i][0] == 0)
 				{
 				rsa_c[i][0]=1;
 				rsa_c[i][1]=20;
@@ -636,7 +711,7 @@ char **argv;
 			}				
 		}
 
-#define COND(d)	(count != (d))
+#define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
 #define COND(c)	(run)
@@ -685,7 +760,7 @@ char **argv;
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(buf,(unsigned long)lengths[j],&(md5[0]));
+				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
@@ -694,19 +769,27 @@ char **argv;
 		}
 #endif
 
-#ifndef NO_SHA
-	if (doit[D_SHA])
+#ifndef NO_MD5
+	if (doit[D_HMAC])
 		{
+		HMAC_CTX hctx;
+		HMAC_Init(&hctx,(unsigned char *)"This is a key...",
+			16,EVP_md5());
+
 		for (j=0; j<SIZE_NUM; j++)
 			{
-			print_message(names[D_SHA],c[D_SHA][j],lengths[j]);
+			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
 			Time_F(START);
-			for (count=0,run=1; COND(c[D_SHA][j]); count++)
-				SHA(buf,(unsigned long)lengths[j],&(sha[0]));
+			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+				{
+				HMAC_Init(&hctx,NULL,0,NULL);
+                                HMAC_Update(&hctx,buf,lengths[j]);
+                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+				}
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_SHA],d);
-			results[D_SHA][j]=((double)count)/d*lengths[j];
+				count,names[D_HMAC],d);
+			results[D_HMAC][j]=((double)count)/d*lengths[j];
 			}
 		}
 #endif
@@ -726,6 +809,22 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_RMD160
+	if (doit[D_RMD160])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_RMD160],d);
+			results[D_RMD160][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 #ifndef NO_RC4
 	if (doit[D_RC4])
 		{
@@ -751,10 +850,8 @@ char **argv;
 			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
-				des_ncbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				des_ncbc_encrypt(buf,buf,lengths[j],sch,
+						 &(iv[0]),DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_DES],d);
@@ -769,10 +866,9 @@ char **argv;
 			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
-				des_ede3_cbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,sch2,sch3,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				des_ede3_cbc_encrypt(buf,buf,lengths[j],
+						     sch,sch2,sch3,
+						     &(iv[0]),DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_EDE3_DES],d);
@@ -816,6 +912,24 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_RC5
+	if (doit[D_CBC_RC5])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
+				RC5_32_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&rc5_ks,
+					(unsigned char *)&(iv[0]),RC5_ENCRYPT);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_CBC_RC5],d);
+			results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 #ifndef NO_BLOWFISH
 	if (doit[D_CBC_BF])
 		{
@@ -834,14 +948,35 @@ char **argv;
 			}
 		}
 #endif
+#ifndef NO_CAST
+	if (doit[D_CBC_CAST])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
+				CAST_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&cast_ks,
+					(unsigned char *)&(iv[0]),CAST_ENCRYPT);
+			d=Time_F(STOP);
+			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+				count,names[D_CBC_CAST],d);
+			results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+			}
+		}
+#endif
 
 	RAND_bytes(buf,30);
 #ifndef NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
 		if (!rsa_doit[j]) continue;
+		rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
+			RSA_PKCS1_PADDING);
 		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
 			RSA_SECONDS);
+/*		RSA_blinding_on(rsa_key[j],NULL); */
 		Time_F(START);
 		for (count=0,run=1; COND(rsa_c[j][0]); count++)
 			{
@@ -861,6 +996,9 @@ char **argv;
 		rsa_results[j][0]=d/(double)count;
 		rsa_count=count;
 
+#if 1
+		rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
+			RSA_PKCS1_PADDING);
 		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
 			RSA_SECONDS);
 		Time_F(START);
@@ -880,6 +1018,7 @@ char **argv;
 		BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
 			count,rsa_bits[j],d);
 		rsa_results[j][1]=d/(double)count;
+#endif
 
 		if (rsa_count <= 1)
 			{
@@ -894,9 +1033,13 @@ char **argv;
 #ifndef NO_DSA
 	for (j=0; j<DSA_NUM; j++)
 		{
+		unsigned int kk;
+
 		if (!dsa_doit[j]) continue;
 		DSA_generate_key(dsa_key[j]);
 /*		DSA_sign_setup(dsa_key[j],NULL); */
+		rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+			&kk,dsa_key[j]);
 		pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
 			DSA_SECONDS);
 		Time_F(START);
@@ -918,6 +1061,8 @@ char **argv;
 		dsa_results[j][0]=d/(double)count;
 		rsa_count=count;
 
+		rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+			kk,dsa_key[j]);
 		pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
 			DSA_SECONDS);
 		Time_F(START);
@@ -966,7 +1111,7 @@ char **argv;
 #ifndef NO_BLOWFISH
 	printf("%s ",BF_options());
 #endif
-	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
 
 	if (pr_header)
 		{
@@ -980,7 +1125,7 @@ char **argv;
 	for (k=0; k<ALGOR_NUM; k++)
 		{
 		if (!doit[k]) continue;
-		fprintf(stdout,"%-12s",names[k]);
+		fprintf(stdout,"%-13s",names[k]);
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			if (results[k][j] > 10000)
@@ -995,9 +1140,14 @@ char **argv;
 	for (k=0; k<RSA_NUM; k++)
 		{
 		if (!rsa_doit[k]) continue;
-		if (j) { printf("%18ssign    verify\n"," "); j=0; }
-		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs",
-			rsa_bits[k],rsa_results[k][0],rsa_results[k][1]);
+		if (j)
+			{
+			printf("%18ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		fprintf(stdout,"\n");
 		}
 #endif
@@ -1006,9 +1156,13 @@ char **argv;
 	for (k=0; k<DSA_NUM; k++)
 		{
 		if (!dsa_doit[k]) continue;
-		if (j) { printf("%18ssign    verify\n"," "); j=0; }
-		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs",
-			dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+		if (j)	{
+			printf("%18ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		fprintf(stdout,"\n");
 		}
 #endif
@@ -1066,3 +1220,4 @@ int tm;
 	num=num;
 #endif
 	}
+

apps/ssleay.c

@@ -1,339 +0,0 @@
-/* apps/ssleay.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define DEBUG
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#ifdef WIN16
-#define APPS_WIN16
-#endif
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#define SSLEAY	/* turn off a few special case MONOLITH macros */
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define SSLEAY_SRC
-#include "apps.h"
-#include "s_apps.h"
-#include "err.h"
-
-
-#ifndef NOPROTO
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
-static void sig_stop(int i);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-static void sig_stop();
-#endif
-
-LHASH *config=NULL;
-char *default_config_file=NULL;
-
-#ifdef DEBUG
-static void sig_stop(i)
-int i;
-	{
-	char *a=NULL;
-
-	*a='\0';
-	}
-#endif
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-BIO *bio_err=NULL;
-#endif
-
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
-	{
-	ARGS arg;
-#define PROG_NAME_SIZE	16
-	char pname[PROG_NAME_SIZE];
-	FUNCTION f,*fp;
-	MS_STATIC char *prompt,buf[1024],config_name[256];
-	int n,i,ret=0;
-	int argc;
-	char **argv,*p;
-	LHASH *prog=NULL;
-	long errline;
- 
-	arg.data=NULL;
-	arg.count=0;
-
-	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
-	apps_startup();
-
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
-	signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
-	signal(SIGSEGV,sig_stop);
-#endif
-#endif
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
-
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-
-	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
-	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
-		p=config_name;
-		}
-
-	default_config_file=p;
-
-	config=CONF_load(config,p,&errline);
-	if (config == NULL) ERR_clear_error();
-
-	prog=prog_init();
-
-	/* first check the program name */
-	program_name(Argv[0],pname,PROG_NAME_SIZE);
-
-	f.name=pname;
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		Argv[0]=pname;
-		ret=fp->func(Argc,Argv);
-		goto end;
-		}
-
-	/* ok, now check that there are not arguments, if there are,
-	 * run with them, shifting the ssleay off the front */
-	if (Argc != 1)
-		{
-		Argc--;
-		Argv++;
-		ret=do_cmd(prog,Argc,Argv);
-		if (ret < 0) ret=0;
-		goto end;
-		}
-
-	/* ok, lets enter the old 'SSLeay>' mode */
-	
-	for (;;)
-		{
-		ret=0;
-		p=buf;
-		n=1024;
-		i=0;
-		for (;;)
-			{
-			p[0]='\0';
-			if (i++)
-				prompt=">";
-			else	prompt="SSLeay>";
-			fputs(prompt,stdout);
-			fflush(stdout);
-			fgets(p,n,stdin);
-			if (p[0] == '\0') goto end;
-			i=strlen(p);
-			if (i <= 1) break;
-			if (p[i-2] != '\\') break;
-			i-=2;
-			p+=i;
-			n-=i;
-			}
-		if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
-		ret=do_cmd(prog,argc,argv);
-		if (ret < 0)
-			{
-			ret=0;
-			goto end;
-			}
-		if (ret != 0)
-			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		}
-	BIO_printf(bio_err,"bad exit\n");
-	ret=1;
-end:
-	if (config != NULL)
-		{
-		CONF_free(config);
-		config=NULL;
-		}
-	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) Free(arg.data);
-	ERR_remove_state(0);
-
-	EVP_cleanup();
-
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err=NULL;
-		}
-	EXIT(ret);
-	}
-
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
-	{
-	FUNCTION f,*fp;
-	int i,ret=1,tp,nl;
-
-	if ((argc <= 0) || (argv[0] == NULL))
-		{ ret=0; goto end; }
-	f.name=argv[0];
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		ret=fp->func(argc,argv);
-		}
-	else if ((strcmp(argv[0],"quit") == 0) ||
-		(strcmp(argv[0],"q") == 0) ||
-		(strcmp(argv[0],"exit") == 0) ||
-		(strcmp(argv[0],"bye") == 0))
-		{
-		ret= -1;
-		goto end;
-		}
-	else
-		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
-			argv[0]);
-		i=0;
-		fp=functions;
-		tp=0;
-		for (fp=functions; fp->name != NULL; fp++)
-			{
-			nl=0;
-			if (((i++) % 5) == 0)
-				{
-				BIO_printf(bio_err,"\n");
-				nl=1;
-				}
-			if (fp->type != tp)
-				{
-				tp=fp->type;
-				if (!nl) BIO_printf(bio_err,"\n");
-				if (tp == FUNC_TYPE_MD)
-					{
-					i=1;
-					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
-					}
-				else if (tp == FUNC_TYPE_CIPHER)
-					{
-					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
-					}
-				}
-			BIO_printf(bio_err,"%-15s",fp->name);
-			}
-		BIO_printf(bio_err,"\nquit\n");
-		ret=0;
-		}
-end:
-	return(ret);
-	}
-
-static LHASH *prog_init()
-	{
-	LHASH *ret;
-	FUNCTION *f;
-
-	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
-
-	for (f=functions; f->name != NULL; f++)
-		lh_insert(ret,(char *)f);
-	return(ret);
-	}
-
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
-	{
-	return(strncmp(a->name,b->name,8));
-	}
-
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
-	{
-	return(lh_strhash(a->name));
-	}
-
-#undef SSLEAY

apps/ssleay.cnf

@@ -1,116 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $ENV::HOME/.rnd
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ x509v3_extensions ]
-
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
-
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
-
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
-

apps/testrsa.h

@@ -1,5 +1,5 @@
 /* apps/testrsa.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -57,475 +57,461 @@
  */
 
 static unsigned char test512[]={
-	0x30,0x82,0x01,0x39,0x02,0x01,0x00,0x02,0x40,0x48,
-	0xd3,0xa9,0x8f,0x3b,0x92,0xce,0x20,0xcc,0xc7,0xe8,
-	0x1f,0x28,0x67,0xdb,0xd1,0xb3,0x06,0x94,0x7d,0x9b,
-	0x88,0x05,0x9d,0xf5,0xab,0x36,0xaa,0x3f,0x15,0xcd,
-	0x40,0x0a,0x76,0xfd,0xab,0x33,0xfa,0x07,0x31,0xc8,
-	0x0d,0xa8,0x23,0x60,0x4e,0xd4,0xda,0x2e,0xed,0xbc,
-	0x43,0x8a,0xc0,0xd8,0xd9,0xf4,0xcb,0xfa,0x12,0xa2,
-	0xec,0x49,0x31,0x02,0x03,0x01,0x00,0x01,0x02,0x40,
-	0x02,0x5e,0x80,0x61,0x9c,0x7a,0x86,0x22,0x23,0x07,
-	0x4d,0xd1,0xd5,0xaa,0xab,0x48,0x03,0x1e,0xef,0xad,
-	0xb6,0x65,0x92,0x69,0x35,0x18,0xc0,0xca,0x81,0x0a,
-	0xe0,0x86,0x6f,0xec,0x00,0x0f,0x1d,0x08,0x43,0xc8,
-	0x82,0x7d,0x89,0xc4,0x3a,0xc4,0x44,0x6a,0x10,0xc6,
-	0xdd,0xd0,0x63,0x1c,0x65,0xd6,0x09,0xc5,0x00,0x51,
-	0x2b,0xc3,0x7c,0xc1,0x02,0x21,0x00,0x8f,0x03,0xfc,
-	0x35,0x08,0xae,0x85,0x41,0x35,0x30,0x02,0xbd,0x96,
-	0xaa,0x84,0x60,0x75,0xb5,0x0c,0x2b,0x64,0xbf,0x28,
-	0x26,0xe2,0x76,0xfd,0xec,0xdc,0x94,0x36,0xcd,0x02,
-	0x21,0x00,0x82,0x5c,0x6f,0x13,0x93,0x98,0x41,0xf7,
-	0x81,0x54,0x3f,0xd7,0x8e,0x06,0x64,0xd9,0x29,0x04,
-	0xfc,0x12,0x46,0x17,0xab,0x9a,0x9f,0xa7,0xd3,0x8a,
-	0xa0,0xcd,0x33,0xf5,0x02,0x21,0x00,0x8a,0xf4,0xe7,
-	0x4f,0xac,0x40,0xcd,0xae,0xbe,0xfc,0x08,0x1d,0xa7,
-	0xcf,0xc4,0x51,0x68,0xec,0xe1,0x87,0x24,0x1b,0x6b,
-	0xea,0xe4,0x2d,0x93,0xa9,0x59,0xe5,0x14,0x9d,0x02,
-	0x20,0x70,0x6b,0xd2,0x86,0xe9,0x74,0x16,0xff,0xa1,
-	0x92,0xcc,0x73,0xd2,0x51,0x85,0x4b,0x19,0xea,0xe8,
-	0x8f,0xc1,0xce,0xcb,0xf8,0xce,0xd2,0xe6,0xc5,0xd8,
-	0xa2,0xde,0xb9,0x02,0x20,0x0f,0x73,0xf0,0xf0,0x91,
-	0x53,0xdf,0x4f,0x37,0xf8,0x3f,0x1f,0x82,0x59,0xe3,
-	0xe8,0xaa,0x04,0x64,0xd1,0x51,0x77,0xa8,0x36,0x65,
-	0x8c,0x6d,0x91,0xf8,0xb2,0xc3,0x03,
+	0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
+	0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
+	0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
+	0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
+	0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
+	0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
+	0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
+	0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
+	0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
+	0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
+	0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
+	0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
+	0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
+	0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
+	0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
+	0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
+	0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
+	0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
+	0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
+	0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
+	0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
+	0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
+	0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
+	0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
+	0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
+	0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
+	0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
+	0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
+	0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
+	0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
+	0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
 	};
 
 static unsigned char test1024[]={
-	0x30,0x82,0x02,0x58,0x02,0x01,0x00,0x02,
-	0x81,0x80,0x53,0x66,0xb3,0x9b,0xd1,0xde,
-	0xb6,0x55,0x67,0xdc,0xe1,0x91,0xdb,0xc7,
-	0xf2,0xef,0xcc,0x98,0x48,0xbe,0x22,0xb2,
-	0xa5,0x92,0x88,0xa2,0xe7,0xf6,0x8a,0xea,
-	0xc1,0x5e,0xd8,0xb3,0xd6,0xb8,0x9a,0xb7,
-	0xf8,0xaa,0x9d,0x0a,0xa1,0x9e,0xb5,0x81,
-	0xd4,0xd9,0x86,0x92,0x49,0x1d,0x30,0x50,
-	0x18,0x4f,0x40,0x52,0x3c,0xf2,0xb7,0x14,
-	0x5f,0x06,0x4d,0x92,0xab,0x0d,0xe5,0x61,
-	0x9a,0xb3,0xdf,0xb0,0xaa,0x88,0x7d,0x47,
-	0x78,0xbf,0xd5,0x15,0x88,0x6b,0xe7,0x43,
-	0xd3,0x96,0x15,0xed,0x5b,0x33,0xff,0x9d,
-	0x06,0x88,0xb6,0xe1,0x21,0xcb,0xe8,0xb5,
-	0xe3,0x3c,0xef,0xb6,0xe7,0x89,0xc0,0x44,
-	0x71,0x6b,0x38,0xe2,0x7a,0xd4,0x92,0x49,
-	0x14,0xcf,0x36,0xc1,0x7d,0xa4,0x13,0x7a,
-	0xb7,0x3f,0x02,0x01,0x03,0x02,0x81,0x80,
-	0x37,0x99,0xcd,0x12,0x8b,0xe9,0xce,0xe3,
-	0x9a,0x93,0x41,0x0b,0xe7,0xda,0xa1,0xf5,
-	0x33,0x10,0x30,0x7e,0xc1,0xcc,0x6e,0x61,
-	0xb0,0x6c,0x9a,0xa4,0x5c,0x9c,0x80,0xe9,
-	0xe5,0xcd,0x39,0xd0,0x67,0x25,0x50,0x71,
-	0xbe,0x07,0x16,0x69,0xce,0x56,0x8d,0xe6,
-	0x59,0xb6,0xdb,0x68,0xca,0xe0,0x10,0x34,
-	0xd5,0x8c,0x28,0xa1,0xcf,0x62,0xea,0x03,
-	0x70,0xc5,0x5e,0x5e,0x08,0x04,0xb3,0x37,
-	0x06,0x45,0x20,0xe5,0x69,0x8a,0x49,0x7d,
-	0x05,0x47,0x1a,0x33,0x0d,0xfd,0x7f,0xf7,
-	0x7b,0xac,0x2a,0x07,0xc3,0x04,0xbf,0xb2,
-	0x41,0x26,0xfa,0xf8,0xf1,0x88,0x06,0x25,
-	0xb7,0xe7,0x57,0xe4,0x4c,0xc6,0x57,0xd1,
-	0x6a,0xbb,0x9a,0xdc,0x45,0x5f,0x48,0x6f,
-	0x8d,0x75,0xb5,0x7d,0xd6,0x6a,0x03,0x2b,
-	0x02,0x41,0x00,0x97,0x52,0x4f,0x91,0xe0,
-	0xc1,0x67,0x42,0xb0,0x41,0xf2,0xc5,0x56,
-	0x6f,0x66,0x5e,0x5c,0x4e,0x7f,0xc7,0xaf,
-	0xef,0x2d,0x60,0xbd,0x00,0x3b,0x07,0xed,
-	0xec,0xfa,0x12,0x14,0xd0,0xc1,0x32,0xd3,
-	0x47,0x50,0xb9,0x0f,0xd5,0xbd,0x0d,0xd1,
-	0xcf,0xef,0x71,0x1c,0x0c,0xa4,0x2c,0x74,
-	0x2a,0xed,0x5d,0x9b,0x00,0x68,0xec,0x51,
-	0x33,0x73,0xa1,0x02,0x41,0x00,0x8d,0x18,
-	0x4d,0xee,0xf8,0x99,0x26,0x9e,0xa6,0x07,
-	0x06,0x6b,0x08,0x88,0xa4,0x25,0xf0,0xdc,
-	0x61,0x57,0xa2,0x58,0x66,0x42,0x1f,0x6a,
-	0xe1,0x20,0x6d,0x28,0xec,0xeb,0x40,0x55,
-	0xe8,0x23,0xab,0x22,0x89,0x4b,0x4c,0x06,
-	0x26,0xa5,0x7b,0x4a,0xfe,0x3f,0xfc,0xbc,
-	0x6e,0x5d,0xb6,0x0f,0x3a,0xca,0x47,0x90,
-	0x84,0x7b,0x00,0xa8,0x3e,0xdf,0x02,0x40,
-	0x64,0xe1,0x8a,0x61,0x40,0x80,0xef,0x81,
-	0xca,0xd6,0xa1,0xd8,0xe4,0x4a,0x44,0x3e,
-	0xe8,0x34,0x55,0x2f,0xca,0x9f,0x73,0x95,
-	0xd3,0x55,0x7c,0xaf,0xf3,0xf3,0x51,0x61,
-	0x63,0x35,0xd6,0x21,0xe2,0x2f,0x8b,0x26,
-	0x0a,0x8e,0x7e,0x09,0x36,0x8a,0x9f,0xa0,
-	0xbd,0x5d,0xc2,0xc8,0x4d,0x71,0xf3,0x93,
-	0xbc,0xaa,0xf0,0x9d,0x8b,0x77,0xa2,0x6b,
-	0x02,0x40,0x5e,0x10,0x33,0xf4,0xa5,0xbb,
-	0x6f,0x14,0x6e,0xaf,0x59,0x9c,0xb0,0x5b,
-	0x18,0x19,0x4b,0x3d,0x96,0x3a,0x6c,0x3a,
-	0xee,0xd6,0xbf,0x9c,0x96,0x15,0x9e,0x1b,
-	0x48,0x9c,0xd5,0x8e,0x9a,0xc2,0x72,0x17,
-	0x06,0x32,0x32,0xae,0xc4,0x6e,0x52,0x31,
-	0xfe,0xd5,0x53,0x28,0x49,0x93,0xce,0xb4,
-	0xd1,0xdc,0x2f,0xb5,0xad,0xa7,0x55,0xc5,
-	0x7f,0x3f,0x02,0x40,0x37,0xa4,0xcc,0xd7,
-	0x63,0x63,0x6b,0x53,0xd6,0xf3,0xf2,0xfe,
-	0xeb,0x8d,0x4a,0x3d,0xab,0x97,0xfe,0xf8,
-	0x27,0xc5,0x87,0xc7,0xbf,0x2c,0xef,0xae,
-	0xcb,0x61,0x62,0x5e,0x30,0x86,0x8f,0xb5,
-	0x0e,0xeb,0x9a,0xa9,0x09,0x6a,0x4e,0x1c,
-	0xc7,0x1e,0xa2,0xce,0x8e,0xc2,0xc8,0x15,
-	0x13,0x06,0x47,0x9e,0x7c,0x2a,0x3c,0x62,
-	0x26,0xf0,0x9c,0x86,
+	0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
+	0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
+	0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
+	0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
+	0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
+	0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
+	0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
+	0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
+	0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
+	0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
+	0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
+	0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
+	0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
+	0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
+	0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
+	0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
+	0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
+	0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
+	0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
+	0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
+	0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
+	0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
+	0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
+	0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
+	0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
+	0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
+	0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
+	0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
+	0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
+	0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
+	0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
+	0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
+	0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
+	0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
+	0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
+	0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
+	0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
+	0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
+	0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
+	0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
+	0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
+	0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
+	0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
+	0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
+	0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
+	0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
+	0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
+	0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
+	0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
+	0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
+	0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
+	0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
+	0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
+	0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
+	0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
+	0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
+	0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
+	0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
+	0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
+	0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
+	0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
 	};
 
 static unsigned char test2048[]={
-	0x30,0x82,0x04,0xa1,0x02,0x01,0x00,0x02,0x82,0x01,
-	0x00,0x7a,0x52,0xa1,0xd0,0xdb,0x8c,0x38,0xcf,0x0f,
-	0x01,0x25,0x98,0xee,0x84,0xc1,0xf3,0x8e,0x90,0xb5,
-	0x85,0x5e,0x5f,0x3a,0x33,0x8f,0xc6,0x49,0xe0,0x07,
-	0xd3,0x66,0x26,0xcc,0x47,0xc3,0x04,0xcf,0x91,0x74,
-	0x65,0x07,0x56,0x35,0x7d,0x0a,0xbf,0xcd,0xd2,0x8a,
-	0xf9,0x05,0x62,0xc0,0x63,0xc2,0x54,0xb8,0x14,0x89,
-	0x88,0x58,0x1c,0xeb,0xbc,0xbf,0xf2,0x0d,0xcb,0x05,
-	0x62,0x1c,0xe9,0x48,0x0f,0x2b,0x8d,0x28,0x67,0x92,
-	0x31,0x86,0xe3,0xa4,0x20,0x80,0xfc,0x5c,0x41,0x9d,
-	0x21,0x6d,0x7f,0x12,0x6b,0x54,0xb1,0x04,0x0f,0x87,
-	0x15,0xd7,0xbf,0xc5,0x6b,0x13,0x81,0x80,0x88,0x1e,
-	0x86,0x16,0x66,0xd9,0xcf,0xa5,0x4e,0xe1,0xcf,0xa4,
-	0x4c,0x38,0xdd,0xf9,0x5d,0x5f,0x30,0xdf,0x0d,0x2b,
-	0xfa,0xa0,0x1f,0xb8,0xe3,0x3c,0x62,0xff,0x13,0xf0,
-	0x61,0xc1,0xcd,0x3c,0xb7,0xc3,0xf7,0xec,0x91,0xcf,
-	0x7c,0x4e,0x11,0x4e,0x96,0x7e,0xe5,0x6c,0x9e,0x1b,
-	0xbe,0x3f,0x71,0xc5,0xb1,0xe6,0xeb,0x7e,0xa3,0x97,
-	0xc1,0xd6,0x1b,0x48,0x4f,0x84,0xaf,0x69,0xc2,0x96,
-	0xed,0xbc,0x81,0xdf,0x5f,0xc6,0xda,0xd3,0x25,0x2d,
-	0xc6,0x9f,0x62,0xd2,0x1c,0xef,0xcb,0x0a,0x75,0xd0,
-	0x23,0x1c,0x3b,0x88,0x22,0x70,0x08,0x05,0x46,0xed,
-	0x8a,0xda,0x45,0x94,0x8d,0x0d,0x9b,0x61,0xf3,0x07,
-	0xdc,0x81,0xaa,0x3c,0xcc,0xad,0x06,0x24,0xd7,0xbc,
-	0x28,0x98,0xb4,0x43,0xe3,0x9b,0x0f,0x93,0xa4,0x6e,
-	0x49,0xea,0x3a,0xe6,0x1e,0x56,0x5a,0xff,0x0c,0x93,
-	0x9e,0x9b,0x28,0x7e,0x63,0xb7,0x71,0x02,0x03,0x01,
-	0x00,0x01,0x02,0x82,0x01,0x00,0x34,0xd9,0x5c,0xb6,
-	0x5b,0x14,0xd3,0x3a,0x8a,0x96,0x09,0x43,0x70,0xd2,
-	0x04,0xe6,0x10,0xd3,0x6e,0xc9,0xc7,0x83,0x47,0x27,
-	0x1d,0xd8,0x22,0xf4,0xdb,0x0c,0xb7,0xd6,0xcd,0x6d,
-	0xb7,0xd1,0x6d,0x48,0xbf,0xcc,0x22,0x86,0x59,0xa7,
-	0xc3,0xac,0x28,0xe5,0xed,0x4b,0x37,0xcb,0x79,0xa9,
-	0xe0,0x3d,0x30,0x27,0x17,0x60,0xc4,0x09,0x02,0xc4,
-	0xd2,0xfd,0x66,0x7e,0x2f,0xbe,0x3b,0x15,0x83,0x1f,
-	0xa2,0xc6,0x63,0x0d,0x94,0x79,0x37,0x79,0x44,0xe1,
-	0x12,0x39,0x76,0x36,0x97,0x07,0xe9,0x41,0xfc,0x98,
-	0x48,0xc8,0x0e,0x24,0x13,0x4e,0x19,0x9f,0xee,0x50,
-	0x9b,0xe5,0xd8,0xbd,0x76,0xca,0xa2,0x05,0x1f,0xd7,
-	0xf9,0xe9,0x01,0xe0,0xef,0x70,0x4b,0x25,0x84,0x66,
-	0x96,0x09,0x0c,0x65,0x0f,0x0b,0xa8,0xd6,0xf5,0xc2,
-	0xe3,0xcb,0x3c,0x43,0x66,0xa4,0x15,0x36,0xa5,0xe2,
-	0x9d,0xe9,0xf7,0x32,0x10,0x0e,0x96,0x57,0xaa,0x84,
-	0xf9,0x4d,0x91,0x37,0x5a,0x80,0x01,0x05,0x63,0x1c,
-	0x6e,0xe6,0x8c,0xf7,0x70,0xc1,0x03,0x4f,0x5d,0xde,
-	0x19,0x90,0x1e,0x53,0x98,0xc9,0xc6,0x41,0x66,0xb0,
-	0xc2,0x6f,0x30,0xfe,0xb1,0x26,0x47,0x82,0x0a,0x7b,
-	0x50,0xf8,0x7c,0x88,0x13,0x4d,0x77,0xa0,0xd0,0xba,
-	0x60,0x87,0x21,0xdd,0x74,0xaa,0x32,0xdb,0xbe,0x23,
-	0xee,0x81,0xc0,0xca,0xc9,0x94,0x2f,0x75,0x78,0x08,
-	0xc4,0x04,0x4e,0x67,0x3c,0xb9,0x99,0xd5,0xe5,0xbc,
-	0x4d,0x6b,0x12,0x59,0xfe,0x55,0xff,0x28,0x0a,0x8d,
-	0x6c,0xb1,0xd3,0x23,0x7c,0x33,0x87,0x35,0xba,0x8c,
-	0xb3,0x51,0x02,0x81,0x81,0x00,0xcb,0xbc,0x6f,0x2c,
-	0xa4,0xbb,0x7b,0x51,0x0e,0xfe,0xdb,0x16,0x83,0x16,
-	0x91,0x4a,0xb9,0x31,0x42,0x81,0x8b,0x39,0x44,0x11,
-	0x8b,0x82,0x6f,0x19,0x58,0xd4,0xba,0x38,0x44,0x95,
-	0xec,0x99,0x32,0x4d,0x98,0xd7,0xad,0x3d,0xd1,0x00,
-	0xd4,0x1e,0x62,0x90,0xc4,0xac,0x65,0x29,0xb7,0x5c,
-	0x7c,0x54,0x55,0x33,0xb9,0x22,0x55,0x61,0xc8,0x08,
-	0xdd,0x5d,0x4d,0xc0,0x19,0xa6,0x89,0x3a,0x33,0x19,
-	0xc7,0x1d,0x43,0x16,0x9e,0x7e,0x47,0xce,0xe3,0xde,
-	0xbb,0x52,0x8d,0xcd,0xe3,0x6a,0xe3,0x79,0x9e,0x27,
-	0x0f,0x6d,0x3b,0x74,0x25,0x39,0xe7,0x87,0x3a,0xad,
-	0x98,0x82,0xfc,0xae,0x7d,0x53,0x41,0x79,0x7e,0xb6,
-	0xdc,0xc5,0x75,0x69,0x47,0xd5,0x83,0x26,0x56,0x32,
-	0xfb,0xdf,0x77,0x9d,0x02,0x81,0x81,0x00,0x99,0xb3,
-	0xb3,0x33,0x1e,0xea,0x65,0x5d,0x57,0x27,0x99,0xad,
-	0xd4,0xb7,0xb5,0x5e,0x6a,0x53,0x9d,0x60,0xe9,0x4f,
-	0xa5,0xd9,0x18,0x24,0x05,0x5b,0xda,0x9a,0x24,0xbe,
-	0xdc,0xb1,0xa9,0x2e,0x18,0xc6,0x54,0xb1,0xff,0x65,
-	0x8a,0xaa,0x2b,0x98,0xab,0x27,0x83,0xe6,0x33,0xf5,
-	0x97,0xa1,0x0b,0x09,0x68,0x98,0x0d,0xa2,0x85,0x06,
-	0x99,0x73,0xec,0x1c,0x6d,0x5c,0x9d,0x23,0x49,0xef,
-	0x05,0xea,0x92,0x99,0xeb,0x0b,0xe8,0x15,0xbc,0x87,
-	0xb3,0x30,0xbf,0x10,0xfe,0x99,0x3b,0xd6,0xe5,0x6c,
-	0x8b,0x58,0xa6,0xfb,0xae,0xe5,0x4f,0x10,0xb0,0x28,
-	0xea,0x85,0x5b,0x9b,0x08,0x38,0x75,0x56,0xc3,0xeb,
-	0x3b,0x47,0xea,0x60,0x86,0x77,0x9b,0x84,0xee,0xc1,
-	0x58,0x60,0x88,0x33,0x18,0xe5,0x02,0x81,0x80,0x17,
-	0x3a,0x74,0xb2,0x72,0x55,0xad,0xc9,0xa0,0x1c,0x0e,
-	0x7e,0x92,0x93,0x90,0x1d,0x24,0xe0,0x28,0xe4,0xfc,
-	0x2a,0x9b,0x48,0x24,0xcf,0xca,0x3a,0xe9,0x95,0xd7,
-	0x65,0x72,0xec,0x64,0xfd,0x52,0x6e,0xe6,0x6e,0x30,
-	0xa2,0x4b,0xa1,0xfc,0x8d,0x3a,0x4f,0xa7,0x1c,0xc0,
-	0xab,0xf0,0xeb,0xea,0x80,0xf2,0xf5,0xe2,0xb5,0xb7,
-	0x66,0x5e,0x98,0x24,0x24,0xef,0x28,0x67,0xc4,0x45,
-	0x01,0x0d,0xb2,0x72,0xb1,0x33,0x64,0xf0,0xcd,0x15,
-	0x02,0xd1,0x98,0x23,0x63,0x56,0x27,0x93,0x36,0x2c,
-	0x99,0x41,0x1e,0xd2,0xf3,0x71,0x43,0xdc,0xba,0xad,
-	0x5b,0x0d,0xa5,0x9d,0x2d,0xd2,0x01,0x52,0xe8,0x9b,
-	0x1e,0x6f,0x04,0x0a,0x47,0xb9,0x0b,0x37,0xd5,0x70,
-	0x0e,0x7e,0xe5,0x71,0x32,0x19,0x41,0x02,0x81,0x80,
-	0x23,0xc3,0x55,0x51,0xf2,0xc2,0x95,0x5d,0x57,0x97,
-	0x26,0x41,0xf5,0x39,0xdd,0xa0,0x9f,0x5a,0xdf,0x46,
-	0x9a,0x62,0xe6,0xf3,0x11,0x93,0xe8,0x0f,0x4c,0x59,
-	0x0b,0x6d,0xc1,0x8a,0x31,0x14,0x41,0xbd,0x7c,0x1d,
-	0x82,0x90,0x8c,0xe8,0x35,0x86,0xab,0x64,0x61,0x63,
-	0x61,0xf9,0xa6,0x13,0x59,0xaf,0x11,0xc0,0x37,0x83,
-	0xf6,0x31,0xe7,0xe8,0xba,0x2a,0x8f,0x23,0xba,0x88,
-	0x68,0x7e,0x8e,0x40,0xdb,0x65,0xa6,0xf4,0x39,0x47,
-	0x3d,0x7b,0xd1,0xac,0xe8,0xf8,0x3a,0x55,0x4b,0x40,
-	0x20,0x57,0xd6,0x40, 0x85,0x72,0x10,0x6a,0xd8,0xaf,
-	0xc8,0x5d,0x6c,0xdc,0x24,0xc9,0x78,0xeb,0x32,0x1a,
-	0x43,0x31,0xeb,0xb4,0x3b,0x0b,0xc4,0x9d,0xf5,0xf8,
-	0xc3,0x59,0x07,0x88,0x46,0x88,0xa5,0x25,0x02,0x81,
-	0x80,0x55,0xf5,0x12,0x2e,0x48,0xce,0xef,0xb3,0x1d,
-	0xbf,0xab,0x06,0xf7,0x09,0x8c,0xf0,0x1a,0xe9,0xfa,
-	0x01,0xf9,0x97,0xa4,0x57,0x6f,0x7a,0x73,0x63,0x2a,
-	0x57,0x30,0x97,0xce,0xf7,0xe5,0xd4,0x8c,0x35,0xa2,
-	0x12,0xb7,0xf3,0xf6,0x66,0x76,0x9e,0x90,0x3f,0xb4,
-	0x70,0x0f,0x99,0x7a,0xc9,0x36,0xcf,0x46,0x74,0x39,
-	0x91,0xf2,0x66,0xa2,0x55,0x19,0x1b,0x70,0xe3,0xd6,
-	0x9a,0x8b,0x94,0x79,0x18,0x8a,0x93,0xcf,0x27,0x2a,
-	0xc1,0xb3,0xda,0x51,0x52,0x9d,0x14,0xb7,0xc9,0x2e,
-	0x2f,0x75,0x6d,0xc9,0xdb,0x8f,0x69,0xa7,0xc9,0x5e,
-	0x1f,0x9d,0x3c,0x6e,0x1f,0xa4,0x08,0x33,0x0a,0x7a,
-	0xde,0x90,0x18,0xf2,0x43,0xf7,0x60,0x8b,0x51,0xa3,
-	0x50,0xf8,0x52,0xfc,0xed,0x5c,0x63,0xbc,0x1a,
+	0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
+	0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
+	0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
+	0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
+	0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
+	0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
+	0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
+	0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
+	0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
+	0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
+	0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
+	0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
+	0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
+	0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
+	0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
+	0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
+	0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
+	0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
+	0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
+	0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
+	0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
+	0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
+	0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
+	0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
+	0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
+	0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
+	0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
+	0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
+	0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
+	0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
+	0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
+	0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
+	0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
+	0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
+	0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
+	0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
+	0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
+	0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
+	0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
+	0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
+	0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
+	0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
+	0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
+	0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
+	0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
+	0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
+	0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
+	0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
+	0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
+	0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
+	0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
+	0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
+	0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
+	0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
+	0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
+	0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
+	0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
+	0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
+	0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
+	0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
+	0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
+	0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
+	0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
+	0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
+	0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
+	0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
+	0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
+	0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
+	0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
+	0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
+	0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
+	0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
+	0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
+	0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
+	0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
+	0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
+	0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
+	0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
+	0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
+	0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
+	0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
+	0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
+	0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
+	0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
+	0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
+	0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
+	0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
+	0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
+	0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
+	0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
+	0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
+	0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
+	0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
+	0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
+	0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
+	0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
+	0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
+	0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
+	0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
+	0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
+	0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
+	0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
+	0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
+	0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
+	0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
+	0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
+	0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
+	0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
+	0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
+	0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
+	0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
+	0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
+	0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
+	0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
+	0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
+	0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
+	0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
+	0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
+	0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
+	0x95,
 	};
 
 static unsigned char test4096[]={
-	0x30,0x82,0x09,0x28,0x02,0x01,0x00,0x02,0x82,0x02,
-	0x01,0x00,0x92,0x1f,0x39,0xc3,0x7c,0xc2,0xfe,0x5c,
-	0x2c,0x83,0x5d,0x08,0x5e,0x76,0xe6,0x53,0x30,0x86,
-	0x47,0x62,0xe9,0x21,0x22,0x2c,0xeb,0x3b,0xe5,0xb3,
-	0x30,0xbf,0x1c,0x37,0x23,0xe2,0x4b,0x27,0xf2,0x8c,
-	0x6a,0x8c,0xcb,0x54,0xf0,0x47,0x91,0xbc,0x3b,0x41,
-	0x6d,0xa6,0xe3,0x9b,0x25,0x3e,0x2f,0x3d,0x8e,0x67,
-	0x9d,0xe9,0x2b,0x7d,0xcd,0x39,0xf5,0xc9,0x2b,0xd0,
-	0xe5,0xe6,0xe7,0x62,0x1e,0x6c,0xe1,0x8f,0xc2,0xa3,
-	0xc9,0x02,0x11,0xf3,0x51,0x63,0x27,0x25,0x82,0x01,
-	0xaa,0x0a,0x68,0x6d,0x4c,0x02,0x5c,0xaf,0xb1,0x72,
-	0xb5,0xf4,0x53,0x43,0xb1,0x90,0x28,0x1b,0x54,0xdd,
-	0xfd,0x57,0x36,0xac,0xf8,0x44,0x34,0x7a,0x85,0x66,
-	0x37,0x62,0xe9,0x80,0xd2,0xe2,0xdc,0xa0,0xe8,0x76,
-	0x09,0x6d,0xc1,0x38,0xac,0x55,0x57,0x44,0xbe,0x0e,
-	0x81,0x0d,0x81,0x63,0xb7,0x73,0xd7,0xbf,0x5d,0x84,
-	0x2f,0x31,0xdc,0x79,0x69,0xf5,0xa9,0x7e,0x60,0x5b,
-	0xc1,0x92,0x26,0xb1,0xf0,0xdf,0x0c,0xe4,0x76,0xf7,
-	0xa3,0x68,0x79,0x9f,0x14,0x5c,0x52,0x97,0x21,0x76,
-	0xd7,0x19,0x8b,0x47,0xc0,0xb6,0x36,0x01,0xa8,0x73,
-	0x54,0xfc,0x61,0xd1,0x64,0x44,0xd3,0x36,0x4b,0xbe,
-	0xc8,0x26,0xcd,0x24,0xb5,0x35,0xdc,0x5a,0xe9,0x25,
-	0x26,0xb4,0x60,0x19,0x1f,0xc7,0x57,0x47,0xd6,0xf1,
-	0x5a,0xae,0xc8,0x16,0xfd,0xa8,0x85,0x0b,0x3a,0xbd,
-	0xd7,0x4c,0xfb,0xd1,0x75,0xa4,0x86,0x91,0x4a,0xb8,
-	0x0a,0x1b,0x83,0xe4,0xce,0x10,0xd2,0x2b,0xe3,0xe4,
-	0x87,0x8c,0xfd,0xb9,0xfb,0x8d,0xb6,0x70,0xa5,0x2b,
-	0xbe,0xe6,0x43,0x4c,0x44,0x09,0x6b,0xd6,0x5a,0xcc,
-	0x89,0x78,0xb7,0xd8,0xc9,0xa9,0x24,0xe9,0xa6,0x87,
-	0x2f,0xd4,0x3f,0xad,0x98,0x32,0x57,0x19,0xf0,0xdd,
-	0x65,0x2e,0x69,0x5f,0x83,0x24,0x3c,0xea,0xc0,0x36,
-	0x88,0xd2,0x1c,0x27,0x29,0x83,0x80,0xd0,0xdf,0xf1,
-	0x1e,0x2d,0x62,0x4c,0x24,0xb1,0xb8,0xa2,0x70,0xc7,
-	0xc5,0xdf,0x8d,0xea,0xf7,0xea,0xb8,0x68,0x99,0x7c,
-	0xd6,0xf0,0x3b,0x6b,0xb0,0xc5,0xb0,0x0c,0x96,0xfd,
-	0x07,0x46,0x5f,0xc8,0xde,0xb4,0x4f,0x7b,0x0f,0xd1,
-	0x71,0x1e,0x84,0x27,0x93,0x95,0xfc,0x7b,0x3f,0x3a,
-	0xf1,0xe9,0x82,0x4f,0x09,0xc0,0x79,0x35,0xb1,0xe4,
-	0x45,0x87,0x26,0xe7,0xf9,0x9a,0xcd,0x63,0x42,0x98,
-	0x9a,0xf8,0x11,0x20,0xf1,0x42,0xd2,0x31,0xdc,0x03,
-	0xb5,0xa9,0xeb,0x87,0x08,0x2a,0x76,0xb4,0xbf,0x0e,
-	0x5b,0xa9,0x52,0xd5,0x12,0xda,0x87,0xfa,0x01,0x23,
-	0x5b,0x78,0x97,0x73,0xcc,0xf8,0x0e,0xf0,0xde,0x34,
-	0x9f,0xb2,0xcd,0x8c,0x5a,0xce,0xd6,0x3f,0x17,0xe1,
-	0x45,0xd5,0xeb,0xab,0x6a,0x47,0x0f,0x3c,0x02,0xfb,
-	0xa5,0xcd,0x85,0x54,0x07,0x0b,0xba,0x74,0x16,0x87,
-	0x2e,0x9e,0xe5,0x2a,0x80,0x4c,0x27,0xc6,0x9e,0xe2,
-	0xfd,0x60,0xa7,0x89,0x13,0x3e,0x03,0x7f,0x55,0xf5,
-	0xd2,0x67,0xab,0x37,0x40,0xbf,0x33,0x03,0xe2,0xd1,
-	0x60,0xcb,0x48,0xae,0x80,0x30,0x87,0xf6,0xd8,0x34,
-	0xef,0x61,0xb3,0x9b,0x75,0x25,0x2a,0xe9,0xfa,0xb6,
-	0x08,0xbe,0xbf,0x80,0x63,0x46,0x77,0x89,0xe7,0x9c,
-	0xd0,0xe4,0x50,0xa9,0x02,0x03,0x01,0x00,0x01,0x02,
-	0x82,0x02,0x00,0x73,0xcb,0x78,0xfc,0x18,0xbf,0x71,
-	0xd0,0xdb,0x99,0x92,0x3d,0x12,0x97,0x08,0xb9,0x3e,
-	0x07,0xfb,0x44,0x3f,0xd8,0xf8,0xfb,0x3d,0xc2,0xee,
-	0xa9,0x8c,0xe4,0xb5,0xd8,0x60,0x80,0x70,0xec,0x8c,
-	0x42,0x88,0x21,0x60,0xf4,0xc3,0xa1,0x03,0xb5,0x76,
-	0x03,0xc8,0x80,0x6b,0x78,0x44,0x10,0x3e,0x61,0x7a,
-	0x9b,0x54,0x41,0x36,0x2c,0xf0,0x58,0x91,0x15,0x45,
-	0xba,0xba,0xa5,0xbc,0x11,0x3e,0x69,0x2c,0x6a,0xbf,
-	0x65,0x09,0xe2,0xb1,0x14,0xf0,0x17,0x32,0x2b,0x80,
-	0x16,0x0f,0x89,0x45,0xed,0xef,0x41,0x23,0xf0,0x3b,
-	0x1f,0xdb,0x5f,0x6e,0x28,0x83,0xea,0xe8,0x4d,0x98,
-	0x78,0x7e,0xce,0x01,0x4f,0x1b,0x42,0xf9,0x8f,0x6a,
-	0x6d,0x71,0x50,0xda,0x18,0x33,0x86,0x82,0x2e,0xa5,
-	0x68,0xfc,0xd9,0xd4,0x38,0x34,0x21,0x41,0x12,0x01,
-	0xc6,0xfe,0xb0,0x14,0x2c,0x50,0x71,0xe5,0xb4,0x09,
-	0xc8,0xb9,0x99,0xba,0xcd,0x20,0x92,0x04,0x2a,0x58,
-	0xf3,0xfd,0xb6,0xf3,0x21,0x29,0xef,0xa8,0x88,0xd8,
-	0x5a,0x30,0x4d,0x97,0xab,0xdf,0xf7,0xb5,0x9f,0x7c,
-	0x6e,0x6f,0xd1,0x17,0x55,0xda,0x3a,0xcb,0x1b,0x8f,
-	0x41,0x2e,0x44,0xfe,0xc3,0x6f,0xc1,0x36,0xdb,0x9d,
-	0x34,0xe7,0xea,0x0f,0xc1,0x9a,0x34,0xbf,0x95,0xef,
-	0x92,0x78,0x54,0x92,0x9e,0xf6,0x57,0x03,0x2c,0xb4,
-	0x01,0xf9,0xc9,0xee,0x58,0x81,0xd5,0x6c,0xf1,0x54,
-	0x30,0xa3,0x10,0xa7,0xb1,0xfa,0x97,0x51,0xe8,0x8b,
-	0x9c,0xc2,0xad,0xc1,0x5c,0xad,0x8c,0x18,0xf1,0x9d,
-	0x1c,0x39,0xeb,0x1a,0x1a,0xab,0x65,0x47,0x00,0x54,
-	0x89,0x4d,0xf4,0x22,0xaf,0x35,0x8a,0x2b,0x11,0x9d,
-	0x73,0xb3,0x48,0xf9,0xe9,0x9b,0x73,0xa8,0xeb,0x32,
-	0x4f,0xf2,0x33,0x5e,0xc8,0xc7,0xe3,0xdb,0xbf,0xcd,
-	0x8a,0x5b,0xbe,0x19,0x91,0xe1,0x34,0x2c,0x6a,0xd8,
-	0x56,0xe4,0x92,0x89,0x6f,0x9c,0xda,0x4d,0x9e,0xca,
-	0xd4,0x2d,0xbb,0x06,0x4b,0x77,0x79,0xe1,0x2e,0xab,
-	0x2e,0x14,0x0f,0xe3,0x6b,0xc6,0x44,0x18,0xdb,0xd0,
-	0x51,0xb4,0x72,0xf5,0x77,0x57,0xe8,0x9c,0xad,0x35,
-	0xb2,0x6c,0x24,0x8b,0x67,0xcc,0xc2,0x6a,0xfa,0xf0,
-	0xd4,0x40,0x19,0xf1,0x76,0x24,0x42,0x25,0x7b,0x5b,
-	0xe1,0x25,0xde,0xa4,0x4d,0x00,0xf1,0x80,0x02,0xd0,
-	0x09,0x48,0x65,0x76,0x8c,0xb3,0x2d,0xe2,0xad,0x87,
-	0x4f,0xbb,0x76,0xa9,0xac,0xa3,0x1d,0xb9,0x0d,0x4c,
-	0xb3,0xba,0xdf,0x62,0x91,0xb5,0x3b,0x00,0x11,0x2b,
-	0x6f,0x74,0x87,0x6d,0xe8,0xed,0x04,0xc4,0xc9,0xf4,
-	0xc9,0xa3,0xc7,0x0a,0xb8,0x80,0xd8,0x5d,0x30,0x4b,
-	0xdc,0x79,0x4a,0x5b,0xa4,0x7d,0xf5,0xb2,0x16,0x02,
-	0x48,0x6d,0x89,0x3a,0xb6,0x3f,0x2d,0x1f,0x91,0xaa,
-	0xd3,0xc8,0x54,0x17,0x5e,0xb3,0x59,0x05,0xb5,0xf3,
-	0xe5,0x2e,0xb1,0x41,0xd6,0x87,0xa5,0xcb,0xd1,0xeb,
-	0x03,0x35,0x7b,0x94,0x06,0x09,0xbb,0x7b,0x67,0x14,
-	0x83,0x65,0xa1,0x82,0x52,0x70,0xf8,0x3c,0xf2,0x21,
-	0xb7,0x26,0xa8,0xdd,0x56,0x75,0xc8,0xda,0xc8,0x05,
-	0x6f,0xba,0xea,0x6a,0x14,0x0f,0x13,0xc6,0x9d,0xea,
-	0xc3,0xb4,0x95,0x9b,0xc4,0x6b,0x35,0xbd,0x10,0xce,
-	0xb6,0xf6,0x07,0x72,0xbd,0x02,0x82,0x01,0x01,0x00,
-	0xcb,0x3c,0x4c,0xfb,0xcf,0xae,0xa9,0xb8,0x2a,0xcc,
-	0x31,0xa3,0x5d,0xce,0x43,0xbf,0xf9,0x93,0x18,0xcc,
-	0x17,0x50,0x67,0x7e,0x52,0x6c,0xd5,0xbf,0x3e,0xc2,
-	0x99,0x56,0xbc,0x7a,0x1a,0xc5,0x92,0x76,0xb3,0x38,
-	0xbf,0xf4,0xf8,0xae,0x41,0x17,0xb0,0x17,0x1b,0x1a,
-	0x4d,0x6b,0x3d,0x0c,0xc1,0x25,0x5c,0x54,0xa7,0x39,
-	0x2c,0x38,0x72,0x1f,0x0a,0xe9,0xd4,0x5b,0xa4,0x81,
-	0x5d,0xf1,0xc2,0xf7,0xd2,0x5c,0x4c,0x7e,0x24,0x02,
-	0x81,0xa1,0x3a,0xf5,0xd0,0x11,0x15,0x4e,0x03,0x3d,
-	0x82,0xfa,0xcd,0x32,0x89,0x10,0xe1,0x4f,0x47,0x32,
-	0x54,0xfc,0x95,0xf2,0x3a,0x58,0x8e,0xbb,0x9b,0xbf,
-	0x7c,0x5b,0xc0,0x73,0x25,0xdc,0x04,0xf6,0x98,0xc1,
-	0xed,0xa9,0x2a,0x6a,0x7b,0xc4,0x8d,0x2a,0x0f,0x51,
-	0xb3,0xa3,0x75,0x79,0x40,0x76,0xf6,0xbe,0xb2,0xd9,
-	0xc1,0x6e,0xb1,0xfa,0x96,0xd2,0xea,0x07,0xee,0xe9,
-	0xf2,0xdb,0x3f,0x20,0xdc,0xe0,0x63,0xdc,0x86,0x7f,
-	0xbb,0xfb,0x60,0x2f,0xc6,0xaf,0x5f,0x46,0x26,0x39,
-	0xcf,0xc4,0x10,0x60,0xf1,0x24,0x9b,0x49,0x5f,0x91,
-	0x3e,0xac,0x7a,0x53,0x3e,0x84,0x71,0xcd,0x9d,0x45,
-	0x3a,0x75,0x87,0x2c,0x96,0xfb,0x03,0xa5,0xc7,0x59,
-	0x9a,0xaa,0x99,0xcf,0x8e,0x89,0x3a,0xdc,0x26,0x06,
-	0xdf,0x14,0x6a,0x95,0xf7,0x88,0x72,0xcb,0x4e,0x91,
-	0xde,0xeb,0x14,0x23,0xac,0x58,0x69,0x84,0x2b,0xea,
-	0xdf,0xc8,0x35,0xb2,0x01,0x9d,0x7f,0xaa,0x73,0x51,
-	0xf5,0xc7,0x2e,0xba,0xa0,0xb4,0x49,0xb6,0x74,0xa3,
-	0x73,0x17,0xc2,0xfa,0xc8,0xf3,0x02,0x82,0x01,0x01,
-	0x00,0xb8,0x0e,0xf8,0x50,0x74,0x42,0x79,0x90,0xd0,
-	0x47,0x8d,0x48,0x2e,0x84,0x3b,0x30,0xe0,0x26,0x31,
-	0x95,0x54,0x34,0x93,0xa0,0x30,0xd5,0x03,0x50,0xb2,
-	0x19,0xbf,0xe8,0x22,0x1f,0xbe,0x40,0xec,0x94,0xd8,
-	0x21,0x17,0xaa,0x95,0xf9,0x62,0xa5,0xf5,0x25,0xd1,
-	0x72,0x36,0x22,0x67,0x94,0xcf,0xc0,0x06,0x22,0x93,
-	0x0d,0x6a,0x22,0xfe,0xff,0xb3,0xc2,0xde,0x8f,0x5f,
-	0x75,0x84,0xe4,0x88,0xf3,0xe4,0x04,0xbb,0x9c,0x6b,
-	0xb3,0x14,0x9d,0xb7,0xb4,0xa9,0x63,0x3f,0xdc,0xe8,
-	0x0c,0x05,0xa8,0x76,0xab,0xa1,0xbb,0x23,0x1d,0x6a,
-	0xcd,0x31,0xbc,0x19,0xb5,0x49,0xa1,0x71,0xee,0x93,
-	0x46,0x71,0xce,0xba,0xd2,0xa8,0x4e,0x08,0x8d,0x7b,
-	0x85,0x3d,0x77,0x46,0x9a,0x71,0x71,0xeb,0x03,0x5c,
-	0xd2,0x0f,0xb1,0xf4,0x78,0xb4,0xf4,0x8d,0xd4,0xd9,
-	0x9b,0x79,0x99,0xce,0x9b,0xa9,0x38,0xaa,0xd6,0x76,
-	0x9f,0x9c,0xb1,0xbd,0xd3,0x7c,0x18,0x54,0x62,0xbc,
-	0x54,0x2a,0x0f,0xef,0x76,0x39,0xd5,0x10,0x2f,0xbf,
-	0xc5,0x60,0x92,0x21,0x99,0x46,0xbc,0x36,0x65,0x0b,
-	0x31,0xb6,0x6f,0xa8,0x5d,0x8e,0x2f,0xf0,0xed,0x86,
-	0x8c,0xf2,0x2a,0x83,0xa7,0x34,0x11,0x06,0xd9,0x6f,
-	0xb3,0xf5,0x7b,0x31,0x45,0x17,0x5a,0xdc,0x22,0xc3,
-	0xe8,0xe1,0x89,0x78,0xde,0xae,0x49,0x1a,0x5f,0x4d,
-	0x06,0xf6,0xb5,0x23,0x66,0xe0,0x00,0xd6,0x37,0x8d,
-	0xb4,0x5b,0x67,0xb0,0xdb,0x7a,0x10,0x03,0x91,0x64,
-	0xa6,0xaa,0xc6,0x30,0x49,0x3c,0x81,0x72,0x57,0x9f,
-	0xd9,0x72,0xae,0xa9,0xce,0xa6,0xf3,0x02,0x82,0x01,
-	0x01,0x00,0xa3,0x69,0x55,0xe0,0xf6,0xe9,0x52,0xaf,
-	0xb1,0x41,0xc3,0xfb,0xbe,0x56,0x36,0x25,0x6a,0xef,
-	0xfa,0x75,0x47,0x9d,0xaf,0xc9,0x63,0x4e,0xfd,0x42,
-	0xab,0x9c,0xde,0x9c,0x5e,0x29,0xb3,0xd2,0xfe,0x64,
-	0x10,0xd0,0xe5,0x8f,0x7c,0x50,0xe8,0x27,0xba,0xbf,
-	0xa9,0x5c,0x29,0xb9,0xbb,0x39,0xc1,0x27,0x60,0x28,
-	0xf4,0xd8,0x44,0x95,0x12,0x35,0xa1,0x99,0xc7,0xd4,
-	0xf3,0xdd,0xcd,0x02,0xb2,0x28,0x7f,0x6d,0x15,0x58,
-	0x2b,0x6e,0x14,0x7a,0xe6,0x24,0x75,0xea,0xf6,0x7d,
-	0x66,0x9f,0x93,0xec,0x43,0x07,0x8a,0x2c,0x17,0x6d,
-	0x9e,0x2a,0x7b,0x29,0x29,0x0b,0xbe,0x1c,0x2c,0x8f,
-	0xee,0xb8,0x35,0xae,0xb4,0x7c,0x21,0x89,0xda,0x37,
-	0xc9,0x35,0xcc,0xf9,0x43,0x10,0xa1,0x79,0xb5,0xa3,
-	0x86,0xf3,0xc3,0x83,0xff,0xd5,0xc1,0x9e,0xa5,0xe1,
-	0x49,0x7f,0x4b,0x47,0xcd,0x35,0x57,0x06,0x39,0x84,
-	0xad,0x76,0x50,0x7e,0x37,0x31,0x1e,0x48,0x12,0x23,
-	0x63,0xc5,0xdb,0x09,0x51,0x1a,0xb9,0x1f,0x93,0x74,
-	0x9d,0x11,0xc8,0xdb,0xb5,0xeb,0xac,0x99,0x29,0x7f,
-	0x02,0xa7,0x8f,0x84,0x31,0x4b,0x33,0xae,0x5c,0xae,
-	0xdd,0xf0,0xa7,0x03,0x8e,0xef,0xac,0x6a,0x22,0x51,
-	0xae,0x8b,0x7e,0x90,0x03,0xe2,0x5e,0x92,0x3a,0xd0,
-	0x7e,0x86,0xf1,0xe1,0xc1,0x9d,0xd9,0x8d,0x4d,0xf7,
-	0xe8,0xb1,0xe3,0x52,0x93,0x3b,0xe7,0xbc,0xa3,0x02,
-	0xd2,0x29,0x25,0x4c,0x1e,0xd8,0x84,0xf1,0xf5,0x8f,
-	0xc0,0xef,0xba,0xb6,0x2f,0xfd,0x81,0x6f,0xd5,0x01,
-	0x2e,0xa1,0xa9,0xce,0x06,0x49,0x8d,0x3f,0x02,0x82,
-	0x01,0x00,0x16,0x9d,0x20,0x3d,0x22,0x4b,0x98,0x8c,
-	0x06,0x4b,0x04,0x3c,0xbe,0x1a,0x58,0xfb,0x64,0x4e,
-	0xcd,0x00,0xbf,0xdb,0xc5,0xd7,0x84,0xa8,0x67,0x43,
-	0xde,0xdd,0xf3,0x0a,0x1e,0x47,0x30,0x24,0xe1,0xec,
-	0x57,0xb1,0x99,0x2a,0xc8,0x4a,0x5f,0xa8,0x6c,0x3a,
-	0x3d,0x45,0x7f,0x09,0x33,0x18,0xc1,0x7d,0xa2,0x43,
-	0x55,0x35,0xec,0xb8,0x68,0x04,0x1a,0x9d,0xf2,0xa2,
-	0x42,0xe4,0x39,0x73,0xaa,0xaf,0xec,0x6f,0xf8,0x6c,
-	0xfb,0x7e,0x81,0x25,0xef,0x90,0x2e,0xcf,0x96,0xe5,
-	0x19,0x4d,0x80,0xd4,0x75,0xe0,0x18,0x7a,0xd9,0x91,
-	0x9f,0xb1,0x9e,0x4e,0xb2,0x09,0xe8,0x06,0x01,0xed,
-	0x82,0x02,0xc1,0xb0,0xd8,0x9b,0x51,0x3a,0x65,0x2a,
-	0x9c,0xe6,0x7d,0xea,0xcd,0xad,0xe4,0x0a,0x4f,0x09,
-	0x96,0xb9,0xe8,0x5b,0xc0,0xe1,0xa3,0xb9,0xf8,0x43,
-	0x12,0x89,0x5b,0xa3,0x5e,0x13,0x19,0xf3,0x70,0x69,
-	0xf1,0x21,0x23,0x2b,0x63,0x5b,0x3c,0x7f,0xf0,0xbe,
-	0x40,0xcd,0x46,0x6d,0xb6,0xca,0x1b,0xc8,0xe5,0xb8,
-	0x38,0x23,0x93,0xfd,0xe0,0x4a,0xe8,0xb9,0xef,0x24,
-	0xf2,0xff,0x24,0x9f,0x0b,0x5c,0x93,0x3f,0xa8,0xa6,
-	0x46,0x45,0xc2,0xeb,0x1e,0x49,0xc8,0xc7,0xde,0xc3,
-	0x90,0x49,0xd7,0xfb,0x4e,0xce,0x62,0x54,0x33,0x7f,
-	0xc1,0xfa,0x36,0xdb,0xa1,0x12,0x1a,0xef,0xb8,0x61,
-	0xc5,0x20,0xf9,0xe6,0xbf,0x76,0xc0,0x46,0xda,0x0a,
-	0xf1,0x4a,0x1b,0x80,0xdd,0xe5,0xd9,0x55,0x66,0x5a,
-	0xd2,0xb6,0xf7,0x7c,0x6a,0x2a,0x55,0x58,0xc2,0x27,
-	0xa9,0xe8,0x19,0x83,0x04,0x31,0xf3,0xa9,0x02,0x82,
-	0x01,0x00,0x5f,0x4d,0xd9,0x71,0x24,0x28,0x84,0xbd,
-	0x39,0x5a,0x17,0x19,0x78,0x0a,0x95,0x01,0xf7,0x42,
-	0x23,0x16,0xb9,0x86,0x51,0x4b,0xa0,0x59,0x0e,0x30,
-	0xf3,0xa2,0x61,0xbd,0x66,0x4e,0xa7,0x26,0xc0,0xdc,
-	0xa7,0x31,0x94,0x1e,0xc2,0x96,0x41,0xe6,0x91,0x4e,
-	0x6c,0x9a,0xcc,0x80,0xf4,0xb8,0x0a,0x06,0x58,0xb1,
-	0x20,0x16,0x89,0xb0,0xaa,0x2a,0x31,0x0c,0x7c,0xae,
-	0x79,0x1e,0x63,0x9a,0x3c,0x8c,0xc4,0x02,0x51,0x3a,
-	0x58,0x75,0xf7,0xb7,0x2c,0x02,0xc8,0x4c,0x8b,0x09,
-	0xd2,0x69,0xff,0xcd,0xa3,0x5d,0x9b,0x09,0x1c,0x27,
-	0xb5,0xc0,0xf0,0x0c,0xa7,0x54,0xc0,0xef,0x86,0x0b,
-	0x20,0x71,0x46,0x04,0xe4,0x02,0x82,0x7b,0xac,0x26,
-	0x80,0xc3,0xb1,0x22,0x19,0x6f,0xc6,0x3a,0xdd,0xdc,
-	0x68,0x3d,0x95,0x5c,0xff,0xc5,0xbf,0x0c,0xf1,0x8f,
-	0x5e,0xca,0x74,0xd0,0xf3,0xa9,0xe3,0x21,0x34,0x11,
-	0x11,0xd9,0xc1,0x91,0x65,0xc0,0xde,0x54,0x2e,0xb5,
-	0xac,0x17,0xb1,0x46,0x3f,0x8e,0xbe,0xbc,0x48,0x0c,
-	0x96,0x4f,0x48,0x13,0xd4,0x4e,0xb5,0xe4,0xc4,0xbe,
-	0x55,0xe8,0x7b,0x00,0x36,0x1b,0xd0,0x85,0x24,0xdb,
-	0x29,0xaf,0x76,0x82,0xb5,0x90,0xcb,0xb1,0xbd,0xb4,
-	0x45,0x57,0x61,0xcd,0x6e,0xa8,0x23,0xf2,0x7a,0x47,
-	0x4e,0x01,0x52,0x92,0x55,0x61,0xe5,0xd0,0x4e,0x0a,
-	0xe7,0x18,0x65,0xf1,0x33,0x2b,0x71,0xf3,0x4b,0x8b,
-	0xdb,0x28,0x63,0x65,0x9b,0x02,0x5d,0x00,0xc1,0xd1,
-	0x26,0x9d,0x2a,0x15,0x12,0xf2,0xc8,0xd9,0xb9,0x87,
-	0x56,0x2c,0xe7,0xa6,0x6d,0xc2,0xd7,0x6b,
+	0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
+	0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
+	0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
+	0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
+	0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
+	0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
+	0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
+	0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
+	0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
+	0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
+	0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
+	0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
+	0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
+	0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
+	0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
+	0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
+	0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
+	0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
+	0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
+	0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
+	0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
+	0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
+	0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
+	0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
+	0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
+	0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
+	0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
+	0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
+	0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
+	0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
+	0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
+	0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
+	0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
+	0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
+	0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
+	0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
+	0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
+	0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
+	0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
+	0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
+	0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
+	0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
+	0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
+	0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
+	0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
+	0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
+	0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
+	0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
+	0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
+	0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
+	0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
+	0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
+	0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
+	0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
+	0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
+	0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
+	0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
+	0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
+	0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
+	0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
+	0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
+	0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
+	0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
+	0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
+	0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
+	0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
+	0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
+	0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
+	0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
+	0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
+	0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
+	0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
+	0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
+	0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
+	0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
+	0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
+	0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
+	0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
+	0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
+	0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
+	0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
+	0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
+	0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
+	0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
+	0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
+	0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
+	0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
+	0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
+	0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
+	0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
+	0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
+	0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
+	0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
+	0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
+	0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
+	0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
+	0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
+	0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
+	0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
+	0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
+	0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
+	0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
+	0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
+	0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
+	0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
+	0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
+	0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
+	0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
+	0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
+	0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
+	0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
+	0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
+	0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
+	0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
+	0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
+	0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
+	0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
+	0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
+	0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
+	0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
+	0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
+	0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
+	0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
+	0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
+	0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
+	0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
+	0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
+	0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
+	0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
+	0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
+	0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
+	0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
+	0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
+	0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
+	0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
+	0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
+	0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
+	0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
+	0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
+	0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
+	0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
+	0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
+	0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
+	0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
+	0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
+	0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
+	0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
+	0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
+	0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
+	0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
+	0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
+	0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
+	0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
+	0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
+	0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
+	0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
+	0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
+	0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
+	0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
+	0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
+	0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
+	0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
+	0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
+	0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
+	0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
+	0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
+	0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
+	0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
+	0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
+	0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
+	0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
+	0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
+	0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
+	0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
+	0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
+	0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
+	0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
+	0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
+	0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
+	0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
+	0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
+	0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
+	0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
+	0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
+	0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
+	0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
+	0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
+	0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
+	0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
+	0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
+	0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
+	0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
+	0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
+	0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
+	0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
+	0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
+	0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
+	0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
+	0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
+	0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
+	0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
+	0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
+	0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
+	0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
+	0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
+	0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
+	0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
+	0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
+	0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
+	0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
+	0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
+	0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
+	0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
+	0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
+	0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
+	0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
+	0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
+	0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
+	0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
+	0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
+	0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
+	0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
+	0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
+	0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
+	0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
+	0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
+	0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
+	0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
+	0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
+	0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
+	0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
+	0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
+	0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
+	0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
 	};

apps/verify.c

@@ -1,5 +1,5 @@
 /* apps/verify.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -97,7 +97,7 @@ char **argv;
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	argc--;
 	argv++;
@@ -141,6 +141,7 @@ char **argv;
 		X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 
 
+	ERR_clear_error();
 	if (argc < 1) check(cert_ctx,NULL);
 	else
 		for (i=0; i<argc; i++)

apps/version.c

@@ -1,5 +1,5 @@
 /* apps/version.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -71,13 +71,13 @@ int argc;
 char **argv;
 	{
 	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0;
+	int cflags=0,version=0,date=0,options=0,platform=0;
 
 	apps_startup();
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	if (argc == 1) version=1;
 	for (i=1; i<argc; i++)
@@ -90,11 +90,13 @@ char **argv;
 			cflags=1;
 		else if (strcmp(argv[i],"-o") == 0)
 			options=1;
+		else if (strcmp(argv[i],"-p") == 0)
+			platform=1;
 		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=1;
+			date=version=cflags=options=platform=1;
 		else
 			{
-			BIO_printf(bio_err,"usage:version [-a] [-v] [-b] [-o] [-f]\n");
+			BIO_printf(bio_err,"usage:version -[avbofp]\n");
 			ret=1;
 			goto end;
 			}
@@ -102,9 +104,10 @@ char **argv;
 
 	if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
 	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
 	if (options) 
 		{
-		printf("options:");
+		printf("options:  ");
 		printf("%s ",BN_options());
 #ifndef NO_MD2
 		printf("%s ",MD2_options());
@@ -121,6 +124,7 @@ char **argv;
 #ifndef NO_BLOWFISH
 		printf("%s ",BF_options());
 #endif
+		printf("\n");
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
 end:

apps/x509.c

@@ -1,5 +1,5 @@
 /* apps/x509.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WIN16
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -69,6 +69,7 @@
 #include "bn.h"
 #include "evp.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "objects.h"
 #include "pem.h"
 
@@ -79,11 +80,6 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 #define CERT_HDR	"certificate"
 
 static char *x509_usage[]={
@@ -115,7 +111,7 @@ static char *x509_usage[]={
 "                   missing, it is asssumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
-" -text           - print the certitificate in text form\n",
+" -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
 NULL
@@ -219,7 +215,7 @@ char **argv;
 			days=atoi(*(++argv));
 			if (days == 0)
 				{
-				BIO_printf(bio_err,"bad number of days\n");
+				BIO_printf(STDout,"bad number of days\n");
 				goto bad;
 				}
 			}
@@ -310,6 +306,7 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 
 	if (!X509_STORE_set_default_paths(ctx))
 		{
@@ -344,7 +341,7 @@ bad:
 			}
 
 		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE);
+			BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
 		else
 			{
 			if (BIO_read_filename(in,infile) <= 0)
@@ -373,6 +370,7 @@ bad:
 	                goto end;
 	                }
 		i=X509_REQ_verify(req,pkey);
+		EVP_PKEY_free(pkey);
 		if (i < 0)
 			{
 			BIO_printf(bio_err,"Signature verification error\n");
@@ -400,9 +398,15 @@ bad:
 		X509_gmtime_adj(X509_get_notBefore(x),0);
 	        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
 
+#if 0
 		X509_PUBKEY_free(ci->key);
 		ci->key=req->req_info->pubkey;
 	        req->req_info->pubkey=NULL;
+#else
+		pkey = X509_REQ_get_pubkey(req);
+		X509_set_pubkey(x,pkey);
+		EVP_PKEY_free(pkey);
+#endif
 		}
 	else
 		x=load_cert(infile,informat);
@@ -416,7 +420,7 @@ bad:
 
 	if (!noout || text)
 		{
-		OBJ_create_and_add_object("2.99999.3",
+		OBJ_create("2.99999.3",
 			"SET.ex3","SET x509v3 extension 3");
 
 		out=BIO_new(BIO_s_file());
@@ -445,27 +449,25 @@ bad:
 				{
 				X509_NAME_oneline(X509_get_issuer_name(x),
 					buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				BIO_printf(STDout,"issuer= %s\n",buf);
 				}
 			else if (subject == i) 
 				{
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
-				fprintf(stdout,"subject=%s\n",buf);
+				BIO_printf(STDout,"subject=%s\n",buf);
 				}
 			else if (serial == i)
 				{
-				fprintf(stdout,"serial=");
+				BIO_printf(STDout,"serial=");
 				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
-				fprintf(stdout,"\n");
+				BIO_printf(STDout,"\n");
 				}
 			else if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
-					X509_subject_name_hash(x));
+				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
 			else
-#ifndef NO_RSA
 				if (modulus == i)
 				{
 				EVP_PKEY *pkey;
@@ -473,19 +475,26 @@ bad:
 				pkey=X509_get_pubkey(x);
 				if (pkey == NULL)
 					{
-					fprintf(stdout,"Modulus=unavailable\n");
+					BIO_printf(bio_err,"Modulus=unavailable\n");
 					ERR_print_errors(bio_err);
 					goto end;
 					}
-				fprintf(stdout,"Modulus=");
+				BIO_printf(STDout,"Modulus=");
+#ifndef NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
-					fprintf(stdout,"Wrong Algorithm type");
-				fprintf(stdout,"\n");
+#endif
+#ifndef NO_DSA
+				if (pkey->type == EVP_PKEY_DSA)
+					BN_print(STDout,pkey->pkey.dsa->pub_key);
+				else
+#endif
+					BIO_printf(STDout,"Wrong Algorithm type");
+				BIO_printf(STDout,"\n");
+				EVP_PKEY_free(pkey);
 				}
 			else
-#endif
 				if (C == i)
 				{
 				unsigned char *d;
@@ -494,47 +503,49 @@ bad:
 
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
-				printf("/* subject:%s */\n",buf);
+				BIO_printf(STDout,"/* subject:%s */\n",buf);
 				m=X509_NAME_oneline(
 					X509_get_issuer_name(x),buf,256);
-				printf("/* issuer :%s */\n",buf);
+				BIO_printf(STDout,"/* issuer :%s */\n",buf);
 
 				z=i2d_X509(x,NULL);
 				m=Malloc(z);
 
 				d=(unsigned char *)m;
 				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
-				printf("unsigned char XXX_subject_name[%d]={\n",z);
+				BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
 				d=(unsigned char *)m;
 				for (y=0; y<z; y++)
 					{
-					printf("0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) printf("\n");
+					BIO_printf(STDout,"0x%02X,",d[y]);
+					if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
 					}
-				if (y%16 != 0) printf("\n");
-				printf("};\n");
+				if (y%16 != 0) BIO_printf(STDout,"\n");
+				BIO_printf(STDout,"};\n");
 
 				z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
-				printf("unsigned char XXX_public_key[%d]={\n",z);
+				BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
 				d=(unsigned char *)m;
 				for (y=0; y<z; y++)
 					{
-					printf("0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) printf("\n");
+					BIO_printf(STDout,"0x%02X,",d[y]);
+					if ((y & 0x0f) == 0x0f)
+						BIO_printf(STDout,"\n");
 					}
-				if (y%16 != 0) printf("\n");
-				printf("};\n");
+				if (y%16 != 0) BIO_printf(STDout,"\n");
+				BIO_printf(STDout,"};\n");
 
 				z=i2d_X509(x,&d);
-				printf("unsigned char XXX_certificate[%d]={\n",z);
+				BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
 				d=(unsigned char *)m;
 				for (y=0; y<z; y++)
 					{
-					printf("0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) printf("\n");
+					BIO_printf(STDout,"0x%02X,",d[y]);
+					if ((y & 0x0f) == 0x0f)
+						BIO_printf(STDout,"\n");
 					}
-				if (y%16 != 0) printf("\n");
-				printf("};\n");
+				if (y%16 != 0) BIO_printf(STDout,"\n");
+				BIO_printf(STDout,"};\n");
 
 				Free(m);
 				}
@@ -545,13 +556,13 @@ bad:
 			else if (startdate == i)
 				{
 				BIO_puts(STDout,"notBefore=");
-				ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+				ASN1_TIME_print(STDout,X509_get_notBefore(x));
 				BIO_puts(STDout,"\n");
 				}
 			else if (enddate == i)
 				{
 				BIO_puts(STDout,"notAfter=");
-				ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+				ASN1_TIME_print(STDout,X509_get_notAfter(x));
 				BIO_puts(STDout,"\n");
 				}
 			else if (fingerprint == i)
@@ -565,10 +576,10 @@ bad:
 					BIO_printf(bio_err,"out of memory\n");
 					goto end;
 					}
-				fprintf(stdout,"MD5 Fingerprint=");
+				BIO_printf(STDout,"MD5 Fingerprint=");
 				for (j=0; j<(int)n; j++)
 					{
-					fprintf(stdout,"%02X%c",md[j],
+					BIO_printf(STDout,"%02X%c",md[j],
 						(j+1 == (int)n)
 						?'\n':':');
 					}
@@ -602,6 +613,7 @@ bad:
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
+				
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
 					CApkey,
 					CAserial,CA_createserial,days))
@@ -625,7 +637,7 @@ bad:
 
 				BIO_printf(bio_err,"Generating certificate request\n");
 
-				rq=X509_to_X509_REQ(x,pk);
+				rq=X509_to_X509_REQ(x,pk,EVP_md5());
 				EVP_PKEY_free(pk);
 				if (rq == NULL)
 					{
@@ -687,6 +699,7 @@ end:
 	if (Upkey != NULL) EVP_PKEY_free(Upkey);
 	if (CApkey != NULL) EVP_PKEY_free(CApkey);
 	if (rq != NULL) X509_REQ_free(rq);
+	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
@@ -710,7 +723,9 @@ int days;
 	X509_STORE_CTX xsc;
 	EVP_PKEY *upkey;
 
-	EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+	upkey = X509_get_pubkey(xca);
+	EVP_PKEY_copy_parameters(upkey,pkey);
+	EVP_PKEY_free(upkey);
 
 	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
 	buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
@@ -802,6 +817,12 @@ int days;
 	if (!reqfile && !X509_verify_cert(&xsc))
 		goto end;
 
+	if (!X509_check_private_key(xca,pkey))
+		{
+		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+		goto end;
+		}
+
 	if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
 	if (!X509_set_serialNumber(x,bs)) goto end;
 
@@ -812,14 +833,17 @@ int days;
 	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
 		goto end;
 
-	/* don't save DSA parameters in child if parent has them. */
+	/* don't save DSA parameters in child if parent has them
+	 * and the parents and the childs are the same. */
 	upkey=X509_get_pubkey(x);
-	if (!EVP_PKEY_missing_parameters(pkey))
+	if (!EVP_PKEY_missing_parameters(pkey) &&
+		(EVP_PKEY_cmp_parameters(pkey,upkey) == 0))
 		{
 		EVP_PKEY_save_parameters(upkey,0);
 		/* Force a re-write */
 		X509_set_pubkey(x,upkey);
 		}
+	EVP_PKEY_free(upkey);
 
 	if (!X509_sign(x,pkey,digest)) goto end;
 	ret=1;
@@ -854,15 +878,15 @@ X509_STORE_CTX *ctx;
 	 * DEPTH_ZERO_SELF_.... */
 	if (ok)
 		{
-		printf("error with certificate to be certified - should be self signed\n");
+		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
 		return(0);
 		}
 	else
 		{
 		err_cert=X509_STORE_CTX_get_current_cert(ctx);
 		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
-		printf("%s\n",buf);
-		printf("error with certificate - error %d at depth %d\n%s\n",
+		BIO_printf(bio_err,"%s\n",buf);
+		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
 			err,X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(err));
 		return(1);
@@ -1020,8 +1044,12 @@ int days;
 EVP_MD *digest;
 	{
 
-	EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
-	EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+	EVP_PKEY *pktmp;
+
+	pktmp = X509_get_pubkey(x);
+	EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_save_parameters(pktmp,1);
+	EVP_PKEY_free(pktmp);
 
 	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
 	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;

bugs/alpha.c

@@ -1,5 +1,5 @@
 /* bugs/alpha.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written

bugs/sgiccbug.c

@@ -7,6 +7,8 @@
 /* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
  * the only versions of IRIX I have access to.
  * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage <agage@forgetmenot.Mines.EDU>
  */
  
 /* Compare the output from

bugs/stream.c

@@ -1,5 +1,5 @@
 /* bugs/stream.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written

bugs/ultrixcc.c

@@ -0,0 +1,45 @@
+#include <stdio.h>
+
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+ * What happens is that the compiler, due to the (a)&7,
+ * does
+ * i=a&7;
+ * i--;
+ * i*=4;
+ * Then uses i as the offset into a jump table.
+ * The problem is that a value of 0 generates an offset of
+ * 0xfffffffc.
+ */
+
+main()
+	{
+	f(5);
+	f(0);
+	}
+
+int f(a)
+int a;
+	{
+	switch(a&7)
+		{
+	case 7:
+		printf("7\n");
+	case 6:
+		printf("6\n");
+	case 5:
+		printf("5\n");
+	case 4:
+		printf("4\n");
+	case 3:
+		printf("3\n");
+	case 2:
+		printf("2\n");
+	case 1:
+		printf("1\n");
+#ifdef FIX_BUG
+	case 0:
+		;
+#endif
+		}
+	}	
+

certs/ICE-CA.pem

@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----

certs/ICE-root.pem

@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----

certs/ICE-user.pem

@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----

certs/ICE.crl

@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----

certs/expired/ICE-CA.pem

@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----

certs/expired/ICE-root.pem

@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----

certs/expired/ICE-user.pem

@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----

certs/expired/ICE.crl

@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----

certs/vsign1.pem

@@ -1,15 +1,17 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2020 GMT
 -----BEGIN CERTIFICATE-----
-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
+zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
+TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ
+mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM
+VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF
 -----END CERTIFICATE-----
-

certs/vsign2.pem

@@ -1,31 +1,18 @@
- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-
+subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
+oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
+uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
+v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
+G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
+1Q==
 -----END CERTIFICATE-----
-

certs/vsign3.pem

@@ -1,16 +1,18 @@
- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
 -----END CERTIFICATE-----